There are three types of SIG questionnaire: What are the Types of SIG Questionnaires? The Shared Assessments Program created a suite of third-party risk management tools that aim to create efficiencies and lower costs while maintaining compliance with regulations, industry standards and guidelines across information technology environments. Standardization is critical for advancing effective, secure third-party controls and risk management risk assessments. The SIG questionnaire aims to provide standardize resources for managing the complete third-party relationship lifecycle. This means you should apply the same standard information gathering process for testing all parties. So whether you know it or not, you are relying on your vendors, and increasingly their vendors using sound security controls. Just as your organization may outsource to a service provider or external provider, your vendors likely do too. When doing business with third-parties, it's not safe to assume that you are solely doing business with the party under contract. Read more about the average cost of data breaches involving third-parties. Allen said, "it’s increasingly understood that third party IT security risks can cause millions of dollars in loss and damage, and often unmeasurable harm to an organization’s reputation, the best practices for effective third party risk management are certainly less well understood." The SIG questionnaire was created to manage cybersecurity risk, particularly third-party risk, and fourth-party risk.Īs the Santa Fe Group CEO and Chairman Catherine A. Shared Assessments' foundation is in regulatory and compliance-driven financial services but has grown to include the increasing number of industries that treat good vendor risk management as standard operating practice, such as HIPAA-regulated entities. Shared Assessments provides best practices, solutions, and tools for third-party risk management teams to create an environment of assurance for outsourcers and their vendors. The SIG questionnaire was created by Shared Assessments. SIG was developed by Shared Assessments and is a holistic tool for risk management assessments of cybersecurity, IT, privacy, data security, and business resiliency. The Standardized Information Gathering (SIG) questionnaire is used to perform an initial assessment of vendors, gathering information to determine how security risks are managed across 18 different risk domains.