The Standardized Data Gathering Questionnaire is a vendor evaluation mapping to the necessities of many cyber laws and frameworks.
The aim of a SIG safety evaluation is to assist handle operational dangers, enterprise resiliency, safety insurance policies, cybersecurity dangers, and third-party dangers as a part of a broader Third-Occasion Threat Administration (TPRM) program.
The 19 danger domains evaluated by the SIG embrace:
Enterprise Threat ManagementSecurity PolicyOrganizational SecurityAsset and Data ManagementHuman Sources SecurityEnvironmental, Social, Governance (ESG)IT Operations ManagementAccess ControlApplication SecurityCybersecurity Incident ManagementOperational ResilienceCompliance and Operational RiskEndpoint Gadget SecurityNetwork SecurityPrivacyThreat ManagementServer SecurityCloud Internet hosting Companies
Find out how Cybersecurity can simplify your Vendor Threat Administration program >
What’s the SIG Questionnaire?
The Standardized Data Gathering (SIG) Questionnaire was created to assist companies enhance the administration of their third-party dangers throughout a number of classes, together with cybersecurity, operational and knowledge governance, and provide chain dangers. The first goal of SIG questionnaires is to cut back the chance of a corporation struggling a third-party breach.
Who created the SIG questionnaire?
The SIG questionnaire was created by Shared Assessments. Shared Assessments offers finest practices, options, and instruments serving to third-party danger administration groups create an atmosphere of assurance for outsourcers and their distributors.
Shared Assessments’ basis is in regulatory and compliance-driven monetary providers however has grown to incorporate the growing variety of industries that deal with good Vendor Threat Administration as customary working observe, corresponding to HIPAA-regulated entities.
Find out how Cybersecurity streamlines the safety questionnaire course of >
What’s Standardized Data Gathering (SIG) Lite?
SIG Lite is probably the most simplified model of the SIG questionnaires developed by Shared Assessments. It was designed for situations the place a fast, high-level overview of a vendor’s third-party danger publicity is required. This model of SIG targeted on simply the core points of third-party danger, the minimal required to find out the general danger a vendor launched to your group—cybersecurity, compliance, and privateness.
The faster and extra environment friendly danger evaluation processes made doable with SIG Lite questionnaires make them a perfect alternative for low-risk distributors not requiring a complete safety posture analysis.
What’s within the Standardized Data Gathering (SIG) Questionnaire Toolkit?
The elements of the 2020 Standardized Data Gathering (SIG) Questionnaire Toolkit are:
Third-party Privateness Instruments: This set on instruments was constructed from the demand pushed by 2019’s GDPR Privateness Instruments, with an expanded scope to fulfill necessities for varied privateness laws and framework updates. These instruments present templates for pre-assessment scoping or readiness assessments that allow privacy-centric assessments, incorporating privateness controls and obligations primarily based on particular jurisdictions. Vendor Threat Administration Maturity Mannequin (VRMMM) Benchmark Instruments: SIG’s VRMMM is without doubt one of the longest-running third-party danger maturity fashions. The 2020 VRMMM Benchmark Instruments’ improved maturity monitoring and performance lets managers set extra granular maturity degree rankings and ship higher reporting readability. VRMMM Benchmark Instruments are free to make use of and accessible right here. Standardized info gathering (SIG) Questionnaire Instruments: The SIG employs a holistic set of questions primarily based on {industry} finest practices for gathering and assessing 18 essential danger domains and corresponding controls, together with info know-how, cybersecurity, privateness, resiliency, and knowledge safety danger.Standardized Management Evaluation (SCA) Process Instruments: The SCA assists danger professionals in performing onsite or digital assessments of distributors, offering the verification or attestation part of third-party danger applications.Why was the SIG questionnaire created?
The SIG questionnaire was created to handle cybersecurity danger, significantly third-party danger, and fourth-party danger.
Because the Santa Fe Group CEO and Chairman Catherine A. Allen stated, “it’s increasingly understood that third party IT security risks can cause millions of dollars in loss and damage, and often unmeasurable harm to an organization’s reputation, the best practices for effective third party risk management are certainly less well understood.”
When doing enterprise with third-parties, it isn’t protected to imagine that you’re solely doing enterprise with the get together beneath contract.
Simply as your group might outsource to a service supplier or exterior supplier, your distributors probably do too. So whether or not you recognize it or not, you might be relying in your distributors, and more and more their distributors utilizing sound safety controls.
This implies it is best to apply the identical customary info gathering course of for testing all events.
The SIG questionnaire goals to offer standardize assets for managing the whole third-party relationship lifecycle.
Standardization is essential for advancing efficient, safe third-party controls and danger administration danger assessments. The Shared Assessments Program created a set of third-party danger administration instruments that intention to create efficiencies and decrease prices whereas sustaining compliance with laws, {industry} requirements, and tips throughout info know-how environments.
Learn to select safety questionnaire automation software program >
What are the sorts of SIG questionnaires?
There are three sorts of SIG questionnaire:
SIG Core: The SIG Core questionnaire is a library of 855 questions, together with intensive questions on particular controls and definitions. SIG Core covers 19 danger domains that decide how safety dangers are managed in a vendor atmosphere.SIG Lite: The SIG Lite questionnaire is a streamlined model of the SIG with 126 questions for program-level evaluation. SIG Lite distills the ideas and questions from SIG Core for lower-risk third events.Customized SIG: A customized SIG questionnaire will be personalized from the SIG Lite and Core variations primarily based in your group’s wants. Customized SIG questionnaires will be tailor-made based on enterprise wants for due diligence necessities.SIG Core vs SIG Lite
The distinction between SIG Core and SIG Lite is the depth of third-party danger publicity being assessed by every questionnaire.
SIG Core is a complete questionnaire designed for in-depth vendor danger assessments. It ought to be used with essential or high-risk distributors dealing with delicate knowledge. It covers 21 danger domains to offer probably the most detailed insights a couple of vendor’s cybersecurity and danger administration practices. The Core model of SIG is a perfect alternative for companies outsourcing the processing of their delicate knowledge to third-party relationships.SIG Lite: It is a extra streamlined model in comparison with SIG Core. SIG Lite is right when a high-level understanding of a vendor’s cybersecurity practices is enough. It’s sometimes used with low-risk vendor relationships, those who do not need entry to delicate knowledge, corresponding to a vendor offering stationary provides. SIG LIte questionnaires may be used as a preliminary evaluation of potential distributors when deciding whether or not a extra complete analysis with a SIG Core questionnaire is critical.The SIG Lite questionnniare is on the market on the Cybersecurity platform.
Get a free trial of Cybersecurity >
How can the SIG questionnaire be used?
The SIG questionnaire can be utilized in a handful of the way, relying in your group’s wants and the kind of vendor you might be assessing, together with:
To guage a service supplier’s info safety controls.Accomplished by third-party distributors and used proactively as a part of due diligence or a request for proposal (RFP) response.Accomplished by a service supplier and despatched to their shoppers as an alternative of finishing one or a number of third-party danger assessments. Utilized by a corporation as a part of the self-assessment course of
Associated: The highest Third-Occasion Threat Administration options in the marketplace.
What’s the SIG framework?
The Standardized Data Gathering (SIG) framework evaluates the extent of danger posed by third-party providers by contemplating varied danger domains. Whereas SIG questionnaires are the first technique of gathering knowledge for a SIG framework, different sources of third-party danger info may embrace certifications and accomplished questionnaires mapping to cybersecurity requirements, corresponding to NIST CSF.
Relying on the extent of safety danger element required of a vendor, consolidating a number of knowledge sources to assist frameworks corresponding to SIG might be time-consuming. Options corresponding to Cybersecurity Belief Alternate may streamline this effort.
Signal as much as Belief Alternate without cost >
The SIG framework presents a structured strategy to gathering third-party danger info to guage a vendor’s safety posture, making certain that vendor danger evaluation processes stay constant throughout all third-party vendor relationships.
Key elements of the SIG framework
The SIG framework is characterised by the next:
1. RIsk domains
The SIG framework is split into a number of danger domains (21 domains in SIG Core), every specializing in a unique side of Third-Occasion Threat Administration. Every SIG query evaluates how a vendor addresses potential dangers in a given danger area.
2. Two variations of the SIG questionnaire
The Standardized Data Gathering (SIG) framework presents two variations of its questionnaire to account for the first sorts of vendor relationships inside a Third-Occasion Threat Administration program: high-risk and low-risk.
SIG Core – for high-risk vendorsSIG Lite – for low-risk vendors3. Excessive customization potential
The SIG framework was designed to be customizable to only about each TPRM context in order that it may be utilized throughout all industries. Organizations are free so as to add, take away, or modify any query to adapt every questionnaire to every distinctive vendor relationship. This flexibility permits the SIG frameworks to be tailor-made to a corporation’s particular third-party danger appetites and regulatory necessities.
4. Effectivity in Vendor Administration:
By utilizing a standardized set of questions most companies are conversant in, the SIG framework accommodates pre-filled questionnaire responses, permitting distributors to answer their SIG questionnaires extra quickly and streamlining your entire Vendor Threat Administration (VRM) course of.
Watch this video to learn the way VRM automation, corresponding to pre-filling vendor questionnaires, might be used with all sorts of vendor questionnaires, not simply these aligned with the SIG framework.
Get a free trial of Cybersecurity >
SIG Questionnaire instance
Listed here are some examples of questions that might be utilized in a SIG questionnaire throughout all twenty-one danger domains of SIG model 2024. That is only a small pattern; SIG questionnaires comprise extra questions in every danger area.
Area: Threat Evaluation and TreatmentIs there a formalized course of for danger possession task, together with the documentation of duties for managing recognized dangers?Are all recognized dangers periodically reviewed and up to date by a delegated danger administration committee?Are danger therapy plans built-in into the group’s strategic planning course of?Area: Safety PolicyHas the data safety coverage been permitted and communicated to all related stakeholders, together with exterior companions?Is there a coverage assessment course of in place to make sure all safety insurance policies stay aligned with evolving authorized necessities?Are all adjustments to safety insurance policies documented and tracked to make sure compliance and transparency?Area: Organizational SecurityAre there designated roles and duties for overseeing info safety initiatives throughout the group?Does the group have an impartial safety governance construction that gives oversight separate from operational features?Are safety roles reviewed periodically to replicate adjustments within the organizational construction or danger panorama?Area: Asset and Data ManagementIs there a centralized stock of all bodily and digital belongings, together with classifications primarily based on their sensitivity and worth?Does the group implement controls on detachable media, corresponding to limiting using unauthorized USB units?Are encryption instruments and practices recurrently reviewed and up to date to guard knowledge at relaxation and in transit?Area: Human Useful resource SecurityAre background checks performed on all workers, contractors, and subcontractors with delicate knowledge entry?Is there a documented coverage for ongoing safety consciousness coaching that’s tailor-made to the group’s completely different roles and duties?Are there procedures in place to make sure the safe offboarding of workers, together with revoking entry and retrieving firm belongings?Area: Bodily and Environmental SecurityAre bodily entry controls carried out to stop unauthorized entry into knowledge facilities and different delicate services?Are safety cameras and monitoring techniques used to detect and reply to unauthorized entry makes an attempt?Are guests required to register and be escorted whereas on the premises the place delicate info is processed or saved?Area: Operations ManagementAre documented customary working procedures maintained for all essential IT operations, together with backup and restoration processes?Is there a change administration coverage that requires testing and approval earlier than implementing adjustments to essential techniques?Are common opinions performed to make sure operational controls are efficient and up to date as wanted?Area: Entry ControlIs multi-factor authentication required for accessing techniques that retailer or course of delicate knowledge?Are particular person person accounts strictly managed, together with common audits to determine and take away inactive accounts?Are role-based entry controls carried out to make sure customers have the minimal degree of entry obligatory for his or her job features?Area: Software SecurityAre safety assessments performed on all purposes earlier than deployment in a manufacturing atmosphere?Are safe coding practices enforced and recurrently reviewed to mitigate frequent vulnerabilities corresponding to SQL injection and cross-site scripting?Are utility logs monitored for suspicious exercise that would point out an tried or profitable breach?Area: Incident Occasion and Communications ManagementIs there a documented incident response plan that features outlined roles, communication protocols, and escalation procedures?Are incident response workout routines performed at the least yearly to check the effectiveness of the response plan?Is there a course of to inform affected events of a knowledge breach inside an outlined timeframe?Area: Enterprise ResiliencyAre enterprise continuity plans developed and documented for all essential enterprise features?Are continuity and restoration methods examined and up to date at the least yearly to make sure they continue to be efficient?Is there an outlined restoration level goal (RPO) and restoration time goal (RTO) for every essential system and repair?Area: ComplianceAre there documented insurance policies to make sure compliance with related authorized, regulatory, and contractual necessities?Are inner audits carried out recurrently to evaluate compliance with established insurance policies and procedures?Is there a data administration coverage that specifies the retention and disposal of paperwork consistent with regulatory obligations?Area: Finish Consumer Gadget SecurityAre all end-user units configured based on safety requirements that embrace encryption, patching, and anti-malware controls?Is there a cellular machine administration program to implement safety insurance policies on cellular units used throughout the group?Are workers prohibited from utilizing unauthorized units to entry the company community or delicate knowledge?Area: Community SecurityAre firewalls, intrusion detection techniques, and different community safety controls carried out to guard towards exterior threats?Are common community vulnerability scans carried out, and are vulnerabilities remediated promptly?Are community segmentation controls in place to isolate delicate techniques from much less safe elements of the community?Area: PrivacyIs there a privateness coverage that defines how private knowledge is collected, used, saved, and shared?Are privateness affect assessments performed when introducing new applied sciences or processes that will have an effect on private knowledge?Are third-party agreements reviewed to make sure compliance with the group’s privateness requirements?Area: Risk ManagementIs there a documented risk intelligence program that identifies and assesses rising threats related to the group?Are risk detection instruments recurrently up to date to deal with the most recent safety vulnerabilities?Is there a coordinated course of for managing and mitigating threats, together with collaboration with exterior companions?Area: Server SecurityAre all servers hardened based on {industry} finest practices, together with disabling pointless providers and configuring firewalls?Are essential server patches utilized inside a selected timeframe to attenuate publicity to vulnerabilities?Are administrative entry controls in place to restrict who can change server configurations?How typically is the SIG questionnaire up to date?
The SIG questionnaire is up to date on a yearly foundation to adjust to new {industry} requirements and to account for adjustments within the cybersecurity panorama.
The 2020 Shared Assessments Third-Occasion Threat Administration Toolkit was launched on November 20, 2019, to allow organizations all over the world to fulfill new and evolving regulatory compliance calls for and handle evolving bodily and cyber dangers.
New usability options and expanded operational content material embrace:
Expanded operational/enterprise danger: Content material for the excellent however customizable query library addresses company governance features of anti-trust, anti-bribery, worldwide compliance, name middle safety, funds compliance, moral sourcing, and human trafficking danger within the provide chain. Enterprise danger governance, info safety danger, and privateness knowledge safety questions have expanded primarily based on new laws, together with CCPA and GDPR.Threat and regulatory compliance content material: New content material throughout instruments helps danger professionals shut regulatory compliance gaps in third-party relationships with strict knowledge safety requirements corresponding to PCI DSS.Information governance: Privateness laws corresponding to PIPEDA, CCPA, FIPA, The SHIELD Act, , and GDPR mandate that organizations diligently monitor knowledge collected by or disclosed to 3rd events, how that knowledge is used, and the place it’s accessed. The enhancements help with the identification, monitoring, and upkeep of private info that’s utilized inside particular third-party relationships, together with fourth-party administration.Service supplier configuration and response administration: New agility within the Standardized Data Gathering (SIG) Administration Software allows service suppliers to make it simpler to construct, configure, and preserve a number of accomplished questionnaires, decreasing the hassle and complexity concerned in responding to due diligence requests.Exterior content material automation: Shared Evaluation members, outsourcers, and licenses can extract and combine SIG content material into their platforms by way of JSON.Abstract of SIG updates
The next is an outline of among the extra important SIG framework adjustments launched in historic SIG updates:
SIG 2024 updates
The SIG 2024 replace launched two new danger domains and revised the names of current domains to raised replicate evolving danger administration wants:
1. New danger domains:Provide Chain Threat Administration: For mitigating dangers throughout the provision chain with a give attention to enhanced cybersecurity and elevated continuity disruption resilience.. This area incorporates the Provide Chain Threat Administration requirements of NIST 800-161Artificial Intelligence (AI): For assessing danger related to utilizing AI instruments, particularly their affect on privateness and security. The AI danger administration requirements of this danger area have been influenced by the NIST AI Threat Administration Framework (NIST AI RMF).2. Renamed danger domains:Software Safety has been renamed to Software Administration, increasing the main target of this danger area from simply securing purposes to danger administration all through your entire software program improvement lifecycle. Cloud Internet hosting Companies has been up to date to Cloud Companies to broaden the scope of cloud-based actions past infrastructure safety.3. Enhanced compliance mapping:New mapping was added to account for up to date requirements, corresponding to SO 27001:2022, ISO 27002:2022, PCI DSS v4.0, and CMMC 2.04. Different updates:Mounted errors and alignment points, clarified query wording, and improved mapping to CSA CAIQ and FedRamp to boost accuracy and value throughout completely different platforms (e.g., Home windows, Mac).SIG 2023 updates
The SIG 2023 replace made a number of key adjustments to boost third-party danger assessments:
New Threat Domains:
Environmental, Social, and Governance (ESG): With rising regulatory calls for round sustainability and moral governance, this area was added to cowl varied ESG matters, corresponding to environmental insurance policies, employee security, and moral sourcing.Nth-Occasion Administration: This area focuses on managing dangers related to fourth and nth-party distributors, recognizing the necessity to assess dangers past direct third-party relationships. It addresses areas like contracts, due diligence, and incident administration.Reorganization of Current Content material:some textThe Safety Coverage area was eliminated, and its content material was redistributed throughout the third-party administration and Data Assurance domains to streamline danger evaluation processes.Expanded Protection:some textSIG 2023 went deeper into particular areas inside new domains, corresponding to ESG, by incorporating extra detailed questions associated to compliance with rising legal guidelines just like the EU Company Sustainability Due Diligence Directive and the German Provide Chain Due Diligence LaSIG 2022 updates
The SIG 2022 replace targeted on simplifying and enhancing the usability of the SIG questionnaires:
Simplification of Query Units:some textSIG Core and SIG Lite query units had been re-ordered and diminished to make them extra manageable. This included grouping questions by matter to enhance readability and cut back the general quantity by as much as 50% for SIG Lite and 25% for SIG Core.New and Up to date Regulatory Mappings:some textThe replace included 4 new and 13 up to date management mappings to align with evolving regulatory requirements, corresponding to NIST 800-53 (Rev. 5), DOJ steering, and the CAIQ v3.1. These mappings be certain that the SIG stays a related device for compliance throughout varied frameworks.Introduction of New Classes:some textMore than 30 new classes and area updates had been launched to replicate rising danger areas and evolving compliance wants. These updates make it simpler for customers to search out related controls and give attention to particular danger areasHow is the SIG questionnaire completely different from different vendor danger evaluation questionnaires?
The SIG Administration Software is a Microsoft Excel workbook that permits assessors to attract from the financial institution of questions within the SIG Content material Library to create personalized questionnaire templates primarily based on their wants.
That is completely different to different safety questionnaires, corresponding to HEVCAT and the Vendor Safety Alliance Questionnaire, the SIG questionnaire evaluates third-party distributors and repair suppliers primarily based on their very own 18 particular person danger management areas.
SIG is an efficient possibility for a broad vary of vendor danger administration use circumstances as a result of its controls map to a big number of cybersecurity frameworks and tips, together with:
Indexing throughout a number of safety assessments makes the SIG questionnaire a good selection for evaluating the safety postures throughout the prospecting and onboarding phases of Vendor Threat Administration.
Different well-known and revered safety questionnaires embrace:
Get our free vendor danger evaluation questionnaire template >
Learn how to obtain SIG compliance in 2024
SIG compliance is achieved when your group aligns its third-party danger administration processes with the requirements outlined within the Standardized Data Gathering (SIG) framework. The next is a high-level framework for reaching SIG compliance.
Step 1: Perceive the SIG framework
Start by understanding the third-party danger administration aims of the SIG framework throughout all of its 21 danger domains. Begin with the framework outlined in SIG core, permitting you to think about probably the most excessive compliance effort situation. Decide the relevance of every danger area to your TPRM aims and the scope of controls of every danger area which are probably relevant.
Step 2: Choose an applicable SIG questionnaire
Decide whether or not to make use of a SIG Core or SIG Lite questionnaire in your distributors. Your alternative ought to be primarily based on the extent of danger related to every vendor’s relationship. Excessive-risk distributors (these processing sensiitve knowledge) ought to be assigned a SIG Core questionnaire. A SIG Lite questionnaire can be the extra environment friendly alternative for low-risk distributors.
In the event you’re unsure of a vendor’s danger degree and, due to this fact, which SIG questionnaire to ship them, a SIG Lite questionnaire may present probably the most environment friendly technique of gauging inherent danger ranges to find out whether or not a follow-up analysis with a SIG Core questionnaire is required.
Step 3: Map to regulatory requirements
The SIG framework presents a pathway to compliance with varied requirements, corresponding to NIST, ISO 27001, GDPR, PCI DSS, and industry-specific tips corresponding to NIST SP 800-161r1 for provide chain danger and the NIST AI RMF for AI danger administration. To finally obtain SIG compliance, you’ll need to align your third-party danger administration practices to all relevant requirements primarily based on the findings of SIG questionnaires. Every vendor can have a singular third-party danger context that can must be thought of when strategizing alignment enhancements.
Step 4: Implement third-party danger administration controls
Implement sturdy danger administration controls throughout all relevant danger domains within the SIG framework. To make sure the continued effectiveness of those controls. Implement organizational insurance policies, procedures, and instruments to simplify the identification and administration of third-party dangers being mitigated by every management.
Step 5: Conduct common danger assessments
Commonly consider every vendor’s safety danger ranges with SIG questionnaires, making certain applicable variations are used primarily based on every vendor’s criticality degree. Crucial distributors might want to bear probably the most frequent SIG compliance assessments. To make this effort extra streamlined and scalable, implement a vendor tiering technique into your Third-Occasion Threat Administration program, the place distributors are grouped primarily based on the extent of danger they pose to the group. This can make it simpler to determine distributors prepared for a scheduled SIG compliance evaluation and permit applicable variations of SIG to be despatched to every vendor at scale.
Vendor tiering on the Cybersecurity platform.
Vendor Threat overview characteristic on the Cybersecurity platform indicating vendor distribution throughout three criticality tiers.Why it is best to think about using safety rankings alongside the SIG questionnaire
Safety rankings present danger administration and safety groups with the power to constantly monitor the safety posture of their distributors.
The good thing about safety rankings alongside safety questionnaires is they’re robotically generated, up to date continuously, and so they present a standard language for technical and non-technical stakeholders.
Safety rankings fill the assault floor gaps left by conventional point-in-time evaluation methods just like the SIG questionnaire to offer steady assault floor consciousness.
Safety rankings mixed with point-in-time assessments create real-time assault floor consciousness.
Safety rankings can complement and supply assurance of remediation efforts and the outcomes reported in safety questionnaires as a result of they’re externally verifiable, at all times up-to-date, and offered by an impartial group.
In accordance with Gartner, cybersecurity rankings will turn out to be as vital as credit score rankings when assessing the chance of current and new enterprise relationships.
Find out how Cybersecurity calculates its safety rankings >
Cybersecurity is without doubt one of the hottest safety rankings suppliers. We generate our rankings via proprietary algorithms that absorb and analyze trusted business and open-source risk feeds, and non-intrusive knowledge assortment strategies to quantitatively consider cyber danger.
Cybersecurity foundation its rankings on the evaluation of 70+ vectors, together with:
If you’re curious concerning the efficiency of different safety ranking providers, see our information on SecurityScorecard vs. BitSight right here.
How Cybersecurity can assist you handle your SIG Questionnaires
Cybersecurity streamlines your safety questionnaire workflows with options suited to an environment friendly Vendor Threat Administration program, together with the Shared Assessments’ SIG Lite Questionnaire.
The Cybersecurity platforms presents a SIG Lite questionnaire to assist customers align their Vendor Threat Administration practices towards the SIG framework. Cybersecurity helps you save time and assets by automating info gathering processes for danger assessments primarily based on the SIG framework, or different common cybersecurity and regulatory requirements. Combines Cybersecurity’s SIG questionniare with its safety rankings instruments for real-time monitoring of a vendor’s rising safety dangers.
Cybersecurity streamlines your safety questionnaire workflows with options suited to an environment friendly Vendor Threat Administration program, together with the Shared Assessments’ SIG Lite Questionnaire.
The Cybersecurity platform presents a SIG Lite questionnaire to assist customers align their Vendor Threat Administration practices towards the SIG framework. Cybersecurity helps you save time and assets by automating information-gathering processes for danger assessments primarily based on the SIG framework, or different common cybersecurity and regulatory requirements. Combines Cybersecurity’s SIG questionniare with its safety rankings instruments for real-time monitoring of a vendor’s rising safety dangers.
