Shared Assessments is pleased to announce that the Standard Information Gathering Questionnaire (SIG) mapping is now incorporated into the Secure Controls Framework (SCF) catalog of controls. This was a collaborative endeavor between Shared Assessments and the SCF.
Users of the Shared Assessments SIG will now be able to map directly to SCF’s comprehensive controls catalog & mappings using questions in the SIG. This collaboration expands the SIG library related to third party risk management.
When using the SCF, users of the Shared Assessments SIG will be able to see how questions within the SIG map to authoritative sources and related regulatory guidelines or standards. The SCF can be downloaded here.
By viewing the “Authoritative Sources” tab in the SCF, users can browse through columns of national and international authorities and corresponding regulations. Within these columns, rows contain the exact question numbers within the SIG.
Users can also cross-reference SCF’s control questions with SIG control questions. In this way, the SCF serves as a translation table.
Notable national authoritative sources and related guidelines/standards include:
Notable international authoritative sources and related guidelines/standards include:
The SCF stands for the Secure Controls Framework. More than an assortment of cybersecurity controls, the SCF is focused on designing, implementing and maintaining SECURE solutions to address all applicable statutory, regulatory and contractual requirements that an organization faces.
The SCF has the ambitious goal of providing free cybersecurity and privacy control guidance to cover the strategic, operational and tactical needs of organizations, regardless of its size, industry or country of origin.
The SCF is designed to empower organizations to design, implement and manage both cybersecurity and privacy principles to address strategic, operational and tactical guidance. It is far more than building for compliance – we know that if you build-in security and privacy principles, complying with statutory, regulatory and contractual obligations will come naturally.
This release is the first of two planned updates to the SCF catalog this year that will include the Shared Assessments SIG. The second release will occur this coming fall during the 2023 Shared Assessments Third Party Risk Management Toolkit launch.
With the 2023 Third Party Risk Management Toolkit launch, we anticipate expanding the existing content library in the SIG by our traditional and vetted means using the SCF as a springboard for our alignment with authoritative sources.