The Standard Information Gathering (SIG) Questionnaire

The Standard Information Gathering (SIG) questionnaire is a standardised set of questions that are designed to help organisations collect information from their third-party vendors about their information security practices.

To achieve compliance with the SIG questionnaire, businesses typically follow a few key steps. These steps might include:

1. Identify third-party vendors that require a SIG questionnaire: Businesses should identify which vendors they need to collect information from and determine the level of risk associated with each vendor.

2. Customise the SIG questionnaire: Organisations should tailor the SIG questionnaire to their specific needs and requirements. This might involve adding or removing questions, or modifying the language to make it more understandable for the vendor.

3. Distribute the SIG questionnaire: Businesses should send the SIG questionnaire to their third-party vendors and request that they complete it within a specified timeframe.

4. Review and assess the responses: Organisations should review the responses from their vendors and assess the level of risk associated with each vendor. This might involve follow-up questions or additional due diligence.

5. Address any identified gaps: If any gaps or weaknesses are identified in a vendor's information security practices, the organization should work with the vendor to address these issues.

6. Monitor ongoing compliance: Organisations should continue to monitor their third-party vendors' compliance with the SIG questionnaire over time to ensure that they maintain an acceptable level of risk.