Can macros be disabled on the SIG Manager?
No, the SIG Manager requires macros to function properly.
Can macros be disabled on a SIG Questionnaire?
Yes, macros are not required for completion of a Questionnaire. However, disabling macros will then display all questions that may not be applicable to the scoped services.
How do I download the most recent version of the SIG Manager?
You will receive instructions with your membership or Tool purchase, generally associated with your new login to the website. Any new versions to the SIG are posted to the website. https://sharedassessments.org
How do I upgrade from a 2021 SIG Manager to 2022 version?
On the SIG Manager tab, click Upgrade in the Manage SIG Data field and select the file to upgrade, then click Open. See page 21 in the 2022 SIG Manager/SIG Questionnaires User Procedure Guide.
What details are included in a transfer from an earlier version of the SIG Manager to the 2022 version?
Any content in the Content Library, and all templates are included in a transfer. See page 21 in the 2022 SIG Manager/SIG Questionnaires User Procedure Guide.
Is the SIG Manager available in other formats besides Microsoft Excel, such as XML?
The Shared Assessments Program only provides the SIG for user interfaces in Microsoft Excel at this time. The SIG can export configuration and/or responses in a standardized format called “JSON” (JavaScript Object Notation) that is recognized by various types of software and interfaces. See page 22 in the 2022 SIG Manager/SIG Questionnaires User Procedure Guide.
What is “Scoping” and how do I do it?
The term scoping is used to describe the act of configuring or creating a SIG questionnaire by choosing the type and level of questions that are appropriate to your assessment requirements. Important: You must scope or create a SIG Scoping Template before you can save it, use it, or use a default SIG Questionnaire. See page 9 in the 2022 SIG Manager/SIG Questionnaires User Procedure Guide.
How do I know which level of a SIG to choose?
The level of SIG to choose is based on the depth and breadth of due diligence you need based on the vendor’s risk rating and vendor classification. Two default SIG Questionnaire templates are provided. The SIG Lite provides a foundation with 150 program level questions, while the SIG Core provides a comprehensive set of questions for higher risk vendors. Each company can tailor, scope or filter the number and type of questions using the SIG Manager based on what type of assessment is being performed. See page 6 in the 2022 SIG Manager/SIG Questionnaires User Procedure Guide.
Would a service provider ever need to respond to all the questions in the Content Library?
No. The SIG Content Library provides an inventory of accessible, vetted questions simply that are available to choose from for detailed configuration level risk assessments, or deep-dive assessments on very specific industry sector topics. Detail level questions are not included in default SIG Questionnaires since they are designed for more customized assessments.
Can I change the wording of a question?
According to the Terms of Use, questions may not be edited without written permission from Shared Assessments. However, custom questions can be added to the Content Library. The SIG Manager allows you to add up to 100 custom questions within the Content Library for inclusion in your scoped questionnaires. See page 28 in the 2022 SIG Manager/SIG Questionnaires User Procedure Guide.
Can I remove or hide tabs in the SIG?
The SIG Manager enables you to create your SIG with single or multi-tab formats. The sections included in the SIG depend on whether default SIG Scoping Templates or custom scoped SIG Scoping Templates were used to create the SIG. Default SIG Scoping Templates create the Standard SIG Lite and Standard SIG Core using out-of-the-box functionality to create standardized, tiered questionnaires. See page 10 in the 2022 SIG Manager/SIG Questionnaires User Procedure Guide.
Why can’t I choose more than two mapping references for scoping?
The SIG Questionnaire cannot accommodate more than two mapping references at this time, due to space limitations in Excel. For more information on Mapping, see page 10 in the 2022 SIG Manager/SIG Questionnaires User Procedure Guide.
If I choose to exclude a question, would all the other questions related to it be excluded as well?
No. Choosing to exclude one question does not mean related questions won’t apply. See page 11 in the 2022 SIG Manager/SIG Questionnaires User Procedure Guide.
SIG Advanced Functionality
How do I include the Maturity field in my questionnaire?
The option to include the Full Tab and/or Maturity field in a questionnaire is included on the Common Options tab in the SIG Manager. See page 25 in the 2022 SIG Manager/SIG Questionnaires User Procedure Guide for instructions on how and why you can include these fields.
What is a Category and how is it used?
A (Control) Category is a scoping method used to classify risk types. Choose the SIG Scoping Template option in the Create Questionnaires and Templates section on the SIG Manager tab, and the Scoping Method options appear. See page 9 in the 2022 SIG Manager/SIG Questionnaires User Procedure Guide.
Where are the sub-categories?
Sub-categories have been renamed as Attributes in the Content Library. See page 11 in the 2022 SIG Manager/SIG Questionnaires User Procedure Guide.
Can I add additional questions outside of the Content Library inventory?
Up to 100 additional questions can be added during the scoping phase of the SIG creation after adding these custom questions to the Content Library tab to be included in a created SIG. See page 28 in the 2022 SIG Manager/SIG Questionnaires User Procedure Guide.
What is a Master Answer Key and how do I create one?
A Master Answer Key contains the completed SIG questions and answers that an Assessor expects to receive from a Third Party. The Master Answer Key provides a way to automate the analysis of a vendor’s completed SIG questionnaire by using the answer key to compare the results. In the 2022 SIG Manager, the Master responses are located on the Content Library tab. See page 14 in the 2022 SIG Manager/SIG Questionnaires User Procedure Guide to create a Master Answer Key and automate SIG Questionnaire reviews.
Is there a way to transfer my responses from an earlier version of a SIG Questionnaire to the latest version of the SIG Questionnaire?
Earlier versions of a completed SIG questionnaire may be transferred to newer versions, and newer versions may be transferred to older versions. You can transfer responses from any version of the SIG Manager back to version 3.1 using the Migrate function within SIG Manager. You need an answered SIG questionnaire as a source file, and another SIG questionnaire as a destination file to do the transfer. See page 21 in the 2022 SIG Manager/SIG Questionnaires User Procedure Guide for further instructions.
How do I analyze the data in a returned SIG Questionnaire?
Analyze becomes available (on the SIG Manager tab) after you have entered Master Responses into the Content Library and saved the SIG Manager. You can analyze data by comparing answers against the Content Library, or another SIG. See page 19 in the 2022 SIG Manager/SIG Questionnaires User Procedure Guide.
What is Tab Automation used for?
The Tab Automation feature is default-enabled to activate dynamic function of the parent and subsidiary questions at all levels. When enabled, the function allows for greater efficiency in response keeping other questions hidden when a “No” response is provided. When the tab is disabled, all questions are revealed providing full transparency.
Regulation References
Has the SIG been updated to address obligations under CCPA/CPRA?
Yes. The Privacy section of the SIG and the SCA have been updated to include questions related to CCPA/CPRA and other state regulatory privacy obligations. In addition, the updated Target Data Tracker Tool can be used to assist with CCPA readiness efforts for collecting information about the use of classifications of data in third party relationships. State privacy regulations are focused specifically on the privacy domain and are included in questions, while only global or federal privacy regulations/frameworks that impact multiple risk domains are mapped directly as mapping reference in the Content Library. See page 10 in the 2022 SIG Manager/SIG Questionnaires User Procedure Guide.
TPRM Toolkit Support
Are the Shared Assessments Tools available in multiple languages?
The Tools are available in English–other languages are not currently available. Please refer to the Shared Assessments website for future updates. https://sharedassessments.org
types of Tool training and personalized assistance do you offer?
You may request to join a live demo, or request support from one of our Tools professionals. https://sharedassessments.org/live-demo/ or https://sharedassessments.org/tools-support/. You may also reference the 2022 SIG Manager/SIG Questionnaires User Procedure Guide provided after purchase.
Do you offer free usage of your Tools for educational purposes?
No. Tools are provided to tool purchasers and members via license. Refer to the Copyright tab on the SIG Manager tool.