CUSTOMER LOGIN
  • BLOG
  • CONTACT US
  • Products
    • TPRM by ThirdPartyTrust
    • Beacon by ThirdPartyTrust
  • Solutions
    • Risk Assessment Automation
    • Security Questionnaire Automation
    • Zero Day Remediation
    • Industries
      • Financial
      • Energy
      • Healthcare and Hospitals
      • Legal
      • Life Sciences
      • Manufacturing Industry
      • Retail
      • Technology
      • Other Industries
    • Integrations
  • Pricing
  • Resources
    • Blog
    • Strategy Guides
    • Case Studies
    • Data Sheets
    • Webinars
    • Dictionary
    • API
  • Company
    • About us
    • Careers
    • Partners
      • Partners Login
    • Product Security
    • Privacy Policy
REQUEST DEMO
  • Products
    • TPRM by ThirdPartyTrust
    • Beacon by ThirdPartyTrust
  • Solutions
    • Risk Assessment Automation
    • Security Questionnaire Automation
    • Zero Day Remediation
    • Industries
      • Financial
      • Energy
      • Healthcare and Hospitals
      • Legal
      • Life Sciences
      • Manufacturing Industry
      • Retail
      • Technology
      • Other Industries
    • Integrations
  • Pricing
  • Resources
    • Blog
    • Strategy Guides
    • Case Studies
    • Data Sheets
    • Webinars
    • Dictionary
    • API
  • Company
    • About us
    • Careers
    • Partners
      • Partners Login
    • Product Security
    • Privacy Policy
REQUEST DEMO
  • Products
    • TPRM by ThirdPartyTrust
    • Beacon by ThirdPartyTrust
  • Solutions
    • Risk Assessment Automation
    • Security Questionnaire Automation
    • Zero Day Remediation
    • Industries
      • Financial
      • Energy
      • Healthcare and Hospitals
      • Legal
      • Life Sciences
      • Manufacturing Industry
      • Retail
      • Technology
      • Other Industries
    • Integrations
  • Pricing
  • Resources
    • Blog
    • Strategy Guides
    • Case Studies
    • Data Sheets
    • Webinars
    • Dictionary
    • API
  • Company
    • About us
    • Careers
    • Partners
      • Partners Login
    • Product Security
    • Privacy Policy

Security Questionnaire Update: SIG 2022, CAIQ v4.0.1 & CIS Controls v8

Published by Sabrina Pagnotta on October 7, 2021
Categories
  • Blog
Tags
  • Product News
Check List Feature Image

A security questionnaire is a set of technical questions to assess an organization’s security and compliance posture. In the context of a third-party risk management (TPRM) program, questionnaires are a great tool to determine whether a third party vendor can be trusted with access to the network, and ultimately, whether to do business with them or not.

Your company is probably working with dozens or hundreds of third party vendors managing all kinds of outsourced processes. However, their access to your network can increase the risk of suffering a third-party data breach if not properly monitored. 

Requesting your vendors to respond to a security questionnaire is considered a cybersecurity best practice across most industries today. It essentially helps you collect the data you need for your vendor risk assessments. 

But how to begin using security questionnaires? You can either:

  • Use industry standard questionnaires created by a trusted entity
  • Use industry questionnaires as a model and tailor them based on your organization’s needs and use cases
  • Create your own custom questionnaire from scratch 

We’ve already compared the most common security questionnaires in another blog, such as SIG Core and Lite, CAIQ, and CIS Controls, to help you understand if and when you need them.

Read More: Security Questionnaires Comparison – A Guide to Refining Your Risk Assessments

Once you know which questionnaires you want to use in your third party risk assessments, you can integrate them into your overall TPRM program with a dedicated tool like ThirdPartyTrust.

Using Security Questionnaires in ThirdPartyTrust: Product Update

ThirdPartyTrust is a TPRM platform that automates the end-to-end vendor risk assessment and continuous monitoring process. It provides the ultimate risk dashboard to gain visibility over your supply chain and metrics to quantify risk. 

Our platform supports all of the most commonly used security questionnaires, so you can easily integrate them in your TPRM process. We have recently released the new versions of the following questionnaires in our platform.

Consensus Assessments Initiative Questionnaire (CAIQ)

The CAIQ provides a set of Yes/No questions for cloud service providers, such as Infrastructure as a Service (IaaS), Platform as a Service (PaaS), and Software as a Service (SaaS) offerings, to determine if their cloud practices are reliably secure.

WHAT’S NEW ABOUT THIS QUESTIONNAIRE? We have released its latest version, CAIQ v4.0.1. It has a reduced number of questions and alignment with CCM v4, which contains new additional controls and an improved language that favors the implementation and evaluation of the controls.

CIS Controls

The assessments formerly known as the SANS Critical Security Controls (SANS Top 20) and the CIS Critical Security Controls, were recently consolidated and are now officially called the CIS Controls. After a revision of terminology and grouping of safeguards, the number of controls was reduced from 20 to 18.

WHAT’S NEW ABOUT THIS QUESTIONNAIRE? We have its latest version, CIS Controls V8, including control renaming and consolidation.

Standardized Information Gathering Questionnaire (SIG Core & SIG Lite)

The SIG Questionnaire evaluates vendors based on 18 individual risk controls to define how they manage security risks. It is updated every year, reflecting new security and privacy challenges.

WHAT’S NEW ABOUT THIS QUESTIONNAIRE?

  • SIG Lite 2022 – Several renamed control areas, expanded terminology on subcontractors, and a reduction in question count from over 300 previously to just 150
  • SIG Core 2022 – Several renamed control areas, expanded terminology on subcontractors, new questions on IoT, authenticators, collaboration devices, incidence response, and a reduction in question count from around 1000 previously to just 825

Why You Need Security Questionnaires In Your Vendor Risk Assessments

The ThirdPartyTrust TPRM platform allows you to set up all these questionnaires and more as part of your vendor risk assessment lifecycle, both for due diligence and as part of your continuous monitoring.

Making sure third party vendors are not exposing your organization to unnecessary risks requires constant reassessments. This also helps you ensure your vendors are in compliance with agreed security standards.

The answers to these questionnaires can be combined with security scores and other risk assessment outcomes to gain control and increased visibility into the health of your vendor ecosystem. Thus protecting your organization at all fronts.

Are you ready to automate your TPRM Lifecycle and reduce third party risk?
Talk to an Expert
making tprm easier

Requesting and responding to risk assessments should not be a killer

Rising regulatory pressure is coupled by increasing third party risks. As a result, enterprises and third parties are taking greater measures to assess and manage risk across their supply chain.

This strategy guide explains how to make third party risk management easier, solving security and compliance problems for both sides of the equation.

Get the Guide
Sabrina Pagnotta
Sabrina Pagnotta
Sr. Content Strategist
  • Phone
    -------------------+18476966236
  • Address
    -------------------
    1842 W. Irving Park Rd, #401, Chicago, IL 60613
  • Sales
    -------------------sales@thirdpartytrust.com
  • Marketing
    -------------------marketing@thirdpartytrust.com
  • Support
    -------------------support@thirdpartytrust.com

Contact us

Follow us!

LinkedIn
Twitter
YouTube
Facebook

Laika_SOC2_TypeI_PurpleIris

Copyright © ThirdPartyTrust 2022 | 1842 W. Irving Park Rd, #401, Chicago, IL 60613
  • BLOG
  • PARTNERS LOGIN
  • CONTACT US
Request Demo
  • BLOG
  • CONTACT US
We use cookies on our website to give you the most relevant experience by remembering your preferences and repeat visits. By clicking “Accept All”, you consent to the use of ALL the cookies. However, you may visit "Cookie Settings" to provide a controlled consent.
Cookie SettingsAccept All
Manage consent

Privacy Overview

This website uses cookies to improve your experience while you navigate through the website. Out of these, the cookies that are categorized as necessary are stored on your browser as they are essential for the working of basic functionalities of the website. We also use third-party cookies that help us analyze and understand how you use this website. These cookies will be stored in your browser only with your consent. You also have the option to opt-out of these cookies. But opting out of some of these cookies may affect your browsing experience.
Necessary
Always Enabled
Necessary cookies are absolutely essential for the website to function properly. These cookies ensure basic functionalities and security features of the website, anonymously.
CookieDurationDescription
cookielawinfo-checkbox-analytics11 monthsThis cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Analytics".
cookielawinfo-checkbox-functional11 monthsThe cookie is set by GDPR cookie consent to record the user consent for the cookies in the category "Functional".
cookielawinfo-checkbox-necessary11 monthsThis cookie is set by GDPR Cookie Consent plugin. The cookies is used to store the user consent for the cookies in the category "Necessary".
cookielawinfo-checkbox-others11 monthsThis cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Other.
cookielawinfo-checkbox-performance11 monthsThis cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Performance".
viewed_cookie_policy11 monthsThe cookie is set by the GDPR Cookie Consent plugin and is used to store whether or not user has consented to the use of cookies. It does not store any personal data.
Functional
Functional cookies help to perform certain functionalities like sharing the content of the website on social media platforms, collect feedbacks, and other third-party features.
Performance
Performance cookies are used to understand and analyze the key performance indexes of the website which helps in delivering a better user experience for the visitors.
Analytics
Analytical cookies are used to understand how visitors interact with the website. These cookies help provide information on metrics the number of visitors, bounce rate, traffic source, etc.
Advertisement
Advertisement cookies are used to provide visitors with relevant ads and marketing campaigns. These cookies track visitors across websites and collect information to provide customized ads.
Others
Other uncategorized cookies are those that are being analyzed and have not been classified into a category as yet.
SAVE & ACCEPT