Secure Controls Framework Council, LLC (SCF Council) disclaims any liability whatsoever for the use of this website or the Secure Controls Framework™ (SCF). Use at your own risk.

 

If you have compliance questions, you should consult a cybersecurity or privacy professional to discuss your specific needs. This website is for educational purposes only and does not render professional services advice - it is not a substitute for dedicated professional services. There is no endorsement of any kind in the company listing of SCF Solution Providers - It is entirely your responsibility to conduct appropriate due care and due diligence in selecting and engaging with a consultant to assist in your implementation of the SCF.

SCF Council does not warrant or guarantee that the information will not be offensive to any user. User is hereby put on notice that by accessing and using the website, user assumes the risk that the information and documentation contained in the web site may be offensive and/or may not meet the needs and requirements of the user. The entire risk as to the use of this website, or its contents, is assumed by the user. ​

 

SCF Council reserves the right to refuse service, in accordance with applicable statutory and regulatory parameters.

© 2019. Secure Controls Framework Council, LLC

TM

SCF Solution Providers

This page highlights companies that have embraced the SCF as a way to help manage cybersecurity and privacy requirements. These companies range from providing SCF-related documentation, to GRC/IRM platforms, to incident response and other technology solutions.

Premium SCF Content - Policies, Standards, Procedures, Metrics & Other Documentation

 

[listed in alphabetical order]

Summary:

  • ComplianceForge is a business accelerator, taking care of the tedious and time-consuming work associated with writing comprehensive cybersecurity documentation to free you up so you can do what you do best. These  editable products are meant to address your requirements from strategic concepts all the way down to day-to-day deliverables you need to demonstrate compliance with common statutory, regulatory and contractual obligations:

  • To build an audit-ready cybersecurity and privacy program, there is a need to address "the how" for certain topics, such as vulnerability management, risk management, continuity operations, vendor management and incident response. ComplianceForge did the heavy lifting by creating program-level documents to address these needs.

  • You can also leverage this premium content as an add-on to several GRC platforms (e.g., ZenGRC, MyVCMStrike, etc.).

Governance, Risk & Compliance (GRC) & Integrated Risk Management (IRM) Platforms

 

[listed in alphabetical order]

Ignyte Logo's RGB-01.png

Ignyte Assurance Platform 

https://www.ignyteplatform.com

info@ignyteplatform.com
1-833-446-9831 

Summary:

  • Ignyte Assurance Platform is a leader in collaborative security and integrated GRC solutions for global corporations. For corporate risk and compliance officers who depend heavily on the protection of their resources, Ignyte is the ultimate translation engine for simplifying compliance across regulations, standards and guidelines.

  • The Ignyte platform is used by leading corporations in diverse industries, such as Healthcare, Defense, and Technology.

  • Ignyte operationalizes compliance for many organizations through the use of the SCF controls and can be used to facilitate a SCF Certification, based on the SCF Information Assurance Program (IAP):

    • The IAP program leverages the SCF controls and is designed to help organizations quickly get up to speed on completing information assurance tasks; and

    • Ignyte helps organizations scale these tasks to make audit-preparation and audits much more efficient.

Summary:

  • LogicGate utilizes the SCF to define how we map controls between the standards and regulations which are included as part of our core content repository.

  • LogicGate's flexible data mapping capabilities allow users to easily view relationships between these controls, as well as between other critical data objects, such as risks, assessments, evidence, policies, and assets. Through these relationships, risk teams can perform an assessment on one control framework and then easily determine the compliance status of a mapped control framework, helping to reduce the amount of time and effort spent by teams needing to ask for the same evidence or attestations over time.

  • The database technology that LogicGate is built on also enables organizations to easily adjust relationships between controls and other items as regulatory requirements and standards change.

 

Ostendio 

https://www.ostendio.com/

info@ostendio.com

+1-877-668-5658

Summary:

  • Ostendio's My Virtual Compliance Manager (MyVCM) is a cloud-based GRC/IRM platform that:

    • 1) Helps organizations understand what they need to do to build their security and risk management program;

    • 2) Operates the program across the entire organization on a day by day basis; and

    • 3) Makes it simple to demonstrate compliance across over 100 laws, regulations and industry standards, ensuring the organization is always audit ready. 

  • MyVCM fully integrates the SCF's controls and allows organizations to easily compare their security program against over 100 security and privacy frameworks by simply mapping the controls necessary for any additional standard or regulation. 

  • Everyone in the company can log in and use the platform, which makes MyVCM's licensing model the most cost-effective GRC/IRM solution for multiple-user involvement.

  • MyVCM also offers a "single-pane-of-glass" reporting, automated workflow management, and integration with some of the world’s leading platforms including OneLogin, Microsoft and Google. 

 

Reciprocity (ZenGRC)

https://www.reciprocitylabs.com

engage@reciprocitylabs.com

+1-877-440-7971

Summary:

  • Reciprocity's ZenGRC is a cloud-based GRC/IRM platform that utilizes the SCF as an available set of cybersecurity and privacy controls.

  • ZenGRC is an easy-to-use, enterprise-grade GRC/IRM solution for compliance and risk management that offers businesses efficient control tracking, testing, and enforcement.

  • ZenGRC streamlines control management to provide tangible value because it speeds up audit and vendor management tracking and consolidates risk mitigation tasks.

  • Clients can be up and running in as little as 6-8 weeks, saving time for compliance teams to focus on security work while saving time on mundane implementation tasks.

SimpleRisk_Logo_transparent.png

Summary:

  • SimpleRisk is a free and open source GRC tool that leverages the SCF, giving our customers what they've been asking for - an easy way to load up and utilize controls for various compliance frameworks. 

  • The SCF is a free downloadable "extra" within SimpleRisk.  Customers can go to the Configure > Register & Upgrade menu in any registered SimpleRisk instance and click "Download" to download and then install the SCF in that instance. 

  • Within SimpleRisk, clients are presented with a list of the frameworks represented with the SCF and the option to select which ones apply to their organization.  Applicable controls are automatically imported into the Governance functionality of SimpleRisk with mappings to their associated frameworks.  From there, customers can document exceptions, perform testing, and use the controls to plan mitigations for their risks.

 

Incident Response

[listed in alphabetical order]

 
strake-logo-homepage.png

9Yahds / Strike IR 

https://www.strakecyber.com

sales@strakecyber.com

+1-978-225-0413

Summary:

  • Simplifies cybersecurity and privacy-related incident management that can execute your procedures. This task delivery ensures personnel know exactly what to do, when and how.

  • Strake/IR software enables clients to move beyond paper – create granular and dynamic procedural details by embedding forms, links, videos and more.

 

Endpoint Protection Technologies

[listed in alphabetical order]

Summary:

  • NNT is a leader endpoint solutions that range from secure configurations, to File Integrity Monitoring (FIM), vulnerability management and log management.

  • NNT Change Tracker can provide continuous tracking of compliance and if anything changes

download.jpg

New Net Technologies (NNT)

https://www.newnettechnologies.com

USinfo@nntws.com

+1-833-446-9831 

  • White LinkedIn Icon
  • White Facebook Icon
  • White Twitter Icon
  • White Google+ Icon