Whistic Upgrades to SIG 2021

November 24, 2020

2020 has brought unique risk challenges that have significantly shifted the focus of risk managers. New operational risks emerged with the pandemic, with major shifts to work from home security and service availability issues, vendor stability, and socioeconomic uncertainty. The 2021 Standardized Information Gathering (SIG) Questionnaire Tool responds to these challenges with expanded content and controls around resilience, privacy, data governance, data loss, and remote risk.

The SIG employs a holistic set of industry best practices for gathering and assessing 18 critical risk domains and corresponding controls, including information technology, cybersecurity, privacy, resiliency, and data security risks. These Tools serve as the “trust” component for outsourcers who wish to use industry-vetted questions to obtain succinct, scoped initial assessment information on a service provider’s controls. The SIG is also used proactively by service providers to reduce initial assessment duplication and assessment fatigue through proactively supplying their own pre-completed Response SIGs to outsourcers.

“We commend Whistic for its ongoing participation in our community of third-party risk practitioners working to create assurance in vendor relationships,” said Catherine A. Allen, Chairman & CEO, The Santa Fe Group. “By adopting and contributing to the Shared Assessments standard, Whistic is creating standard assessments that are reliable, relevant and efficient.”

You can read more about the different components of the 2021 SIG Toolkit here.


See your full security picture with Whistic. Automate your program, assess vendors easily, and start using security to your advantage. Learn more.

vendor security vendor risk management standards sig security assessments

About the author


The latest insights and updates on information security and third party risk management.

Hate security reviews?
Want FREE AirPods?*

Offer valid for any decision-maker/influencer in relation to your company’s third-party risk management strategy. Company size must exceed 100 employees. Exclusions apply. Limit 1 pair per company.