SIG Questionnaire Tools

Shared Assessments Standardized Information Gathering (SIG) Questionnaire allows organizations to build, customize, analyze and store vendor assessments for managing third party risk. It is part of our industry standard third party risk toolkit which is used by over 15,000 organizations, world wide.

Standardized Information Gathering Questionnaire

The SIG is a comprehensive set of questions used to assess third party, vendor risk. The Shared Assessments SIG was created leveraging the collective intelligence and experience of our vast and diverse member base. It is updated every year in order to keep up with the ever-changing risk environment and priorities. Learn about the regulations, standards and guidelines to which the SIG maps here.



OUTSOURCERS

Used the SIG to evaluate their service providers’ risk controls



VENDORS

Include a SIG with RFP responses or in lieu of proprietary questionnaires



ORGANIZATIONS

Used to assess third party risk as well as self-assessments

50+ Government Regulations

The SIG aligns with the most updated domestic and international regulatory guidance and industry standards. It is regularly updated for emerging risks, regulations, guidelines and standards for the wide range of industries.

What’s Included In The SIG Questionnaire?

After purchasing the SIG, you’ll be able to immediately download three files. Let our team of experts show you how to implement the SIG into your third party risk program.

REQUEST A DEMO

SIG Manager Tool

The SIG Manager is a comprehensive tool to enable the scoping and configuration of SIG questionnaires. The SIG Manager provides two pre-configured questionnaires, and the ability to easily create customized assessments. The SIG Manager automates the creation and analysis of SIG responses, and options to maintain SIG data bringing efficiency to the assessment process.

SIG User Procedure guide

The SIG User Procedure Guide provides a summary of the action steps to create, analyze and manage SIG questionnaires.

SIG Implementation Workbook

The SIG Implementation Workbook provides best practices insights and planning checklists to identify the tasks and decisions needed to configure and implement the SIG into your TPRM program.

SIG Documentation Artifacts Request List

A project management template that provides an inventory of compliance artifacts and documentation that should be requested from the third party being assessed.

The SIG is Used by 15,000+ People World-Wide

VIEW MORE MEMBERS

18 Risk Domains

The SIG measures security risks across 18 risk control areas, or “domains”, within a service provider’s environment.

Enterprise Risk Management
Security Policy
Organizational Security
Asset and Information Management
Human Resources Security
Physical and Environmental Security
IT Operations Management
Access Control
Application Security

Cybersecurity Incident Management
Operational Resilience
Compliance and Operational Risk
Endpoint Device Security
Network Security
Privacy
Threat Management
Server Security
Cloud Hosting Services

What’s New in SIG

SIG updates are a response not only to the changing regulatory and risk landscape, but to our hundreds of members and tool purchasers looking to perform fast and effective vendor risk assessments.

SIG Buying Options

The SIG can be purchased in three ways as well as licensed for use in applications.



SINGLE LICENSE: $7500

The SIG is available for purchase on it’s own for one year. Includes any updates made within the year of the license.

BUY NOW



RISK TOOLKIT: $11,000

The SIG is part of our Third Party Risk Toolkit which also includes our award winning VRMMM, SCA and Data Governance Tools.