The Standardized Information Gathering (SIG) Questionnaire Tools allow organizations to build, customize, analyze and store vendor questionnaires. Built on best practices by our member community, the SIG provides standardization and efficiency in performing third party risk assessments.
The SIG Questionnaire Tools
Using a robust compilation of questions, the SIG gathers pertinent information to determine how security risks are managed across a spectrum of 18 risk control areas, or “domains”, within a service provider’s environment. It was developed through the collective intelligence of our Membership to enable a service provider to compile complete information about these risk domains in one document.
The SIG can be used in various ways:
- Used by an outsourcer to evaluate their service providers’ risk controls.
- Completed by a service provider and used proactively as part of a request for proposal (RFP) response.
- Completed by a service provider and sent to their client(s) in lieu of completing one or multiple proprietary questionnaires.
- Used by an organization for self-assessment.
SIG Questionnaire Tools
SIG Questionnaire Tools
The SIG is a holistic tool for risk management assessments of cybersecurity, IT, privacy, data security and business resiliency in an information technology environment.
Add the SCA, VRMMM & GDPR Tool Kit
“Verify” SIG questionnaires with the Standardized Control Assessment (SCA) Procedure Tools, benchmark with the Vendor Risk Management Maturity Model (VRMMM) and evaluate GDPR readiness.
2019 SIG Features
The SIG now functions as a questionnaire management tool that allows you to build, customize, analyze and store questionnaires in one place. Your download of the SIG will include two files, including:
SIG Management Tool
The SIG Questionnaire Tools will include a Microsoft Exel workbook called the SIG Management Tool. The SIG Management Tool is where you will build your SIG questionnaires using the Content Library as a bank of questions to draw from. You will also use the SIG Management Tool to compare an assessee’s SIG responses to a Master SIG and create a report that lists the discrepancies between the SIGs for further analysis and follow up. It can also transfer responses from one SIG file version to another version. This feature makes it easy to update responses to a newer version of a SIG without starting from scratch. The SIG Management Tool is also where you will store the SIGs you create to draw from as you develop new SIG questionnaires for new vendors.
SIG How To Guide
The SIG Tools includes a comprehensive How to Guide (in pdf) that provides step by step instructions of using the SIG Management Tool to create, analyze and store SIGs. It also provides best practice guidance on administering the SIG as part of a third party risk management program