What is a Sig form?

Asked By: Razan Rossell | Last Updated: 3rd February, 2020
Category: business and finance business operations
4.4/5 (89 Views . 41 Votes)
What is the SIG Questionnaire and Why Was It Created? The SIG, developed by Shared Assessments, stands for “Standard Information Gathering”, and is a holistic tool for risk management assessments of cybersecurity, IT, privacy, data security and business resiliency in an information technology environment.

Click to see full answer


Keeping this in view, what is a SIG Lite questionnaire?

SIG LITE — Understandably, the SIG assessment is a pretty extensive questionnaire that targets multiple areas of risk across multiple disciplines. Instead of a standard questionnaire, SIG CORE is a library of questions that security teams can pick and choose from with their vendors.

Also Know, how do you assess risk of vendor? 10 Best Practices for Successful Vendor Risk Assessments

  1. Compare your list from the Accounts Payable Department to your vendor list.
  2. Bucket your actively managed vendors into groups.
  3. Understand the business impact and regulatory risk.
  4. Keep a disciplined approach.
  5. Assess vendor relationships at the product or service level.

Similarly, what is a shared assessment?

Shared Assessments is a third party risk membership program that provides organizations with a way to obtain a detailed report about a service provider's controls (people, process and procedures) and a procedure for verifying that the information in the report is accurate.

What is a Sig report?

SIG is a comprehensive 1500 questionnaire that is completed and certified by an independent security professional, who evaluates and reports on the design and operation of an organization's security controls.

16 Related Question Answers Found

What is standard information gathering?

The Standard Information Gathering (“SIG”) Questionnaire contains a robust yet easy to use set of questions to gather and assess information technology, operating and security risks (and their corresponding controls) in an information technology environment.

What standardized information?

Standardize Information Gathering is an efficient way of collecting information from a large number of respondents. Very large samples are possible. Surveys are flexible in the sense that a wide range of information can be collected. They can be used to study attitudes, values, beliefs, and past behaviors.

What is scoped systems and data?

Scoped Systems and Data. Scoped Systems and Data. by | Nov 8, 2018 | Computer hardware, software and/or Non-Public Personal Information (NPPI) that is stored, transmitted, or processed by the service provider in scope for an engagement.

What is a high risk vendor?

A high-risk vendor is a third-party vendor that has access to a company's sensitive corporate information and/or handles its financial transactions and has a high risk of information loss. Organizations generally categorize their third-party vendors as high risk, medium risk, or low risk.

How is vendor due diligence conducted?


  1. Understand Compliance Concerns.
  2. Define Corporate Objectives for Due Diligence.
  3. Gather Key Information.
  4. Screen Prospective Third Parties against Watchlists and PEPs.
  5. Conduct a Risk Assessment.
  6. Validate the Information Collected.
  7. Audit the Due-Diligence Process.
  8. Establish an On-Going Monitoring Plan.

Why is vendor due diligence important?

Vendor due diligence is essential in financial institutions, not only to decrease threats to business operations and financial stability but also to reduce compliance risk and reputation risk. If the vendor risk level changes, risks found in the last review need to be monitored.

Why is third party risk management important?

Managing supplier and third-party risk helps mitigate undue risk and excessive costs associated with cyber risks. This helps distinguish vendors imperative to business operations from those less necessary to the business operations.

What is 3rd party vendor management?

Third-party management is the process whereby companies monitor and manage interactions with all external parties with which it has a relationship. A third-party is typically a company that provides an auxiliary product not supplied by the primary manufacturer to the end-user (the two principals).

What is a strategic vendor?

Strategic suppliers are those that account for a considerable amount of business (60-80%), demonstrate loyalty to their partners (exclusivity, limited distribution), are easy to do business with, and provide both growth and profitability. They typically represent about 6-10 suppliers.

What is a vendor questionnaire?


A vendor risk management questionnaire (also known as a third-party risk assessment questionnaire or vendor risk assessment questionnaire) is designed to help organizations identify potential weaknesses among vendors and partners that could result in a breach.

What does SIG stand for in security?

Standard Information Gathering

How do you do a third party risk assessment?

Here's a four-step process for conducting vendor and other third-party risk assessments that can scale to companies of different sizes and industries.
  1. Develop Vendor Risk Criteria.
  2. Create a Preliminary Vendor Risk Profile.
  3. Perform Due Diligence Based on Risk Profile.
  4. Address the Risks You've Uncovered.