Secure Controls Framework (SCF) Extra

Secure Controls Framework (SCF) Extra

The Secure Controls Framework (SCF) Extra is a direct integration between the Secure Controls Framework and SimpleRisk. Enabling it allows you to select from over 200 different frameworks that have been mapped across over 1,000 security and privacy related common controls. This includes many frameworks heavily used by organizations today, such as ISO 27001, NIST CSF, PCI DSS, GDPR, COBIT, COSO and more!

What are SimpleRisk Extras?

SimpleRisk Core is our widely acclaimed, award winning, free and open source product that has been downloaded over 80,000 times and contains all of the basic Governance, Risk Management and Compliance (GRC) functionality needed to establish a foundational GRC program. As an organization’s GRC program matures, extended functionality is often required to meet requirements beyond what is available in the SimpleRisk Core offering.

To address these expanded needs, SimpleRisk has developed a variety of plug-and-play modules termed "Extras" that provide functionality above and beyond our SimpleRisk Core offering. These plug-and-play modules will be essential to the success of your GRC program as your organization grows and matures its processes. While all of our Extras are available in packaged bundles with both SimpleRisk On-Premise and Hosted deployment models, they can also be purchased A La Carte for those organizations that choose to deploy our platform on-premise.

Why was the Secure Controls Framework (SCF) created?

The SimpleRisk partnership and integration with Secure Controls Framework (SCF) allows SimpleRisk users to map all of the controls and frameworks to risks and dynamically build both standard and maturity Risk Assessment Questionnaires with the click of a button. Automating this process is not only simple, but has proven to be a huge time saver. Since Secure Controls Framework (SCF) is a Common Control Framework, you also have the ability to apply individual controls to multiple frameworks simultaneously, which offers tremendous time and efficiency benefits from a risk management, risk assessment, audit and compliance perspective.

While the controls contained in the ComplianceForge framework are free, ComplianceForge also offers their ComplianceForge Digital Security Program that includes the control objectives, standards, guidelines, metrics & maturity target criteria that govern your security & privacy program.

How is the Secure Controls Framework (SCF) Extra used?

The SimpleRisk integration with Secure Controls Framework (SCF) streamlines many of the native GRC processes available in SimpleRisk. These two systems work in concert enabling users to more effectively leverage SimpleRisk’s foundational GRC functionality. For example, you can:

  • Simplify compliance audits by performing control tests for multiple frameworks simultaneously;
  • Link risks & controls to multiple frameworks automatically to identify your highest risk exposure;
  • Dynamically generate risk assessment and/or maturity questionnaires for over 200 frameworks.

Compliance Forge

What users would benefit from the Secure Controls Framework (SCF) Extra?

SimpleRisk integration with the Secure Controls Framework (SCF) Extra primarily benefits Compliance Teams and Managers, but also extends benefits to Security Practitioners, and Executive Management.

Which plans include the Secure Controls Framework (SCF) Extra?

The Secure Controls Framework (SCF) Extra is available as a Free Extra that can be activated by anyone who registers a SimpleRisk instance and as such, is included with SimpleRisk Core, our free and open source product and all SimpleRisk plans.

The ComplianceForge Digital Security Program (DSP) that contains the control objectives, standards, guidelines, metrics & maturity target criteria that govern your security & privacy program can be purchased as a pass through cost through SimpleRisk directly for a one-time fee of $9,500 USD.  There is an optional annual support fee for each subsequent renewal, if you would like to continue to receive updates.

How can I learn more about the Secure Controls Framework (SCF) Extra or try it out for myself?

To learn more about the Secure Controls Framework (SCF) Extra or discuss specific use cases for how your organization could use it, feel free to schedule a demo online. If you would like to try out the Secure Controls Framework (SCF) Extra functionality for yourself, we offer a free (no credit card required!) 30 day trial. Please reach out to SimpleRisk Support if you have any additional questions about the Secure Controls Framework (SCF) Extra or any of the additional functionality that we offer.