Maintain InfoSec compliance with the world’s best framework

Why FirmGuard uses the SCF


The Secure Controls Framework(SCF) underpins FirmGuard's GRC services. It's a meta-framework (framework of frameworks) created by GRC professionals for guiding companies' compliance with a huge range of cybersecurity and privacy requirements. Embedded within the SureCloud platform, it lets you carry across compliance data from one set of regulations and frameworks to another. 

FirmGuard has adapted the SCF to the unique circumstances of APAC businesses, keeping you strategically and operationally sound. Using our SCF toolkit, we activate or build a best-in-class framework of processes tailored to your business, removing silos, accelerating compliance and ensuring regulatory consistency. 

Secure by design

The Secure Controls Framework is security first by design. Meeting cybersecurity and privacy requirements means documenting expectations that are right-sized for your organisation.

The SCF has a buffet of 880+ available cybersecurity and privacy controls; 140 of those added by FirmGuard for the local market. We help you generate a customised control set for addressing your statutory, regulatory and contractual obligations.

FirmGuard leverages the SCF and the SureCloud GRC platform together to build out your audit-ready security program domain-by-domain.

Localised by FirmGuard

The SCF™ is cutomised by FirmGuard for compliance with local and regional security and privacy standards. We've added:



  • APRA Prudential Standard CPS234

  • APRA Prudential Guideline CPG235

  • Privacy Act of 1998

  • Australian Government Information Security Manual (ISM)

New Zealand

  • RBNZ Cyber Security & Regulatory Framework

  • Privacy Act of 1993

  • NZ Information Security Manual (ISM)


  • Monetary Authority of Singapore (MAS) Technology Risk Management (TRM) Guidelines

You may have others you would like us to tailor into the platform - contact us for more details

The information on this page has been adapted by FirmGuard, with the kind permission of the team at the Secure Controls Framework (SCF), from its website.