Evidence Request List (ERL)

Overview

What Is the ERL?

The SCF’s Evidence Request List (ERL) is designed to standardize and streamline the evidence request process for a SCF-based assessment. Beyond SCF assessments, the ERL can also be used as a guidebook for identifying reasonable artifacts to demonstrate evidence of due diligence and due care for other cybersecurity and/or privacy audits or assessments.

The ERL will be utilized as part of the SCF’s Conformity Assessment Program (CAP) to identify reasonably-expected artifacts and evidence to meet applicable SCF controls, since the identified evidence artifacts are mapped to SCF controls.

Since “time is money” when it comes to an audit or assessment, the ERL is specifically designed to make assessments more efficient, and therefore less expensive. The ERL is included as one of the tabs within the SCF download.

Standardized Process

Defines a consistent set of evidence artifacts expected for each SCF control, creating a standardized process organizations can prepare for in advance.

Mapped to SCF Controls

All identified evidence artifacts are mapped directly to SCF controls, providing a traceable link between the evidence requested and control objectives.

Included in SCF Download

The ERL is available as one of the tabs included within the main SCF download — no separate purchase or subscription required.

Key Benefits

Why Use the ERL?

The ERL delivers clear advantages for both organizations undergoing assessments and the assessors performing them.

Levels the Playing Field

Establishes evidence expectations upfront so there are no surprises during an audit or assessment. Both the organization and the assessor know exactly what is expected.

Prevents Ad Hoc Requirements

Stops assessors from making up documentation requirements on the fly. The ERL provides a defined, reasonable baseline of expected evidence artifacts.

Reduces Assessment Costs

Since time is money in any audit, the ERL is specifically designed to make assessments more efficient — which translates directly into lower costs for the organization.

Mapped to SCF Controls

All identified evidence artifacts are mapped directly to SCF controls, providing a traceable link between evidence requested and control objectives being assessed.

How It Works

ERL in Practice

📋

Standardized Evidence Requests

The ERL defines a consistent set of evidence artifacts expected for each SCF control, creating a standardized process that organizations can prepare for in advance.

🔍

Guidebook for Due Diligence

Even outside of a formal SCF assessment, the ERL serves as a practical guidebook for identifying what reasonable evidence looks like for demonstrating due diligence and due care.

🤝

Part of the SCF Conformity Assessment Program (CAP)

The ERL is a core component of the SCF’s CAP, providing the formal basis for identifying the evidence needed to demonstrate compliance with applicable SCF controls.

📦

Included in the SCF Download

The ERL is available as one of the tabs included within the main SCF download — no separate purchase or subscription required.

💡

Use With the SCF’s Conformity Assessment Program

The ERL works hand-in-hand with the SCF Conformity Assessment Program (CAP) to establish a fair, predictable assessment process. Together, they ensure that both assessors and the organizations being assessed are aligned on what constitutes reasonable evidence.

Get Started

Download the ERL Today

The ERL is included as a tab within the free SCF download. No registration required.

Go To The SCF Download Page Explore Additional SCF Content

Licensed under Creative Commons. Volunteer-driven by the SCF Council. No registration required.