The Standardized Information Gathering (SIG) is a questionnaire created by Shared Assessments to evaluate a service provider’s risk controls. This assessment collects information and data to assess these security risks across 18 risk control areas, or domains. The SIG is used in several ways, including by organizations who outsource part of their service to a third party, which allows the organization to assess their risk controls. The SIG is also frequently used in a proactive way as part of an RFP (request for proposal). It can also be used as a standard for capturing a picture of a provider’s security controls instead of using proprietary questionnaires. It can also be an organizational tool for self-assessment of security posture.
Would you like to learn more about how Rsam automates Shared Assessments controls? Get a Governance, Risk and Compliance (GRC) demonstration of Rsam.