SCF-B Business Mergers & Acquisitions

The SCF-B is a subset of the SCF that is tailored for evaluating the cybersecurity and privacy risks associated with Mergers & Acquisitions (M&A) due diligence. Due to the potentially complicated nature of the M&A evaluation, we designed the SCF-B to be comprehensive in nature. The following frameworks are leveraged to identify appropriate cybersecurity and privacy controls that should be evaluated as part of M&A due diligence activities: 

  • SOC2


  • COBITv5

  • COSO


  • GAPP

  • ISO 27002

  • ISO 31000

  • ISO 31010

  • NIST 800-160

  • NIST Cybersecurity Framework

  • OWASP Top 10

  • UL 2900-1


To see the mappings between the SCF-B controls, sign up for a free account and download the complete SCF. You can customize the SCF for your own specific needs!