The SIG (Standardized Information Gathering) Questionnaire, created by Shared Assessments, is a vendor assessment tool designed to collect data on how security risks across various domains are managed. It helps organizations evaluate third-party vendors to ensure their security and compliance posture. SIG is widely used in risk management, especially in areas like IT, cybersecurity, and data security.

Key Points:

• Why SIG Was Created:

  • To address third-party and fourth-party risks related to cybersecurity.

  • Provides a comprehensive risk management framework for businesses.

• Types of SIG Questionnaire:

  • SIG Questionnaire: Covers 18 domains, assessing vendors across various security risks.

  • SIG Lite: A shorter version for domains with lower risks.

  • SIG Core: Contains key compliance questions, useful for security and risk management teams.

Use Cases:

• SIG is used by organizations to assess and mitigate risks across domains like cybersecurity, IT, and more.

• Service providers complete assessments and submit them to clients for evaluation.

About Genesis:

Genesis is a cyber risk management platform that combines attack surface and third-party risk management. It helps businesses monitor cybersecurity posture, map digital assets, and reduce attack surfaces, preventing data breaches and identifying potential risks.