SIG EV Questionnaire

SIG Evolution (SIG EV) is the cloud-based evolution of the SIG Questionnaire, built to modernize how TPRM teams conduct, manage, and track third-party risk assessments.

The SIG is available as a standalone product subscription and is included with all levels of Membership.

Interested in multi-year pricing? Email sales@sharedassessments.org.

$7,000 / 1 Year
Corporate License
Remove this when you have message
Demo

SIG Evolution (SIG EV)

Building on nearly two decades of SIG leadership, SIG EV delivers a secure, web-based SaaS platform that simplifies assessment creation, collaboration, grading, and validation, while aligning with current regulatory expectations and industry guidance. .

Key capabilities include:

  • Intuitive Web Interface — Create, compare, and score assessments with ease
  • Secure Sharing — Distribute assessments via one-time links, no portal needed
  • Live Dashboards — Track assessment progress at a glance
  • Built-In File Validation — Capture and organize vendor responses in one place
  • Role-Based Access — Appropriate permissions for every team

Want to learn more? Request a demo here, or explore our frequently asked questions here.

Already a member? Email membership@sharedassessments.org to review and sign terms for SIG EV and access your products through your Member Portal.

Modernized Vendor Assessments

SIG EV builds on the trusted SIG framework to deliver a centralized platform for creating, distributing, and reviewing third-party risk assessments. Guided workflows promote consistency and completeness, while built-in review tools make it faster to identify gaps and evaluate risk — all without the manual overhead of email-based file management.

 

Direct Mappings:

Widely Accepted Regulations, Frameworks and Industry Guidance

The SIG aligns with the most updated domestic and international regulatory guidance and industry standards for risk management. Since its inception, the SIG has been regularly updated for emerging global risks, regulations, guidelines, and standards for a wide range of industries.

sig government regulations

Technology Standards & Frameworks

Shared Assessments SCA 2026

ISO 27001:2022

ISO 27002:2022

ISO/IEC 27701 PIMS A 2019

ISO/IEC 42001:2023

NIST Artificial Intelligence 100-1 2023

NIST SP-800-161r1 2022

NIST SP-800-53r5.1.1 (Nov 2023)

NIST SP-800-171r3 (May 2024)

NIST Cybersecurity Framework (Apr 2018)

NIST Cybersecurity Framework 2.0 (Feb 2024)

NIST Privacy Framework (Jan 2020)

Cybersecurity Maturity Model Certification (CMMC) 2.0 2024

CIS Critical Security Controls v8 2021

Regulations, Statutes & Laws

Digital Operational Resilience Act Jan 2023 (DORA)

EBA Guidelines on Outsourcing Arrangements Mar 2019

EU GDPR 2016/679

EU NIS 2 Jan 2023

Interagency Guidance on Third-Party Relationships: Risk Management 2023

FedRamp May 2023

FFIEC CAT Tool May 2017

FFIEC IT Exam Handbook: AIO Jun 2021

FFIEC IT Exam Handbook: Business Continuity Nov 2019

FFIEC IT Exam Handbook: Mgmt Nov 2015

FFIEC IT Exam Handbook: Outsourcing Jun 2004

HIPAA Administrative Simplification Mar 2013

NYDFS 23 NYCRR 500 Nov 2023

Industry Sector Guidance

CSA CAIQ 4.0 Jun 2024

CSA Cloud Controls Matrix v4

BRC Operational Resilience Framework Nov 2022

ISA 62443-4-1 and 2 2018

North American Electric Reliability Corporation (NERC)

PCI DSS 4.0 March 2022

Learn about the regulations, standards, and guidelines to which the SIG currently (and historically) maps here >>

What’s Included In The SIG Questionnaire?

After purchasing the SIG, you will be able to immediately download the product and supporting materials.

REQUEST A DEMO

Learn more about which SIG you should use when scoping vendor risk questionnaires.

SIG Product

The SIG product itself (includes the SIG Manager). 

SIG User guide

The SIG User Guide provides a summary of the action steps to create, analyze and manage SIG questionnaires.

SIG Manager Enhancement Document

This document covers the changes and revisions to the most recent version of the SIG. 

SIG Version Delta

A workbook listing versions of the SIG from 2008 onward displaying the associations between question numbers, serial numbers, and identifying if a question is new or has been retired. 

21 Risk Domains

The SIG measures security risks across 21 risk control areas, or “domains”, within a service provider’s environment.

  • Access Control
  • Application Management
  • Artificial Intelligence (AI)
  • Asset and Information Management
  • Cloud Services
  • Compliance Management
  • Cybersecurity Incident Management
  • Endpoint Security
  • Enterprise Risk Management
  • Environmental, Social, Governance (ESG)
  • Human Resources Security
  • Information Assurance
  • IT Operations Management
  • Network Security
  • Nth Party Management
  • Operational Resilience
  • Physical and Environmental Security
  • Privacy Management
  • Server Security
  • Supply Chain Risk Management (SCRM)
  • Threat Management

Looking for more details on Risk Domains covered by the SIG?

Check out our Guide To Risk Domains.

© 2026 Shared Assessments LLC