Stop spending days on
SIG Lite questionnaires.
The Shared Assessments SIG Lite has 175+ questions covering 19 risk domains. Attestly drafts accurate responses to every question in minutes — using your own approved security answers as the source.
What is the SIG Lite?
The Standardized Information Gathering (SIG) Lite questionnaire is published by Shared Assessments and is one of the most widely used vendor risk assessment frameworks in the enterprise. It covers 19 risk domains including:
- Access Control (A)
- Application Security (B)
- Cloud Hosting Services (C)
- Compliance Management (D)
- Data Integrity (E)
- Endpoint Security (F)
- Human Resources Security (G)
- Incident Event & Communications Management (H)
- Network Security (I)
- Operational Resilience (J)
- Privacy Management (K)
- Risk Management (L)
- Security Policy (M)
- Third-Party Management (N)
- Threat Management (O)
- Server Security (P)
- Configuration & Change Management (Q)
- Physical & Environmental Security (Z)
Most B2B SaaS companies receive SIG Lite questionnaires from financial services, healthcare, and enterprise customers. Each one takes 2–5 days to complete manually.
How Attestly handles SIG Lite
Build your answer library once
Add your approved security answers to Attestly — your encryption standards, access control policies, incident response procedures, etc. Takes about an hour the first time.
Paste or import the SIG Lite questions
When a customer sends you a SIG Lite, paste the questions into Attestly. It automatically splits them into individual questions and matches each one to your library.
AI drafts every answer
Attestly's AI drafts a response to each question using your approved answers as the source. Each draft includes a confidence score and cites the exact library entries it used.
Review and send
Review the drafted responses, make any adjustments, and export. The whole process takes minutes instead of days.