Never miss a vendor assessment deadline
Send standard or custom questionnaires to your vendors, configure questionnaire due dates, and set regular reminders to ensure they're completed.
Don't spend hours analyzing vendor risks
Risks are automatically identified and surfaced based on vendor responses for you to request remediation or waive them.
Seamlessly remediate vendor risks
Collaborate with vendors on mitigating risks using the risk assessment workflow, correspond in-line for specific vendor responses using auditable, built-in messaging, or simply add internal notes.
With UpGuard, you can now send a SIG Lite Questionnaire
Combine the Shared Assessments’ SIG Lite Questionnaire with UpGuard’s security ratings and risk assessment workflow to have a comprehensive understanding of your vendors and a simpler risk information-gathering process
Elevate your Vendor Risk Management with the SIG Lite Questionnaire
Combine the (SIG) Lite Questionnaire with UpGuard’s security ratings and risk assessment workflow to streamline your processes, make informed decisions, and build more robust business relationships.
Enterprise Company (> 1000 emp.)
Select multiple vendors, set deadlines and reminders for questionnaire completion.
View risks identified automatically based on
questionnaire responses and request remediation
Easily collaborate with vendors on their responses and remediation using built-in messaging
Use questionnaires based on regulations and best practices from our industry-leading library.
SIG Lite Questionnaire
The SIG Lite was created by Shared Assessments and contains a set of 126 risk control questions designed to help organizations standardize the assessment of third-party vendors
ISO 27001 Questionnaire
Assesses an organization's security posture against the ISO 27001 standard with risks mapped against ISO 27001 domains. It is also suitable for the assessment of APRA CPS 234 requirements.
Provides a comprehensive assessment of an organization's security posture, from their policy framework right down to their technical controls. It comprises four sections: Security and Privacy Programs, Physical and Data Center, Infrastructure, and Web Applications.
Higher Education Community Vendor Assessment Tool (HECVAT) Questionnaire
Assesses the vendor risk of higher education institutions, to ensure all cloud services utilised are appropriately assessed for security and privacy needs.
Health Insurance Portability and Accountability Act (HIPAA) Questionnaire
The Health Insurance Portability and Accountability Act (HIPAA) questionnaire determines if vendors with access to Protected Health Information (PHI) align with the United States HIPAA standard. HIPAA compliance is regulated by the Department of Health and Human Services (HHS) and enforced by the Office for Civil Rights (OCR).
Short Form Questionnaire
A condensed version of the CyberRisk Questionnaire, designed to be sent to smaller organizations. It focuses on the information security risks smaller organizations are typically exposed to, such as their backup process and email security concerns, while avoiding areas where small organizations are typically less mature (such as their information security policy framework).
Designed to help you assess your vendors that may use SolarWinds.
NIST Cybersecurity Framework Questionnaire
Assesses an organization's security posture against the NIST Cybersecurity Framework.
Apache Log4J - Critical Vulnerability Questionnaire
To help determine if you or your vendors were exposed to the sophisticated supply chain ransomware attack that affected Kaseya.
Security and Privacy Program Questionnaire
Focuses solely on an organization's security and privacy program.
Web Application Security Questionnaire
Focuses solely on an organization's web application security controls.
PCI DSS Questionnaire
Assess an organization's adherence to the twelve requirements of PCI DSS.
Modern Slavery Questionnaire
Designed to identify modern slavery risks, address identified risks, and highlight areas requiring further due diligence.
Designed to help you assess the impact of any current or future pandemics.
Infrastructure Security Questionnaire
Focuses solely on an organization's infrastructure security controls.
Essential Eight Questionnaire
Assesses compliance against the requirements of the Essential Eight framework, as determined by the Australian Signals Directorate (ASD).
Physical and Data Centre Security Questionnaire
Focuses solely on an organization's physical and data center security controls.
California Consumer Privacy Act (CCPA) Questionnaire
Assesses whether a vendor is compliant with the personal information disclosure requirements outlined in CCPA.
COBIT 5 Security Standard Questionnaire
Assesses compliance against the Control Objectives for Information and Related Technologies Framework created by ISACA.
ISA 62443-2-1:2009 Security Standard Questionnaire
Assesses compliance against the ISA 62443-2-1:2009 standard for industrial automation and control systems.
ISA 62443-3-3:2013 Security Standard Questionnaire
Assesses compliance against technical control system requirements associated with the seven foundational requirements (FRs) described in IEC 62443-1-1.
GDPR Security Standard Questionnaire
Assesses compliance with the personal information disclosure requirements outlined in the European Union's General Data Protection Regulation (GPDR).
CIS Controls 7.1 Security Standard Questionnaire
Assesses compliance against the best practice guidelines for cybersecurity outlined in 20 CIS Controls.
NIST SP 800-53 Rev. 4 Security Standard Questionnaire
Assesses compliance against the security and privacy controls required for all U.S. federal information systems except those related to national security.
Post Breach Questionnaire
To better understand the impact of vendor breaches on your organization and assist with remediation efforts. This questionnaire is designed to be sent to a vendor to assess any data exposure arising from a breach and its impact on related stakeholders.