If I understand the question correctly, you are wondering about due diligence requirements for something like a subscription data service, where the provider has no access to your data or systems. If that is the case, you certainly can dial down the due diligence because the risk is relatively low. While SIG questionnaires are excellent for higher and more complex information security and privacy risks, they can be overkill when the risk is low. Because vendor risk questionnaires vary by organization, I can't recommend a specific assessment. If you create a specific assessment for this use case or are using an existing assessment, you should run it by your information security SME just to make sure all your bases are covered, and the applicable risks are considered.
I hope that answer helps, but I am always interested in hearing from other members.