This message was posted by a user wishing to remain anonymous
We're moving to a new TPRM tool and taking the time to adjust our risk questionnaire. We prefer if a third-party provides SOC 2 Type II or ISO 27001, but for those who do not have either, we're curious how many organizations receive self assessments such as SIG or CAIQ and rely on those responses.