Assessments and questionnaires are a key tool used by organizations to assess cybersecurity, IT, privacy, data security, and business resiliency risks from the third parties they partner. As the scope, breath, and impact of risks expands, it has become essential to leverage standardized tools to ensure holistic evaluation of third parties. The SIG holds high industry standards and incorporates best practices which help enterprises keep a watchful eye on emerging risks, as well as emerging regulations, guidelines, and standards for a wide range of industries.
The MetricStream and SIG – Shared Assessments Integrated Offering
The Standard Information Gathering (SIG) assessments of Shared Assessments packaged in the MetricStream Third-Party Management App helps evaluate the cybersecurity, IT, privacy, data security, and business resiliency in an information technology environment within the extended enterprise.
The SIG assessment packaged in the MetricStream Third-Party Management App evaluates 18 risk control areas, or “domains” within a third-party’s environment. Based on third-party risk and criticality, the complete SIG assessment or SIG-Lite can be initiated. The app enables third parties to directly respond to SIG questionnaires in the MetricStream App or upload pre-filled SIG questionnaires. The responses are analyzed further, and the scores are aggregated to arrive at the overall IT risk profile of the third-party.
The SIG assessments cover the following core areas essential to IT risk evaluation:
- Business Information
- SIG Lite
- Risk Assessment and Treatment
- Security Policy
- Organizational Security
- Asset and Information Management
- Human Resource Security
- Physical and Environmental Security
- Operations Management
- Access Control
- Application Security
- Incident Event and Communications Management
- Business Resiliency
- End User Device Security
- Network Security
Standardize risk evaluation throughout the third-party life-cycle with pre-packaged questionnaires for IT and security assessments.
Minimize third-party fatigue with the ability to upload pre-filled SIG questionnaire.
Enhance monitoring of risk metrics with the intuitive MetricStream dashboard.