SIG Excel Questionnaire
Shared Assessments Standardized Information Gathering (SIG) Questionnaire allows organizations to build, customize, analyze, and store vendor assessments for managing third-party risk.
The SIG is available as a standalone product subscription and is included with all levels of Membership.
Interested in multi-year pricing? Email sales@sharedassessments.org.
SIG Excel
The SIG Excel encourages a scalable and consistent risk assessment methodology across risk domains, control families, third parties, and service providers. For outsourcers, the SIG provides a deep level of understanding about how a service provider secures information and services. For service providers, the SIG demonstrates your security posture to your customers and prospects.
Key capabilities include:
- Scoping third-party risk questionnaires
- Developing custom tiered questionnaires
- Comparing and managing vendor responses
Want to learn more? Request a demo here, or explore our frequently asked questions here.
Standardized Information Gathering (SIG) Questionnaire
The SIG is a configurable solution enabling the scoping of diverse third-party risk assessments using a comprehensive set of questions used to assess third-party or vendor risk. The Shared Assessments SIG was created leveraging the collective intelligence and experience of our vast and diverse member base. It is updated every year in order to keep up with the ever-changing risk environment and priorities.
Direct Mappings:
Widely Accepted Regulations, Frameworks and Industry Guidance
The SIG aligns with the most updated domestic and international regulatory guidance and industry standards for risk management. Since its inception, the SIG has been regularly updated for emerging global risks, regulations, guidelines, and standards for a wide range of industries.
Technology Standards & Frameworks
Shared Assessments SCA 2026
ISO 27001:2022
ISO 27002:2022
ISO/IEC 27701 PIMS A 2019
ISO/IEC 42001:2023
NIST Artificial Intelligence 100-1 2023
NIST SP-800-161r1 2022
NIST SP-800-53r5.1.1 (Nov 2023)
NIST SP-800-171r3 (May 2024)
NIST Cybersecurity Framework (Apr 2018)
NIST Cybersecurity Framework 2.0 (Feb 2024)
NIST Privacy Framework (Jan 2020)
Cybersecurity Maturity Model Certification (CMMC) 2.0 2024
CIS Critical Security Controls v8 2021
Regulations, Statutes & Laws
Digital Operational Resilience Act Jan 2023 (DORA)
EBA Guidelines on Outsourcing Arrangements Mar 2019
EU GDPR 2016/679
EU NIS 2 Jan 2023
Interagency Guidance on Third-Party Relationships: Risk Management 2023
FedRamp May 2023
FFIEC CAT Tool May 2017
FFIEC IT Exam Handbook: AIO Jun 2021
FFIEC IT Exam Handbook: Business Continuity Nov 2019
FFIEC IT Exam Handbook: Mgmt Nov 2015
FFIEC IT Exam Handbook: Outsourcing Jun 2004
HIPAA Administrative Simplification Mar 2013
NYDFS 23 NYCRR 500 Nov 2023
Industry Sector Guidance
CSA CAIQ 4.0 Jun 2024
CSA Cloud Controls Matrix v4
BRC Operational Resilience Framework Nov 2022
ISA 62443-4-1 and 2 2018
North American Electric Reliability Corporation (NERC)
PCI DSS 4.0 March 2022
Learn about the regulations, standards, and guidelines to which the SIG currently (and historically) maps here >>
What’s Included In The SIG Questionnaire?
After purchasing the SIG, you will be able to immediately download the product and supporting materials.
SIG Product
SIG User guide
SIG Manager Enhancement Document
SIG Version Delta
21 Risk Domains
The SIG measures security risks across 21 risk control areas, or “domains”, within a service provider’s environment.
- Access Control
- Application Management
- Artificial Intelligence (AI)
- Asset and Information Management
- Cloud Services
- Compliance Management
- Cybersecurity Incident Management
- Endpoint Security
- Enterprise Risk Management
- Environmental, Social, Governance (ESG)
- Human Resources Security
- Information Assurance
- IT Operations Management
- Network Security
- Nth Party Management
- Operational Resilience
- Physical and Environmental Security
- Privacy Management
- Server Security
- Supply Chain Risk Management (SCRM)
- Threat Management
