What is a standardized information gathering (SIG) questionnaire?
The Standardized Information Gathering questionnaire is a set of questions compiled to understand how different organizations manage information technology and data security risks. More often, the SIG questionnaire addresses risk control areas comprising 16 different risk areas.
It is a general practice to review the robust set of questions included in the standardized information gathering questionnaire on an annual basis. If there happens to be any updates and revisions, then it is done in the review. The review strictly follows the reference industry standards such as FFIEC, ISO, COBIT, and PCI. In addition to that, new risk areas are added to the SIG questionnaire regularly. Mobile device security and cloud service are some of the recent additions.
SIG Survey - The new normal
Standardized information gathering questionnaire is an effective way to collect information from a large number of audiences. Therefore, an SIG survey was conducted targeting a very large set of samples. The different analytical were used to determine the validity, reliability, and statistical significance of the SIG questionnaire data.
For many organizations, surveys are one of the most crucial sources of collecting a wide range of information. Therefore, using the Standardized information gathering questionnaire to study attributes, attitudes, values, beliefs, and past behavior is not new to the organizations. Moreover, SIG surveys are considered to be a standardized method that is free of errors. Hence, a SIG survey is preferred by many organizations and researchers as the primary and trusted data collection method.
Using an online survey tool as a SIG tool for data collection activities is a common practice among modern organizations. The majority of organizations are well acquainted with using the online survey tool and have been creating surveys on the go. SIG questionnaires are similar to other surveys that can be created using survey software.
SIG surveys are straightforward and very simple to create. Hence, an increasing number of organizations are using online SIG tool to create, distribute, and manage the standardized information gathering questionnaire. The SIG survey asks, records, confides and analyzes questions of interest to the researchers.
Sections covered by the SIG questionnaire
- Risk Management
- Security Policy
- Organizational Security
- Asset Management
- HR Security
- Physical and Environmental Security
- Communications and Operations Management
- Access Control
- Incident Event and Communications Management
- Business Continuity and Disaster Recovery
- Cloud Computing
- Additional Questions
Why do you need a standardized information gathering questionnaire?
As a business entity, you are already aware of how important yet complicated it is to perform a third-party vendor risk assessment. Especially when it comes to selecting the precise questionnaire for each vendor, and that too, when multiple options are available.
You need a decent SIG program providing a holistic approach to create a vendor security assessment questionnaire. A questionnaire that is capable enough to evaluate risk management across cybersecurity, IT Privacy, Data Security, and business resilience in an updated IT environment. With an updated standardized information gathering questionnaire, an organization can evaluate vendors by gathering pertinent information. The collected information determines how security risks are managed across a spectrum of different risk control areas or domains within a vendor's environment.
The online survey tool offers the much-needed flexibility to create a customized SIG questionnaire for each vendor. Additionally, the tool provides you the liberty to re-use an already existing questionnaire or utilize the top vendor SIG questionnaire created by the top organizations.
Remember, the standardized information gathering questionnaire has to be updated every year. The updated questionnaire must encompass new industry standards comprising of the changing cybersecurity landscape.
Create a standardized information gathering questionnaire using a SIG tool
By utilizing an SIG tool, performing a third-party vendor risk assessment becomes easier. The advanced features and functionality of the tool save time usually wasted in developing the questionnaire. Every SIG tool out there usually follows all the industry standards and complies with all the major data security laws, including the GDPR. Hence, you do not have to worry about compliance or other issues.
The significant benefit of using a SIG tool is the ability to save the stanrdized information gathering questionnaire as a template. If that is not enough, then you can create your own question library by saving independent questions. Use the question library or particular questions in it as many times as you want for conducting a third-party vendor risk assessment. Creating, managing, and using the question library feature saves your precious time in creating a SIG questionnaire from scratch.
The in-built analytics tool is powerful enough to carry out real-time analysis. Real-time analysis is always beneficial for you as well as for the vendor you are assessing. Therefore, whether you want to send the SIG questionnaire to the cloud vendors or the hosting agencies, the holistic SIG platform ensures that not even the slightest security issue slips through the crack.
QuestionPro does offer a seamless experience in creating and managing the standardized information gathering questionnaire. The flexibility it provides to create a SIG questionnaire around any vertical using different types of questions available in the tool is simply unmatched.
Standardized information gathering questionnaire is used for
- Evaluating risk controls for their service providers - carried out by outsourcer
- As a part of the Request for Proposal (RFP) response - carried out by the service provider
- Evaluating client(s) in lieu of completing one or multiple proprietor questionnaire - Completed by a service provider
- Self-assessment - used by organizations