Under active development — Content is continuously updated and improved · Last updated Feb 18, 2026, 2:55 AM UTC

Home / Frameworks / SCF / CPL — Compliance

CPL — Compliance

Official SCF Download

35 controls in the Compliance domain

CPL-01Statutory, Regulatory & Contractual Compliance

CPL-01.1Non-Compliance Oversight

CPL-01.2Compliance Scope

CPL-01.3Ability To Demonstrate Conformity

CPL-01.4Conformity Assessment

CPL-01.5Declaration of Conformity

CPL-01.6Assessment Team Subject Matter Expertise

CPL-02Cybersecurity & Data Protection Controls Oversight

CPL-02.1Internal Audit Function

CPL-02.2Periodic Audits

CPL-02.3Corrective Action

CPL-03Cybersecurity & Data Protection Assessments

CPL-03.1Independent Assessors

CPL-03.2Functional Review Of Cybersecurity & Data Protection Controls

CPL-03.3Assessor Access

CPL-03.4Assessment Methods

CPL-03.5Assessment Rigor

CPL-03.6Evidence Request List (ERL)

CPL-03.7Evidence Sampling

CPL-04Audit Activities

CPL-05Legal Assessment of Investigative Inquires

CPL-05.1Investigation Request Notifications

CPL-05.2Investigation Access Restrictions

CPL-06Government Surveillance

CPL-07Grievances

CPL-07.1Grievance Response

CPL-08Localized Representation

CPL-08.1Representative Powers

CPL-09Control Reciprocity

CPL-10Control Inheritance

CPL-11Dual Use Technology

CPL-11.1USML or CCL Identification

CPL-11.2Export-Controlled Access Restrictions

CPL-11.3Export Activities Documentation

CPL-12Statement of Applicability (SOA)

← Back to all controls