SCF Controls Platform

ABTWhy this exists

Compliance theatre wastes everyone's time.

SCF Controls Platform is built by a practising GRC consultant who got tired of two things: tools that look certified instead of helping you become certifiable, and spreadsheets that collapse the moment a second framework arrives.

The platform exists to do the unglamorous work properly — track every control, score evidence honestly, link risk to treatment — so that the humans can spend their time on judgement instead of bookkeeping.

ABT-01The foundation

Built on the Secure Controls Framework™

The Secure Controls Framework™ (SCF) is a comprehensive cybersecurity and data privacy metaframework maintained by a global community of volunteer specialists — 1,451 controls mapped to 354+ laws, regulations and standards. Rather than inventing a proprietary control set, this platform operationalises the SCF directly: its catalog, its mappings, its evidence expectations.

ABT-02Principles

How the work gets done.

PRN-01

Honest evidence

L0–L5 means what it says. A maturity score is a statement about what an auditor will find, not a colour on a dashboard. The platform never inflates posture to make anyone feel better.

PRN-02

Framework-native

The Secure Controls Framework™ is the data model, not a marketing layer. Controls, mappings and evidence requirements come from the framework itself, so your work transfers to whatever standard you're assessed against.

PRN-03

Built with practitioners

Features come from real client engagements, not a roadmap workshop. If something exists in the product, a practitioner needed it to get through an audit.

Free, open source, and yours to run.

No pricing tiers, no seat licences, no lock-in. Read the source, self-host it on your own infrastructure, and contribute back.