Panorays has announced its integration of 2024 SIG questionnaires into its TPRM platform. The new integration helps Panorays strengthen its ability to deliver accurate vendor risk assessments and reduce third-party risk with contextual cyber management.
What are SIG and Shared Assessments?
SIG, or the Standardized Information Gathering Questionnaire, is one of the most widely used questionnaires to assess third-party risk. Designed primarily for vendors in industries that are highly regulated or those that deal with data privacy, the SIG Core questionnaire includes 855 questions and covers 19 risk controls.
Shared Assessments is a member-driven nonprofit group that uses the collective experience of its members to continually update its SIG questionnaire library. Its library is an excellent source for third-party risk managers.
What’s Included with the SIG Updates?
SIG 2024 adds 11 new mappings to regulations and standards and has been reorganized for greater clarity and simpler deployment.
This includes two key control domains:
- Supply chain risk management
- Artificial intelligence
Both these control domains address crucial needs for third-party risk managers today, including better integration with multiple compliance frameworks (especially those dealing with AI) and a focus on emerging risks.
Benefits of SIG Questionnaire Integration with Panorays
The SIG integration helps organizations ensure compliance with the latest industry best practices, regulations, and standards while also addressing complex and evolving threats in the industry. Having SIG certification also helps vendors build greater trust and credibility in their brand while enhancing Panorays competitive advantage as a third-party cyber risk management platform.
Additional benefits of the integration include:
- Customized SIG-based questionnaire based on your specific requirements. The new integration lets you leverage specific SIG mapping needed for frameworks, standards, and regulations so that you only use the questionnaires required.
- Mapping to an extensive list of material risk areas. Each of these material risk areas can be linked easily to the inherent risk questionnaire. This out-of-the-box support for a pre-configured material-risk model allows customers to leverage the power of SIG efficiently, with a very short implementation cycle, scoping each questionnaire for the specific material risks that a given third-party relationship exposes them to. These new material risk areas include data protection, access to the network, access to physical facilities, and personal and financial data protection.
- Third-party SIG upload. Once suppliers complete a SIG questionnaire, they can upload it (as well as older SIG versions) and map the responses to our client’s Panorays SIG questionnaire template. For all intents and purposes, the questionnaire is completed automatically.
- Third-party friendly questionnaire experience. Panorays’ supplier portal is extremely user-friendly, easing the questionnaire completion process. It even enables a supplier to ask the customer questions about the questionnaire securely and in context.
- Reviewer-friendly response validation. Panorays’ AI “Question Validation” maps supplier documents to questionnaire responses, so the reviewer sees whether or not a “Yes” is supported by policy, procedure, attestation, and certification documents provided. Also, the Panorays SIG is mapped to Panorays cyber posture tests (Panorays “Correlated Insights”). Taken together, these speed up the questionnaire review and make it much easier to accurately determine supplier cyber control effectiveness.
The list of material risk areas is what customizes these questionnaires automatically, according to the inherent risk picture developed on the Add Supplier page. It does this by leveraging the “Relationships” feature of the product, a key advantage for Panorays, as it makes it possible for a customer to send a questionnaire “scoped” on the fly for the specific risks that a given third-party relationship presents, rather than using the same monolithic questionnaire template for all suppliers.
Before a customer even needs to use the SIG in the Panorays platform, however, the CSMs have configured a custom SIG for each client, according to each customer’s business needs.
SIG Questionnaires Enhance Panorays’ TPRM Platform
The tight technical integration of SIG 2024 questionnaires into the Panorays platform enables Panorays to continue to deliver the most comprehensive vendor risk assessments, with a dynamic risk score that reflects the evolving and dynamic business context of each vendor. With its out-of-the-box support for material risk-driven questionnaire scoping and support for custom SIGs that align directly with customer requirements, it offers customers automated third-party cyber risk management that is hassle-free and a user-friendly experience for both customer and supplier alike.
Want to learn more about how Panorays can help you manage third-party risk? Get a demo today!