The SIG questionnaire is a holistic tool for risk management assessments of cybersecurity, IT, privacy, data security and business resiliency in an information technology environment.
The SIG Questionnaire
Using a robust compilation of questions, the SIG gathers pertinent information to determine how security risks are managed across a spectrum of 18 risk control areas, or “domains”, within a service provider’s environment. It was developed to enable a service provider to compile complete information about these risk domains in one document.
The SIG can be used in various ways:
- Used by an outsourcer to evaluate their service providers’ risk controls.
- Completed by a service provider and used proactively as part of a request for proposal (RFP) response.
- Completed by a service provider and sent to their client(s) in lieu of completing one or multiple proprietary questionnaires.
- Used by an organization for self-assessment.
View this video to see the improvements and changes made to the 2018 SIG.
Need to see more? Join us for a live demo of the 2018 Shared Assessments Program Tools.
The SIG is a holistic tool for risk management assessments of cybersecurity, IT, privacy, data security and business resiliency in an information technology environment.
Add the SCA, VRMMM & GDPR Tool Kit
“Verify” SIG questionnaires with the Standardized Control Assessment (SCA) procedures, benchmark with the Vendor Risk Management Maturity Model (VRMMM) and evaluate GDPR readiness.
Tools Included in the 2018 SIG Bundle
The SIG Bundle comes with tools to help manage the use of the SIG in your third party risk management program.
SIG Management Tool
Included in the purchase of the SIG Tool bundle is another Microsoft Excel workbook called the SIG Management Tool (SMT). The SMT has two main functions. First, it can compare an assessee’s SIG responses to a Master SIG and create a report that lists the discrepancies between the SIGs for further analysis and follow up. Second, it can transfer responses from one SIG file version to another version. This feature makes it easy to update responses to a newer version of the SIG without starting from scratch.
The real power behind the SIG is unleashed when it is used with the SMT.
The SMT will compare a Master SIG, prepared by outsourcer, to SIG responses provided by an assessee. When executed, the SMT will compare the questionnaires and create a report showing all of the responses that did not match with the Master. In addition to identifying responses that did not match, the report includes any optional scoring added to the Master to assist in the prioritization of any responses that require remediation.
The SMT allows a user to transfer responses between SIG workbooks. Older versions of the SIG can be transferred to newer versions and newer versions may be transferred to older versions. This function allows users to easily update to a newer version of the SIG without having to start from scratch. It also provides outsourcers with the ability to update an asseessee’s responses to match their version of the Master; then the Compare function can be used for analysis and reporting.
SIG How To Guide
The SIG Bundle includes a comprehensive How To Guide (in pdf) that provides step by step instructions on all aspects of the SIG and SMT. It also provides best practice guidance on administering the SIG as part of a third party risk management program.
SIG Frequently Asked Questions (FAQs)
The SIG FAQs page answers the most common SIG and SMT questions. It is an easy reference to use and is updated throughout the year.