The Supply Chain Assurance Framework (SCAF) is an ISF-led initiative including AICPA, ISACA, CSA, IAOP, and IAPP. SCAF addresses a key challenge: the inability to translate information security requirements and assurances between the world’s 50 standards and 550 regulations without expensive expert advice.

The Supply Chain Assurance Framework allows Acquirers and Suppliers to understand, comply and assure information security arrangements required, based on risk, regulation, functional, geographic and other requirements.

SCAF will help Acquirers and Suppliers reduce cost, improve Supplier assurance and increase understanding and management by:

  • Providing a risk analysis model that can be used by procurement and legal staff to define information security requirements for predictable and lower risk transactions
  • Allowing information risk and control to be built into procurement without expensive expert intervention
  • Assisting Acquirers to identify areas of greater risk to define more detailed assurance requirements from a Supplier
  • Suggesting appropriate controls to mitigate common information risks within the supply chain
  • Allowing Suppliers to identify and cite controls specified in different standards they may use as being equivalent, saving costs and expanding assurance.

SCAF is aligned with major international standards such as the ISF Standard of Good Practice for Information Security (the Standard), AICPA Trust Services Principles and ISO/IEC 27036 and will harness the mappings of the Unified Compliance Framework to help identify equivalence and gaps between commonly used standards.

Executive Summary

Supply Chain Assurance Framework (SCAF)

Please fill out the form below to download a complimentary Executive Summary.

Please provide your details to download this document:

Please check this box to confirm that you have read and agree with our Privacy Policy and Terms Of Use

By downloading this document you agree to being contacted by the ISF.

Please enter the email address you previously registered with to access the download: