Good Afternoon,
My company is in the process of rolling out our TPRM program. The SIG Lite questionnaire is utilized here to send to our vendors. Being an insurance company, we have numerous law firms we have as third-parties, and we also consider our independent agents as third-parties.
Since both of these third-parties will have our customer data we will need to send them risk assessments. We do not want to send them the entire SIG Lite questionnaire due to the fact that they will not be able to answer all of the questions, and most questions not be applicable to them.
I am interested to know what companies, especially in the insurance or financial services industry, are using in place of the SIG Lite questionnaire to send to third-parties that are smaller in size and doesn't have a dedicated security team. I've heard that some companies use a smaller, more focused questionnaire that have 50-60 questions. Any and all input will be greatly appreciated.