SIG (Standardized Information Gathering)
The SIG (Standardized Information Gathering) questionnaire is a standardized third-party risk assessment maintained by Shared Assessments. It provides a common library of questions across security, privacy, and resilience domains, and ships in scoped variants (such as SIG Core and SIG Lite) so assessors can right-size the depth of a vendor review.
Synonyms: SIG questionnaire, Standardized Information Gathering questionnaire, Shared Assessments SIG
The SIG (Standardized Information Gathering) questionnaire is a widely adopted, standardized way for organizations to assess a vendor’s controls across domains such as access management, data protection, privacy, incident response, and operational resilience. Because it draws on a shared question library maintained by Shared Assessments, it reduces the variation between one customer’s questionnaire and the next.
For the vendor answering it, the SIG’s standardization is the opportunity: answers to SIG questions can be maintained once, cited to source evidence, and reused across variants (SIG Lite for a lighter pass, SIG Core for depth) and across customers — provided each answer is kept current and reviewed by an owner rather than copy-pasted from a stale file.