More and more companies are outsourcing key business activities to third parties. However, these third parties can present a significant risk to your organization if not handled with care. We’ve seen the results of unsecure third parties in recent data breaches, and it’s important to be proactive in mitigating future security risks. To do this, it’s important to assess your third parties against risk in a way that’s cost-effective, time-friendly, and low-effort for your vendors. The Shared Assessments Standard Information Gathering (SIG) assessment does exactly that.
What are the SIG Core and SIG Lite Assessments?
The Shared Assessments Program, managed by The Santa Fe Group, focuses on third-party risk assurance by helping organizations manage third-party risk, cybersecurity controls, IT, privacy, data, security and business resiliency. The two assessments central to the Shared Assessments Program are the SIG Core, and the SIG Lite.
SIG Core: The Standardized Information Gathering (SIG) Core questionnaire is designed to assess third parties that store or manage highly sensitive or regulated information, such as payment card information or genetic data. This tool is meant to provide a deeper level of understanding about how a third party secures information and services. It is meant to meet the needs of almost all third-party risk assessments, based on industry standards.
SIG Lite: The SIG Lite questionnaire is designed to provide a broad, high-level understanding about a third party’s internal information security controls, along with other risk domains, such as privacy and ESG. This level is for organizations that need a basic level of assessment due diligence. It can also be used as a preliminary assessment before a more detailed review.
What’s new in 2022?
The 2022 SIG contains direct mappings to eighteen of the most critical reference documents across industries in the body of the SIG, along with content from the SIG library and the SCA. The SIG directly maps to:
How OneTrust can help
OneTrust Vendorpedia offers same-day support for both the 2022 SIG Lite as well as the SIG Core.