Whether you're expanding use cases, adding new vendors, or scaling the scope of your offerings, you need to keep apprised of potential security risks impacting your organization. UpGuard has added the SIG Lite questionnaire to our Questionnaire Library, making SIG available to help UpGuard customers evaluate third-party risks and potential vulnerabilities in your vendors' security policies.
The Standardized Information Gathering (SIG) Questionnaire is designed to help you standardize your third-party vendor risk management program (TPRM) across a range of IT security and risk management topics. SIG's risk domains are now available with our introduction of the SIG Lite Questionnaire in the UpGuard platform.
Understanding SIG and Shared Assessments
The Standardized Information Gathering questionnaire, developed by Shared Assessments, provides a comprehensive set of questions for assessing third-party risks and managing your vendor assessments. Shared Assessments updates the SIG annually to ensure that it reflects changes in the cybersecurity landscape, and more than 100,000 SIG questionnaires are exchanged among service providers each year.
The SIG framework includes two questionnaire approaches: SIG Lite and SIG Core. SIG Lite includes 126 questions for a high-level security overview, while the SIG Core questionnaire contains 855 risk control questions. SIG's 19 risk domains cover the following security areas:
- Enterprise Risk Management
- Nth-Party Management
- Information Assurance
- Asset and Information Management
- Human Resources Security
- Physical and Environmental Security
- IT Operations Management
- Access Control
- Application Security
- Cybersecurity Incident Management
- Operational Resilience
- Compliance Management
- Endpoint Security
- Network Security
- Environmental, Social, and Governance (ESG)
- Privacy Management
- Threat Management
- Server Security
- Cloud Hosting Services
As an organization, Shared Assessments considers industry standards and best practices for third-party risk management. The SIG aligns to a variety of regulatory frameworks and compliance guidelines, including ISO 27001 NIST Cybersecurity Framework (CSF), General Data Protection Regulation (GDPR), HIPAA, PCI DSS, SOC 2, and CIS. This alignment ensures that your supply chain lifecycle meets your cybersecurity and data security needs. You can also use the SIG Lite questionnaire as part of your annual self-assessment.
Learn more about the SIG Questionnaire in our blog on What is the SIG Questionnaire? TPRM Simplified.
UpGuard's SIG Lite Questionnaire Launch
Combine the SIG Lite questionnaire with UpGuard’s security ratings and risk assessment workflow to make informed decisions about your vendors, strengthen your business relationships, and streamline your third-party risk management processes.
Replace your manual Excel spreadsheet questionnaire process with UpGuard's all-in-one automated security questionnaire. With SIG Lite available, UpGuard customers experience tangible benefits to third-party risk assessments:
- Decrease time required to complete vendor security assessments in your vendor onboarding lifecycle.
- Eliminate manual questionnaire and assessment processes through automation.
- Improve vendor alignment to security and compliance standards.
- Simplify remediation workflows for identified risks.
With the SIG Lite questionnaire, you can streamline data collection and vendor risk assessments, reduce errors, and bring efficiency to your due diligence security assessments. Planning is underway for the development of a SIG Core questionnaire with a release expected in the near future.
Access UpGuard's Questionnaire Library
UpGuard's Questionnaire Library provides pre-built questionnaires that align to commonly used regulations and best practices in the cybersecurity industry. We are delighted to share that the SIG Lite questionnaire is now included in our library of 25+ standard assessment questionnaires.
Simplify Vendor Data Collection
The SIG questionnaire provides your organization a structured method to collect information about vendors' information security controls and risk posture.
Within the UpGuard platform, you can view the current status of the questionnaire as your vendor completes it. UpGuard's all-in-one platform reduces complexity and decreases the time involved in vendor assessment by streamlining lengthy processes. Rather than using multiple systems to collect and analyze responses, you can save time and automate the process with UpGuard's SIG Lite questionnaire.
Evaluate Your Vendors' Security Measures
Once completed by a third-party vendor, review their answers and consider what any follow-up actions need to be taken to ensure your vendors meet your organization's security policies.
Gain a holistic model of a vendor's security posture with UpGuard's risk mappings and security risk ratings, and generate reports to share with stakeholders using UpGuard's report templates. You can also prompt risk resolution by facilitating vendor remediation directly within the UpGuard platform.
Learn more about how to manage your vendor remediation process with UpGuard.