Coming Soon: 2026 SIG Workbook: Key Updates and Enhancements

The Shared Assessments Standardized Information Gathering (SIG) Questionnaire has long been the industry’s most trusted third-party risk assessment tool—used by thousands of organizations globally to assess vendor controls efficiently and consistently. With the upcoming September 19, 2025 release, the SIG Workbook gains powerful new features and content that reflect the evolving risk landscape—including AI governance, data privacy, and operational resilience.

Here’s what you can expect and how these updates make SIG smarter, sharper, and more aligned to today’s regulatory and risk realities. Stay connected for additional release details and updated guidance from Shared Assessments.

Expanded Content: Reflecting the Modern Risk Landscape

The SIG Workbook now includes references to newly relevant and rapidly maturing frameworks:

• ISO 42001 – Artificial Intelligence Management Systems: As AI rapidly reshapes industries, governance standards are evolving just as fast. The SIG now references ISO 42001, providing organizations a structured approach to responsible AI management, including oversight of AI lifecycle stages such as data collection, model training, deployment, and monitoring. This ensures organizations can assess third parties’ AI practices for fairness, transparency, and accountability.

• NIST SP 800-171 – Enhanced Data Privacy Mapping: The updated SIG incorporates more detailed mapping to NIST SP 800-171, improving its utility for companies managing Controlled Unclassified Information (CUI), especially those operating in or serving the Defense Industrial Base (DIB). The SIG now offers improved granularity in privacy controls, making it easier for organizations to evaluate a third party’s compliance posture against U.S. federal requirements.

• Business Resilience Council (BRC): Aligning the SIG framework with the BRC’s Operational Resilience Framework (ORF) broadens its coverage from post-event recovery to sustaining critical operations through disruptions. This alignment fortifies the SIG’s ability to anticipate, withstand, and adapt to challenges while actively reducing systemic risk and driving continuous improvement. Both frameworks are anchored in recognized industry standards, ensuring consistency, credibility, and interoperability across practices.

• ISO 27001 Annex A: To ensure consistency across frameworks, we aligned previous mappings with ISO 27001. The SIG’s content now reflects the latest ISO 27001:2022 updates, including the restructured Annex A controls. These updates introduce a modernized grouping of controls into categories such as organizational, people, physical, and technological—making it easier for users to assess a third party’s security control environment in line with today’s risk landscape. **Coming in October**

New Functionality: Designed for Real-World Use

The upcoming release introduces powerful usability enhancements based directly on member feedback:

SCA Scoping Modes: Lite, Core, and Detail

Scoping presets serve as starting points, allowing organizations to tailor their Standardized Control Assessment (SCA) based on the desired depth of review—from high-level overviews to comprehensive deep dives. This flexibility helps right-size due diligence efforts to fit the risk profile and relationship context. 

“Edit a SIG” – Now Even Smarter

• Color-Coding: Add color codes to questions and tabs to help prioritize internal reviews or designate ownership.
• Question/Tab Visibility Controls: Hide questions or tabs in a questionnaire for role-based or phased completion workflows.
• Restore Defaults: Easily revert color schemes and visibility to default settings for distribution or submission.
• Response Locking: Prevent changes after a questionnaire is marked complete—ensuring integrity in finalized assessments.

Hover Helpers Everywhere

Brief explanations will now appear when you hover over any framework, regulation, domain, or control family—bringing instant clarity without breaking focus. This feature will be available in the updated SIG, ESG SIG, and SCA. 

Building on a Proven Foundation

Since its inception, the SIG has been about unifying assessments, eliminating redundancy, and improving clarity between assessors and vendors. This release doesn’t reinvent the wheel—it sharpens it for the road ahead. From increased flexibility in how the SIG is used to deeper alignment with emerging regulations, the September release reflects the growing complexity of third-party risk while keeping assessments clear, structured, and efficient.

Mark Your Calendar

Release Date: September 19, 2025 

Need help adopting the updated SIG? Visit sharedassessments.org/sig or book a demo with our team to explore training, integration support, and how to align your internal TPRM workflows with the new release.