Select Page

Standardized Information Gathering (SIG) Questionnaire

The Standardized Information Gathering (SIG) Questionnaire Tools allow organizations to build, customize, analyze and store vendor questionnaires. Built on best practices by our member community, the SIG provides standardization and efficiency in performing third party risk assessments.

The SIG Questionnaire Tools


Using a comprehensive set of questions (content library), the SIG gathers information to determine how security risks are managed across a 18 risk control areas, or “domains”, within a service provider’s environment. The library houses comprehensive risk and cybersecurity frameworks as well as industry-specific controls.

The SIG can be used in various ways:

  • Used by an outsourcer to evaluate their service providers’ risk controls.
  • Completed by a service provider and used proactively as part of a request for proposal (RFP) response.
  • Completed by a service provider and sent to their client(s) in lieu of completing one or multiple proprietary questionnaires.
  • Used by an organization for self-assessment.

Join us for a live demo of the SIG.

Live Demo

SIG Questionnaire

SIG Questionnaire Tools

The SIG is a holistic tool for risk management assessments of cybersecurity, IT, privacy, data security and business resiliency in an information technology environment.

Third Party Risk Toolkit

Third Party Risk Management Toolkit

“Verify” SIG questionnaires with the Standardized Control Assessment (SCA) Procedure Tools, benchmark with the Vendor Risk Management Maturity Model (VRMMM) and evaluate vendor privacy practices.


Learn More about the SIG

Join us for a live demo to understand how the SIG and the Third Party Risk Toolkit can help build and improve your program.

Learn more

  • SIG Tools

  • SIG Features

    The SIG functions as a questionnaire management tool that allows you to build, customize, analyze and store questionnaires in one place. Your download of the SIG will include:

  • SIG Management Tool

    The SIG Questionnaire Tools will include a Microsoft Excel workbook called the SIG Management Tool. The SIG Management Tool is where you will build your SIG questionnaires drawing from the bank of questions in the SIG Content Library. You will also use the SIG Management Tool to compare an Assessee’s SIG responses to a Master SIG and create a report that lists any gaps from prior SIGs for further analysis and follow up. You can also transfer responses from one SIG file version to another version. This feature makes it easy to update responses to a newer version of a SIG without starting from scratch. The SIG Management Tool is the archive where you will store the SIGs you create so that you can draw from those prior SIGs as you develop new SIG questionnaires for new vendors.

  • SIG Getting Started Guide

    The comprehensive Getting Started Guide (in pdf) that provides step-by-step instructions of using the SIG Management Tool to create, analyze and store SIGs. The SIG Getting Started Guide provides users with a summary overview of the SIG and best practice guidance on administering the SIG as part of a Third Party Risk Management (TPRM) program. It outlines the basics of the tool, the tool structure and how to use the SIG from different perspectives, whether as an outsourcer, assessor, or a service provider.

  • SIG Implementation Checklist

    Provides project management templates to identify the tasks and planning to implement the SIG tools in your TPRM program.

  • SIG Documentation Request Checklist

    A template to gather relevant compliance documents from a service provider as part of an assessment.

  • Membership

    Want access to all the Shared Assessment Program tools, thought leadership and a network of members?

    Find out about Membership or for general inquiries, email

    Membership Info




This site uses cookies

Please note that on our website we use cookies necessary for the functioning of our website, cookies that optimize the performance. To learn more about our cookies, how we use them and their benefits, please read our Cookie Policy and Privacy Policy.