Many companies understand the pain of constantly filling out extremely arduous customer- requested security questionnaires. Most of the time, the same common questions get asked over and over again. For some companies, the effort to go through a questionnaire requires a substantial company-wide commitment which can impact other projects and priorities.
In 2005, Shared Assessments was created to help solve this issue. Formed by the top banks, consulting firms, and vendors, they standardized and created an industry-wide approved risk assessment questionnaire, which eventually became the Standardized Information Gathering (SIG) Questionnaire.
The Shared Assessments SIG vendor risk questionnaire is a standardized questionnaire typically used for initial assessments of vendors/third parties.
Aligned with industry standards, the questionnaire is updated on an annual basis to comply with new standards and regulations and to account for changes in the cybersecurity landscape. It is an effective way to test a vendor’s risk posture against 19 different risk domains ranging from Access Control to Threat Management. This is also beneficial/efficient for the vendor (themselves) as well as they only have to fill it once. As a security vendor, HYPR responds to numerous requests from customers to complete both custom and standardized assessment questionnaires. In order to make the process more efficient for both us and our customers, we decided to formalize the system using a third-party service. The SIG questionnaire is one that we encounter frequently and is one of the most rigorous. Most of the questions we get asked are covered within the SIG. The decision made, how does a company like HYPR obtain and officially use the SIG questionnaire?
Any organization can obtain access to the SIG questionnaire by paying an annual subscription on the Shared Assessments website. The questionnaire should be completed by experts in the company with knowledge of the specific risk domains covered. As the SIG is an extensive questionnaire, this can sometimes take several weeks. However, there are a few tip and tricks that can help a company accelerate the process
Once filled and reviewed, this questionnaire can be shared with customers.
As a security company, HYPR customers routinely ask us for responses to various assessment questions, many of which are covered within the SIG. As seen below, HYPR is proud to announce the completion of our SIG questionnaire. If your organization is interested in obtaining a copy, feel free to request it from your account manager or sales contact.
Any company seeking for a more efficient way in responding to customer vendor risk assessments should consider filling out the SIG questionnaire.