Standardized Information Gathering (SIG)

2023 SIG Mapping to SCF’s Comprehensive Controls

Shared Assessments is pleased to announce that the Standard Information Gathering Questionnaire (SIG) 2023 mapping is now incorporated into the Secure Controls Framework (SCF) catalog of controls version 2022.3. This was a collaborative endeavor between Shared Assessments and the SCF.

Benefits of Using SCF Alongside the SIG

Users of the Shared Assessments SIG will now be able to map directly to SCF’s comprehensive controls catalog & mappings using questions in the SIG. This collaboration expands the SIG library related to third-party risk management.

How will users access this new functionality?

When using the SCF, users of the Shared Assessments SIG will be able to see how questions within the SIG map to authoritative sources and related regulatory guidelines or standards. The SCF can be downloaded here.

By viewing the “Authoritative Sources” tab in the SCF, users can browse through columns of national and international authorities and corresponding regulations. Within these columns, rows contain the exact question numbers within the SIG.

Users can also cross-reference SCF’s control questions with SIG control questions. In this way, the SCF serves as a translation table.

What authoritative sources and regulatory guidelines/standards are connected by the SCF to the SIG?

• Australian Government Information Security Manual (ISM) September 2022

• BSI Standard 200-1

• California Privacy Rights Act (CPRA) – November 2022 version

• Cybersecurity Capability Maturity Model (C2M2) v2.1

• Illinois Biometric Information Privacy Act (PIPA)

• Illinois Identity Protection Act (IPA)

• ISO 27017:2015

• ISO 27001:2022

• Japan Information System Security Management and Assessment Program (ISMAP)

• New Zealand NZISM 3.6

What is the Secure Controls Framework (SCF)?

The SCF stands for the Secure Controls Framework. More than an assortment of cybersecurity controls, the SCF is focused on designing, implementing and maintaining SECURE solutions to address all applicable statutory, regulatory and contractual requirements that an organization faces.

The SCF has the ambitious goal of providing free cybersecurity and privacy control guidance to cover the strategic, operational and tactical needs of organizations, regardless of its size, industry or country of origin.

The SCF is designed to empower organizations to design, implement and manage both cybersecurity and privacy principles to address strategic, operational and tactical guidance. It is far more than building for compliance – we know that if you build-in security and privacy principles, complying with statutory, regulatory and contractual obligations will come naturally.