The Supply Chain Assurance Framework (SCAF) is an ISF-led initiative including AICPA, ISACA, CSA, IAOP, and IAPP. SCAF addresses a key challenge: the inability to translate information security requirements and assurances between the world’s 50 standards and 550 regulations without expensive expert advice.

The Supply Chain Assurance Framework allows Acquirers and Suppliers to understand, comply and assure information security arrangements required, based on risk, regulation, functional, geographic and other requirements.

SCAF will help Acquirers and Suppliers reduce cost, improve Supplier assurance and increase understanding and management by:

  • Providing a risk analysis model that can be used by procurement and legal staff to define information security requirements for predictable and lower risk transactions
  • Allowing information risk and control to be built into procurement without expensive expert intervention
  • Assisting Acquirers to identify areas of greater risk to define more detailed assurance requirements from a Supplier
  • Suggesting appropriate controls to mitigate common information risks within the supply chain
  • Allowing Suppliers to identify and cite controls specified in different standards they may use as being equivalent, saving costs and expanding assurance.

SCAF is aligned with major international standards such as the ISF Standard of Good Practice for Information Security (the Standard), AICPA Trust Services Principles and ISO/IEC 27036 and will harness the mappings of the Unified Compliance Framework to help identify equivalence and gaps between commonly used standards.

Executive Summary

Supply Chain Assurance Framework (SCAF)

Please fill out the form below to download a complimentary Executive Summary.

Please provide your details to download this document:

The Information Security Forum (ISF) is a data controller for the personal data collected on this website.

For information on how we collect and use your personal data, please read our Privacy Notice.

Please read and agree with our Terms Of Use.

From time to time, the ISF would like to contact you regarding our latest products, services and events.

By ticking the relevant boxes below, please indicate your preferences on how you want to be contacted:

You can update your preferences at any time, or withdraw consent after submission by going to the ‘Already Registered’ tab.

Please enter the email address you previously registered with to access the download:

You have previously downloaded from our website. For more information on how we use your personal information, please see our Privacy Notice.

Please refamiliarise yourself with our Terms Of Use.

To update your preferences on how you would like to be contacted by the ISF, please indicate below:

To unsubscribe from all ISF communications. Click here: