The Standardized Info Gathering Questionnaire is a vendor evaluation mapping to the necessities of many cyber laws and frameworks.
The aim of a SIG safety evaluation is to assist handle operational dangers, enterprise resiliency, safety insurance policies, cybersecurity dangers, and third-party dangers as a part of a broader Third-Occasion Danger Administration (TPRM) program.
The 19 danger domains evaluated by the SIG embody:
Enterprise Danger ManagementSecurity PolicyOrganizational SecurityAsset and Info ManagementHuman Sources SecurityEnvironmental, Social, Governance (ESG)IT Operations ManagementAccess ControlApplication SecurityCybersecurity Incident ManagementOperational ResilienceCompliance and Operational RiskEndpoint Machine SecurityNetwork SecurityPrivacyThreat ManagementServer SecurityCloud Internet hosting Providers
Learn the way Cybersecurity can simplify your Vendor Danger Administration program >
What’s the SIG Questionnaire?
The Standardized Info Gathering (SIG) Questionnaire was created to assist companies enhance the administration of their third-party dangers throughout a number of classes, together with cybersecurity, operational and knowledge governance, and provide chain dangers. The first goal of SIG questionnaires is to scale back the danger of a corporation struggling a third-party breach.
Who created the SIG questionnaire?
The SIG questionnaire was created by Shared Assessments. Shared Assessments offers greatest practices, options, and instruments serving to third-party danger administration groups create an atmosphere of assurance for outsourcers and their distributors.
Shared Assessments’ basis is in regulatory and compliance-driven monetary companies however has grown to incorporate the growing variety of industries that deal with good Vendor Danger Administration as customary working apply, reminiscent of HIPAA-regulated entities.
Learn the way Cybersecurity streamlines the safety questionnaire course of >
What’s Standardized Info Gathering (SIG) Lite?
SIG Lite is probably the most simplified model of the SIG questionnaires developed by Shared Assessments. It was designed for cases the place a fast, high-level overview of a vendor’s third-party danger publicity is required. This model of SIG centered on simply the core points of third-party danger, the minimal required to find out the general danger a vendor launched to your group—cybersecurity, compliance, and privateness.
The faster and extra environment friendly danger evaluation processes made doable with SIG Lite questionnaires make them a really perfect alternative for low-risk distributors not requiring a complete safety posture analysis.
What’s within the Standardized Info Gathering (SIG) Questionnaire Toolkit?
The elements of the 2020 Standardized Info Gathering (SIG) Questionnaire Toolkit are:
Third-party Privateness Instruments: This set on instruments was constructed from the demand pushed by 2019’s GDPR Privateness Instruments, with an expanded scope to satisfy necessities for numerous privateness laws and framework updates. These instruments present templates for pre-assessment scoping or readiness assessments that allow privacy-centric assessments, incorporating privateness controls and obligations primarily based on particular jurisdictions. Vendor Danger Administration Maturity Mannequin (VRMMM) Benchmark Instruments: SIG’s VRMMM is among the longest-running third-party danger maturity fashions. The 2020 VRMMM Benchmark Instruments’ improved maturity monitoring and performance lets managers set extra granular maturity degree scores and ship higher reporting readability. VRMMM Benchmark Instruments are free to make use of and accessible right here. Standardized info gathering (SIG) Questionnaire Instruments: The SIG employs a holistic set of questions primarily based on {industry} greatest practices for gathering and assessing 18 important danger domains and corresponding controls, together with info know-how, cybersecurity, privateness, resiliency, and knowledge safety danger.Standardized Management Evaluation (SCA) Process Instruments: The SCA assists danger professionals in performing onsite or digital assessments of distributors, offering the verification or attestation element of third-party danger applications.Why was the SIG questionnaire created?
The SIG questionnaire was created to handle cybersecurity danger, notably third-party danger, and fourth-party danger.
Because the Santa Fe Group CEO and Chairman Catherine A. Allen mentioned, “it’s increasingly understood that third party IT security risks can cause millions of dollars in loss and damage, and often unmeasurable harm to an organization’s reputation, the best practices for effective third party risk management are certainly less well understood.”
When doing enterprise with third-parties, it is not protected to imagine that you’re solely doing enterprise with the get together underneath contract.
Simply as your group could outsource to a service supplier or exterior supplier, your distributors doubtless do too. So whether or not it or not, you might be relying in your distributors, and more and more their distributors utilizing sound safety controls.
This implies you need to apply the identical customary info gathering course of for testing all events.
The SIG questionnaire goals to offer standardize sources for managing the whole third-party relationship lifecycle.
Standardization is important for advancing efficient, safe third-party controls and danger administration danger assessments. The Shared Assessments Program created a collection of third-party danger administration instruments that goal to create efficiencies and decrease prices whereas sustaining compliance with laws, {industry} requirements, and tips throughout info know-how environments.
Discover ways to select safety questionnaire automation software program >
What are the sorts of SIG questionnaires?
There are three sorts of SIG questionnaire:
SIG Core: The SIG Core questionnaire is a library of 855 questions, together with intensive questions on particular controls and definitions. SIG Core covers 19 danger domains that decide how safety dangers are managed in a vendor atmosphere.SIG Lite: The SIG Lite questionnaire is a streamlined model of the SIG with 126 questions for program-level evaluation. SIG Lite distills the ideas and questions from SIG Core for lower-risk third events.Customized SIG: A customized SIG questionnaire may be personalized from the SIG Lite and Core variations primarily based in your group’s wants. Customized SIG questionnaires may be tailor-made in accordance with enterprise wants for due diligence necessities.SIG Core vs SIG Lite
The distinction between SIG Core and SIG Lite is the depth of third-party danger publicity being assessed by every questionnaire.
SIG Core is a complete questionnaire designed for in-depth vendor danger assessments. It must be used with important or high-risk distributors dealing with delicate knowledge. It covers 21 danger domains to offer probably the most detailed insights a couple of vendor’s cybersecurity and danger administration practices. The Core model of SIG is a perfect alternative for companies outsourcing the processing of their delicate knowledge to third-party relationships.SIG Lite: It is a extra streamlined model in comparison with SIG Core. SIG Lite is good when a high-level understanding of a vendor’s cybersecurity practices is ample. It’s sometimes used with low-risk vendor relationships, people who would not have entry to delicate knowledge, reminiscent of a vendor offering stationary provides. SIG LIte questionnaires may be used as a preliminary evaluation of potential distributors when deciding whether or not a extra complete analysis with a SIG Core questionnaire is critical.The SIG Lite questionnniare is out there on the Cybersecurity platform.
Get a free trial of Cybersecurity >
How can the SIG questionnaire be used?
The SIG questionnaire can be utilized in a handful of how, relying in your group’s wants and the kind of vendor you might be assessing, together with:
To judge a service supplier’s info safety controls.Accomplished by third-party distributors and used proactively as a part of due diligence or a request for proposal (RFP) response.Accomplished by a service supplier and despatched to their purchasers as an alternative of finishing one or a number of third-party danger assessments. Utilized by a corporation as a part of the self-assessment course of
Associated: The highest Third-Occasion Danger Administration options available on the market.
What’s the SIG framework?
The Standardized Info Gathering (SIG) framework evaluates the extent of danger posed by third-party companies by contemplating numerous danger domains. Whereas SIG questionnaires are the first technique of accumulating knowledge for a SIG framework, different sources of third-party danger info might embody certifications and accomplished questionnaires mapping to cybersecurity requirements, reminiscent of NIST CSF.
Relying on the extent of safety danger element required of a vendor, consolidating a number of knowledge sources to assist frameworks reminiscent of SIG might be time-consuming. Options reminiscent of Cybersecurity Belief Trade might streamline this effort.
Signal as much as Belief Trade at no cost >
The SIG framework presents a structured strategy to accumulating third-party danger info to guage a vendor’s safety posture, guaranteeing that vendor danger evaluation processes stay constant throughout all third-party vendor relationships.
Key elements of the SIG framework
The SIG framework is characterised by the next:
1. RIsk domains
The SIG framework is split into a number of danger domains (21 domains in SIG Core), every specializing in a special side of Third-Occasion Danger Administration. Every SIG query evaluates how a vendor addresses potential dangers in a given danger area.
2. Two variations of the SIG questionnaire
The Standardized Info Gathering (SIG) framework presents two variations of its questionnaire to account for the first sorts of vendor relationships inside a Third-Occasion Danger Administration program: high-risk and low-risk.
SIG Core – for high-risk vendorsSIG Lite – for low-risk vendors3. Excessive customization potential
The SIG framework was designed to be customizable to simply about each TPRM context in order that it may be utilized throughout all industries. Organizations are free so as to add, take away, or modify any query to adapt every questionnaire to every distinctive vendor relationship. This flexibility permits the SIG frameworks to be tailor-made to a corporation’s particular third-party danger appetites and regulatory necessities.
4. Effectivity in Vendor Administration:
Through the use of a standardized set of questions most companies are acquainted with, the SIG framework accommodates pre-filled questionnaire responses, permitting distributors to answer their SIG questionnaires extra quickly and streamlining the whole Vendor Danger Administration (VRM) course of.
Watch this video to find out how VRM automation, reminiscent of pre-filling vendor questionnaires, might be used with all sorts of vendor questionnaires, not simply these aligned with the SIG framework.
Get a free trial of Cybersecurity >
SIG Questionnaire instance
Listed below are some examples of questions that might be utilized in a SIG questionnaire throughout all twenty-one danger domains of SIG model 2024. That is only a small pattern; SIG questionnaires comprise extra questions in every danger area.
Area: Danger Evaluation and TreatmentIs there a formalized course of for danger possession project, together with the documentation of duties for managing recognized dangers?Are all recognized dangers periodically reviewed and up to date by a delegated danger administration committee?Are danger therapy plans built-in into the group’s strategic planning course of?Area: Safety PolicyHas the data safety coverage been accredited and communicated to all related stakeholders, together with exterior companions?Is there a coverage overview course of in place to make sure all safety insurance policies stay aligned with evolving authorized necessities?Are all modifications to safety insurance policies documented and tracked to make sure compliance and transparency?Area: Organizational SecurityAre there designated roles and duties for overseeing info safety initiatives inside the group?Does the group have an impartial safety governance construction that gives oversight separate from operational features?Are safety roles reviewed periodically to mirror modifications within the organizational construction or danger panorama?Area: Asset and Info ManagementIs there a centralized stock of all bodily and digital property, together with classifications primarily based on their sensitivity and worth?Does the group implement controls on detachable media, reminiscent of limiting the usage of unauthorized USB units?Are encryption instruments and practices repeatedly reviewed and up to date to guard knowledge at relaxation and in transit?Area: Human Useful resource SecurityAre background checks carried out on all staff, contractors, and subcontractors with delicate knowledge entry?Is there a documented coverage for ongoing safety consciousness coaching that’s tailor-made to the group’s completely different roles and duties?Are there procedures in place to make sure the safe offboarding of staff, together with revoking entry and retrieving firm property?Area: Bodily and Environmental SecurityAre bodily entry controls applied to stop unauthorized entry into knowledge facilities and different delicate services?Are safety cameras and monitoring methods used to detect and reply to unauthorized entry makes an attempt?Are guests required to register and be escorted whereas on the premises the place delicate info is processed or saved?Area: Operations ManagementAre documented customary working procedures maintained for all important IT operations, together with backup and restoration processes?Is there a change administration coverage that requires testing and approval earlier than implementing modifications to important methods?Are common evaluations carried out to make sure operational controls are efficient and up to date as wanted?Area: Entry ControlIs multi-factor authentication required for accessing methods that retailer or course of delicate knowledge?Are particular person person accounts strictly managed, together with common audits to establish and take away inactive accounts?Are role-based entry controls applied to make sure customers have the minimal degree of entry essential for his or her job features?Area: Utility SecurityAre safety assessments carried out on all functions earlier than deployment in a manufacturing atmosphere?Are safe coding practices enforced and repeatedly reviewed to mitigate widespread vulnerabilities reminiscent of SQL injection and cross-site scripting?Are utility logs monitored for suspicious exercise that might point out an tried or profitable breach?Area: Incident Occasion and Communications ManagementIs there a documented incident response plan that features outlined roles, communication protocols, and escalation procedures?Are incident response workouts carried out at the least yearly to check the effectiveness of the response plan?Is there a course of to inform affected events of an information breach inside an outlined timeframe?Area: Enterprise ResiliencyAre enterprise continuity plans developed and documented for all important enterprise features?Are continuity and restoration methods examined and up to date at the least yearly to make sure they continue to be efficient?Is there an outlined restoration level goal (RPO) and restoration time goal (RTO) for every important system and repair?Area: ComplianceAre there documented insurance policies to make sure compliance with related authorized, regulatory, and contractual necessities?Are inside audits carried out repeatedly to evaluate compliance with established insurance policies and procedures?Is there a data administration coverage that specifies the retention and disposal of paperwork in step with regulatory obligations?Area: Finish Person Machine SecurityAre all end-user units configured in accordance with safety requirements that embody encryption, patching, and anti-malware controls?Is there a cellular gadget administration program to implement safety insurance policies on cellular units used inside the group?Are staff prohibited from utilizing unauthorized units to entry the company community or delicate knowledge?Area: Community SecurityAre firewalls, intrusion detection methods, and different community safety controls applied to guard towards exterior threats?Are common community vulnerability scans carried out, and are vulnerabilities remediated promptly?Are community segmentation controls in place to isolate delicate methods from much less safe components of the community?Area: PrivacyIs there a privateness coverage that defines how private knowledge is collected, used, saved, and shared?Are privateness influence assessments carried out when introducing new applied sciences or processes that will have an effect on private knowledge?Are third-party agreements reviewed to make sure compliance with the group’s privateness requirements?Area: Risk ManagementIs there a documented menace intelligence program that identifies and assesses rising threats related to the group?Are menace detection instruments repeatedly up to date to deal with the newest safety vulnerabilities?Is there a coordinated course of for managing and mitigating threats, together with collaboration with exterior companions?Area: Server SecurityAre all servers hardened in accordance with {industry} greatest practices, together with disabling pointless companies and configuring firewalls?Are important server patches utilized inside a selected timeframe to attenuate publicity to vulnerabilities?Are administrative entry controls in place to restrict who can change server configurations?How typically is the SIG questionnaire up to date?
The SIG questionnaire is up to date on a yearly foundation to adjust to new {industry} requirements and to account for modifications within the cybersecurity panorama.
The 2020 Shared Assessments Third-Occasion Danger Administration Toolkit was launched on November 20, 2019, to allow organizations around the globe to satisfy new and evolving regulatory compliance calls for and tackle evolving bodily and cyber dangers.
New usability options and expanded operational content material embody:
Expanded operational/enterprise danger: Content material for the excellent however customizable query library addresses company governance features of anti-trust, anti-bribery, worldwide compliance, name heart safety, funds compliance, moral sourcing, and human trafficking danger within the provide chain. Enterprise danger governance, info safety danger, and privateness knowledge safety questions have expanded primarily based on new laws, together with CCPA and GDPR.Danger and regulatory compliance content material: New content material throughout instruments helps danger professionals shut regulatory compliance gaps in third-party relationships with strict knowledge safety requirements reminiscent of PCI DSS.Knowledge governance: Privateness laws reminiscent of PIPEDA, CCPA, FIPA, The SHIELD Act, , and GDPR mandate that organizations diligently monitor knowledge collected by or disclosed to 3rd events, how that knowledge is used, and the place it’s accessed. The enhancements help with the identification, monitoring, and upkeep of private info that’s utilized inside particular third-party relationships, together with fourth-party administration.Service supplier configuration and response administration: New agility within the Standardized Info Gathering (SIG) Administration Device permits service suppliers to make it simpler to construct, configure, and preserve a number of accomplished questionnaires, lowering the hassle and complexity concerned in responding to due diligence requests.Exterior content material automation: Shared Evaluation members, outsourcers, and licenses can extract and combine SIG content material into their platforms through JSON.Abstract of SIG updates
The next is an outline of among the extra important SIG framework modifications launched in historic SIG updates:
SIG 2024 updates
The SIG 2024 replace launched two new danger domains and revised the names of present domains to raised mirror evolving danger administration wants:
1. New danger domains:Provide Chain Danger Administration: For mitigating dangers throughout the availability chain with a concentrate on enhanced cybersecurity and elevated continuity disruption resilience.. This area incorporates the Provide Chain Danger Administration requirements of NIST 800-161Artificial Intelligence (AI): For assessing danger related to utilizing AI instruments, specifically their influence on privateness and security. The AI danger administration requirements of this danger area have been influenced by the NIST AI Danger Administration Framework (NIST AI RMF).2. Renamed danger domains:Utility Safety has been renamed to Utility Administration, increasing the main focus of this danger area from simply securing functions to danger administration all through the whole software program growth lifecycle. Cloud Internet hosting Providers has been up to date to Cloud Providers to broaden the scope of cloud-based actions past infrastructure safety.3. Enhanced compliance mapping:New mapping was added to account for up to date requirements, reminiscent of SO 27001:2022, ISO 27002:2022, PCI DSS v4.0, and CMMC 2.04. Different updates:Fastened errors and alignment points, clarified query wording, and improved mapping to CSA CAIQ and FedRamp to reinforce accuracy and value throughout completely different platforms (e.g., Home windows, Mac).SIG 2023 updates
The SIG 2023 replace made a number of key modifications to reinforce third-party danger assessments:
New Danger Domains:
Environmental, Social, and Governance (ESG): With rising regulatory calls for round sustainability and moral governance, this area was added to cowl numerous ESG subjects, reminiscent of environmental insurance policies, employee security, and moral sourcing.Nth-Occasion Administration: This area focuses on managing dangers related to fourth and nth-party distributors, recognizing the necessity to assess dangers past direct third-party relationships. It addresses areas like contracts, due diligence, and incident administration.Reorganization of Current Content material:some textThe Safety Coverage area was eliminated, and its content material was redistributed throughout the third-party administration and Info Assurance domains to streamline danger evaluation processes.Expanded Protection:some textSIG 2023 went deeper into particular areas inside new domains, reminiscent of ESG, by incorporating extra detailed questions associated to compliance with rising legal guidelines just like the EU Company Sustainability Due Diligence Directive and the German Provide Chain Due Diligence LaSIG 2022 updates
The SIG 2022 replace centered on simplifying and bettering the usability of the SIG questionnaires:
Simplification of Query Units:some textSIG Core and SIG Lite query units had been re-ordered and decreased to make them extra manageable. This included grouping questions by matter to enhance readability and cut back the general quantity by as much as 50% for SIG Lite and 25% for SIG Core.New and Up to date Regulatory Mappings:some textThe replace included 4 new and 13 up to date management mappings to align with evolving regulatory requirements, reminiscent of NIST 800-53 (Rev. 5), DOJ steerage, and the CAIQ v3.1. These mappings be sure that the SIG stays a related software for compliance throughout numerous frameworks.Introduction of New Classes:some textMore than 30 new classes and area updates had been launched to mirror rising danger areas and evolving compliance wants. These updates make it simpler for customers to seek out related controls and concentrate on particular danger areasHow is the SIG questionnaire completely different from different vendor danger evaluation questionnaires?
The SIG Administration Device is a Microsoft Excel workbook that enables assessors to attract from the financial institution of questions within the SIG Content material Library to create personalized questionnaire templates primarily based on their wants.
That is completely different to different safety questionnaires, reminiscent of HEVCAT and the Vendor Safety Alliance Questionnaire, the SIG questionnaire evaluates third-party distributors and repair suppliers primarily based on their very own 18 particular person danger management areas.
SIG is an effective choice for a broad vary of vendor danger administration use circumstances as a result of its controls map to a big number of cybersecurity frameworks and tips, together with:
Indexing throughout a number of safety assessments makes the SIG questionnaire a good selection for evaluating the safety postures in the course of the prospecting and onboarding phases of Vendor Danger Administration.
Different well-known and revered safety questionnaires embody:
Get our free vendor danger evaluation questionnaire template >
Easy methods to obtain SIG compliance in 2024
SIG compliance is achieved when your group aligns its third-party danger administration processes with the requirements outlined within the Standardized Info Gathering (SIG) framework. The next is a high-level framework for attaining SIG compliance.
Step 1: Perceive the SIG framework
Start by understanding the third-party danger administration goals of the SIG framework throughout all of its 21 danger domains. Begin with the framework outlined in SIG core, permitting you to think about probably the most excessive compliance effort situation. Decide the relevance of every danger area to your TPRM goals and the scope of controls of every danger area which are probably relevant.
Step 2: Choose an acceptable SIG questionnaire
Decide whether or not to make use of a SIG Core or SIG Lite questionnaire on your distributors. Your alternative must be primarily based on the extent of danger related to every vendor’s relationship. Excessive-risk distributors (these processing sensiitve knowledge) must be assigned a SIG Core questionnaire. A SIG Lite questionnaire can be the extra environment friendly alternative for low-risk distributors.
Should you’re undecided of a vendor’s danger degree and, subsequently, which SIG questionnaire to ship them, a SIG Lite questionnaire might present probably the most environment friendly technique of gauging inherent danger ranges to find out whether or not a follow-up analysis with a SIG Core questionnaire is required.
Step 3: Map to regulatory requirements
The SIG framework presents a pathway to compliance with numerous requirements, reminiscent of NIST, ISO 27001, GDPR, PCI DSS, and industry-specific tips reminiscent of NIST SP 800-161r1 for provide chain danger and the NIST AI RMF for AI danger administration. To in the end obtain SIG compliance, you will have to align your third-party danger administration practices to all relevant requirements primarily based on the findings of SIG questionnaires. Every vendor may have a singular third-party danger context that can have to be thought of when strategizing alignment enhancements.
Step 4: Implement third-party danger administration controls
Implement sturdy danger administration controls throughout all relevant danger domains within the SIG framework. To make sure the continuing effectiveness of those controls. Implement organizational insurance policies, procedures, and instruments to simplify the identification and administration of third-party dangers being mitigated by every management.
Step 5: Conduct common danger assessments
Often consider every vendor’s safety danger ranges with SIG questionnaires, guaranteeing acceptable variations are used primarily based on every vendor’s criticality degree. Important distributors might want to bear probably the most frequent SIG compliance assessments. To make this effort extra streamlined and scalable, implement a vendor tiering technique into your Third-Occasion Danger Administration program, the place distributors are grouped primarily based on the extent of danger they pose to the group. This can make it simpler to establish distributors prepared for a scheduled SIG compliance evaluation and permit acceptable variations of SIG to be despatched to every vendor at scale.
Vendor tiering on the Cybersecurity platform.
Vendor Danger overview characteristic on the Cybersecurity platform indicating vendor distribution throughout three criticality tiers.Why you need to think about using safety scores alongside the SIG questionnaire
Safety scores present danger administration and safety groups with the power to repeatedly monitor the safety posture of their distributors.
The advantage of safety scores alongside safety questionnaires is they’re mechanically generated, up to date continuously, and so they present a typical language for technical and non-technical stakeholders.
Safety scores fill the assault floor gaps left by conventional point-in-time evaluation methods just like the SIG questionnaire to offer steady assault floor consciousness.
Safety scores mixed with point-in-time assessments create real-time assault floor consciousness.
Safety scores can complement and supply assurance of remediation efforts and the outcomes reported in safety questionnaires as a result of they’re externally verifiable, all the time up-to-date, and supplied by an impartial group.
In keeping with Gartner, cybersecurity scores will turn into as essential as credit score scores when assessing the danger of present and new enterprise relationships.
Learn the way Cybersecurity calculates its safety scores >
Cybersecurity is among the hottest safety scores suppliers. We generate our scores by means of proprietary algorithms that absorb and analyze trusted industrial and open-source menace feeds, and non-intrusive knowledge assortment strategies to quantitatively consider cyber danger.
Cybersecurity foundation its scores on the evaluation of 70+ vectors, together with:
In case you are curious in regards to the efficiency of different safety ranking companies, see our information on SecurityScorecard vs. BitSight right here.
How Cybersecurity might help you handle your SIG Questionnaires
Cybersecurity streamlines your safety questionnaire workflows with options suited to an environment friendly Vendor Danger Administration program, together with the Shared Assessments’ SIG Lite Questionnaire.
The Cybersecurity platforms presents a SIG Lite questionnaire to assist customers align their Vendor Danger Administration practices towards the SIG framework. Cybersecurity helps you save time and sources by automating info gathering processes for danger assessments primarily based on the SIG framework, or different fashionable cybersecurity and regulatory requirements. Combines Cybersecurity’s SIG questionniare with its safety scores instruments for real-time monitoring of a vendor’s rising safety dangers.
Cybersecurity streamlines your safety questionnaire workflows with options suited to an environment friendly Vendor Danger Administration program, together with the Shared Assessments’ SIG Lite Questionnaire.
The Cybersecurity platform presents a SIG Lite questionnaire to assist customers align their Vendor Danger Administration practices towards the SIG framework. Cybersecurity helps you save time and sources by automating information-gathering processes for danger assessments primarily based on the SIG framework, or different fashionable cybersecurity and regulatory requirements. Combines Cybersecurity’s SIG questionniare with its safety scores instruments for real-time monitoring of a vendor’s rising safety dangers.
