Standardized Information Gathering Questionnaire
The SIG is a configurable tool to enable the scoping of diverse third-party risk assessments using a comprehensive set of questions used to assess third-party or vendor risk. The Shared Assessments SIG was created leveraging the collective intelligence and experience of our vast and diverse member base. It is updated every year in order to keep up with the ever-changing risk environment and priorities. Learn about the regulations, standards, and guidelines to which the SIG maps here.
OUTSOURCERS
Used the SIG to evaluate their service providers’ risk controls
VENDORS
Include a SIG with RFP responses or in lieu of proprietary questionnaires
ORGANIZATIONS
Used to assess third-party risk as well as self-assessments
50+ Government Regulations
The SIG aligns with the most updated domestic and international regulatory guidance and industry standards. It is regularly updated for emerging risks, regulations, guidelines and standards for the wide range of industries.

What’s Included In The SIG Questionnaire?
After purchasing the SIG, you’ll be able to immediately download three files. Let our team of experts show you how to implement the SIG into your third-party risk program.
SIG Manager Tool
The SIG Manager is a comprehensive tool to enable the scoping and configuration of SIG questionnaires. The SIG Manager provides two pre-configured questionnaires, and the ability to easily create customized assessments. The SIG Manager automates the creation and analysis of SIG responses, and options to maintain SIG data bringing efficiency to the assessment process. Use of the SIG Manager requires Microsoft Excel.
SIG User Procedure guide
The SIG User Procedure Guide provides a summary of the action steps to create, analyze and manage SIG questionnaires.
SIG Implementation Workbook
The SIG Implementation Workbook provides best practices insights and planning checklists to identify the tasks and decisions needed to configure and implement the SIG into your TPRM program.
SIG Documentation Artifacts Request List
A project management template that provides an inventory of compliance artifacts and documentation that should be requested from the third-party being assessed.
The SIG is Used by 15,000+ People World-Wide












18 Risk Domains
The SIG measures security risks across 18 risk control areas, or “domains”, within a service provider’s environment.
- Enterprise Risk Management
- Security Policy
- Organizational Security
- Asset and Information Management
- Human Resources Security
- Physical and Environmental Security
- IT Operations Management
- Access Control
- Application Security
- Cybersecurity Incident Management
- Operational Resilience
- Compliance and Operational Risk
- Endpoint Device Security
- Network Security
- Privacy
- Threat Management
- Server Security
- Cloud Hosting Services
SIG Buying Options
The SIG can be purchased in three ways as well as licensed for use in applications.

SIG Portal
Purchase of the SIG includes access to a preview of the
SIG Online Portal
SINGLE LICENSE: $6000
The SIG is available for purchase on its own for one year. Includes any updates made within the year of the license.
RISK TOOLKIT: $7500
The SIG is part of our Third-Party Risk Toolkit which also includes our award winning VRMMM, SCA, and Data Governance Tools.
BECOME A MEMBER
Shared Assessment membership includes access to all our tools in our third-party risk toolkit, including the SIG.