← Glossary·Risk

SIG Questionnaire

Also known as: Standardised Information Gathering
SOC 2ISO 27001

Shared Assessments' standardised vendor security questionnaire (Core, Lite, custom).

The Standardised Information Gathering (SIG) questionnaire, published by Shared Assessments, is one of the two dominant vendor security questionnaires. SIG Core covers ~1,800 controls; SIG Lite covers ~330. CAIQ is the cloud-specific alternative.

Why it matters
Sales cycles regularly stall on questionnaire completion. Maintaining a pre-completed SIG Lite (refreshed annually) cuts response time from weeks to days.

Related terms

CAIQ
Cloud Security Alliance's standardised cloud-provider security questionnaire (aligned to CCM).
Vendor / Third-Party Risk Management (TPRM)
Process for assessing, monitoring, and contracting security risk introduced by third parties.
Trust Page / Trust Center
Customer-facing page publishing security posture, compliance reports, sub-processors, status, and policies.

Does your program actually cover SIG Questionnaire?

Run a free ComplianceIQ audit against SOC 2 and we'll surface every gap on this — and the other controls auditors flag — with the exact clause references to fix.

Free SOC 2 auditBack to glossary