PLTThe platform
SCF-native, end to end.
Most tools bolt a framework onto their own data model. SCF Controls Platform is built around the Secure Controls Framework™ itself — its controls, its mappings, its evidence requirements — so the work you do is the work the framework expects.
PLT-01Capability
The full SCF control catalog
All 1,451 controls of the Secure Controls Framework™, with risk and threat context, assessment questions, maturity roadmaps and right-sizing guidance per control. Scope what applies to you; see exactly what each control expects.
PLT-02Capability
Framework mappings, out of the box
The SCF's 354+ mappings — SOC 2, ISO 27001, GDPR, NIST, and hundreds more — against one control set. Add a framework and your existing work carries over; the matrix shows precisely which controls serve which obligations.
PLT-03Capability
Evidence maturity, scored honestly
Over 200 evidence requirements, each scored L0–L5. No green dashboards over empty folders: the maturity model tells you what an auditor will actually find, and what good looks like at every level. Evidence can arrive via webhook from your own tooling.
PLT-04Capability
Risk register, linked to controls
A 5×5 risk module where risks link to the controls that treat them. Inherent and residual views, custom organisation risks, and a register you can defend in front of a board or an auditor.
PLT-05Capability
Audit engagement workspaces
Run an audit as a workspace: scope, evidence requests, findings and state tracking in one place, with a full audit trail behind every change.
PLT-06Capability
Vendor management & TPRM
A vendor registry with criticality, status and category tracking, so third-party risk lives next to the controls and risks it affects rather than in another spreadsheet.
SCP-03Built by a practitioner
SCF Controls Platform is built by a practising GRC consultant who runs real client engagements on it. It exists because compliance theatre wastes everyone's time.
Why this exists