Select Page

Standardized Information Gathering

(SIG) questionnaire

The SIG questionnaire is a holistic tool for risk management assessments of cybersecurity, IT, privacy, data security and business resiliency in an information technology environment.

  • The SIG Questionnaire

    The robust set of questions within the SIG are reviewed and updated annually, and are based on referenced industry regulations, guidelines and standards including NIST, FFIEC, ISO, HIPAA and PCI, among others. New risk areas are added on a regular basis.

    The SIG Lite a compilation of all the higher level questions form the detail tabs of the SIG. It is generally used for third party service providers who offer lower risk services but can also be used as a starting point to conduct an initial assessment. The SIG bundle includes the SIG Lite, or the SIG Lite can be purchased alone.

SIG Bundle

SIG Bundle
$6000

The SIG is a holistic tool for risk management assessments of cybersecurity, IT, privacy, data security and business resiliency in an information technology environment.

Add to cart

SIG Lite Bundle

SIG Lite Bundle
$3500

The SIG Lite is a compilation of all the top-level questions from the detail tabs of the full SIG, allowing for an initial assessment of a service pro-viders risk controls.

Add to cart

Complete Bundle

Add the AUP and the VRMMM
$8000

The SIG Lite is a compilation of all the top-level questions from the detail tabs of the full SIG, allowing for an initial assessment of a service pro-viders risk controls.

Add to cart

  • Learn More about 2017 SIG Enhancements

    SIG Tools – included with the SIG Bundle

    The SIG Bundle comes with tools to help manage the use of the SIG in your third party risk management program.

  • SIG Management Tool

    A SIG Management Tool (SMT) is included with both the SIG and the SIG Lite. The SMT is “backward compatible” and will work with any earlier version of the SIG. The real power behind the SIG and the SIG is unleashed when they are used with the SIG Management Tool. The tool serves two primary functions:

  • Comparison Function

    The SMT will compare a Master SIG, Prepared by the issu-er/outsourcer, to a SIG provided by the assesse. When exe-cuted, the SMT will perform a comparison and provide a report of all responses that did not match. In addition to identifying responses that did not match, the report also in-cludes the value in the Optional Scoring column on the Master, to assist in the prioritization of any responses that require radiation.

  • Transfer Function

    The SMT allows either an issuer/outsourcer or an assesse to transfer responses between SIG versions. Older versions may be transferred to newer versions and newer versions may be transferred to older versions. This function allows the issuer/outsourcer to transfer responses from a Master SIG when a new version is released, and allows assesses to transfer responses from a previously completed SIG when a new version is released. In addition, if an issuer/outsourcer receives a SIG that is a different version than that of the Master, the SMT transfer function allows the issuer/outsourc-er to transfer the responses from their Master to match the version received from the assessee.

  • SIG How To Guides

    Included with the SIG Bundle is a How To Guide, which pro-vides a comprehensive overview of how to get the most out of the SIG and the SIG companion documents, providing best practices on how to approach third party risk assess-ments. The How To Guide provides useful information on all of the different program components and instructions on navigating the SIG, as well as the detailed instructions on how to use the SIG Management Tool (SMT).

  • SIG Scoping Template

    The SIG represents questions for a wide variety of products and services, and therefore it is necessary to refine the scope of the SIG. The SIG Scoping Template provides a methodology to map third party risk factors to specific tabs of the SIG, and the organization’s risk tolerance. An example of the scoping exercise is included in the SIG bundle.

  • Membership

    Want access to all the Shared Assessment Program tools, thought leadership and a network of members?

    Find out about Membership or contact us.

    Membership Info