The MFQ is a single, streamlined questionnaire that merges the two most globally utilized cybersecurity frameworks—ISO 27001:2022 and NIST 2.0—into one comprehensive assessment tool.

DORA is an EU regulation consisting of five key pillars that set out requirements for finance entities to withstand, respond to, and recover from ICT-related threats.

Designed to assess compliance with APRA's CPS 230 standard, this questionnaire covers operational risk management, business continuity, and service provider arrangements for APRA-regulated entities.

Designed to streamline compliance with India's new Digital Personal Data Protection (DPDP) Act, this questionnaire is essential for organizations handling personal data in the Indian market.

SIG Core provides comprehensive insights into third-party security, fulfilling the needs of most risk assessments aligned with industry standards.

The SIG Lite was created by Shared Assessments and contains a set of 128 risk control questions designed to help organizations standardize the assessment of third-party vendors.

Assesses an organization's security posture against the ISO 27001 standard with risks mapped against ISO 27001 domains. It is also suitable for the assessment of APRA CPS 234 requirements.

Provides a comprehensive assessment of an organization's security posture, from their policy framework right down to their technical controls. It comprises four sections: Security and Privacy Programs, Physical and Data Center, Infrastructure, and Web Applications.

Assesses the vendor risk of higher education institutions, to ensure all cloud services utilised are appropriately assessed for security and privacy needs.

The Health Insurance Portability and Accountability Act (HIPAA) questionnaire determines if vendors with access to Protected Health Information (PHI) align with the United States HIPAA standard. HIPAA compliance is regulated by the Department of Health and Human Services (HHS) and enforced by the Office for Civil Rights (OCR).

A condensed version of the CyberRisk Questionnaire, designed to be sent to smaller organizations. It focuses on the information security risks smaller organizations are typically exposed to, such as their backup process and email security concerns, while avoiding areas where small organizations are typically less mature (such as their information security policy framework).

Designed to help you assess your vendors that may use SolarWinds.

Assesses an organization's security posture against the NIST Cybersecurity Framework.

Discovers third-party vendors that are using software or cloud services impacted by the Log4j vulnerability, either directly or via supply chains.

To help determine if you or your vendors were exposed to the sophisticated supply chain ransomware attack that affected Kaseya.

Focuses solely on an organization's security and privacy program.

Focuses solely on an organization's web application security controls.

Assess an organization's adherence to the twelve requirements of PCI DSS.

Designed to identify modern slavery risks, address identified risks, and highlight areas requiring further due diligence. 

Designed to help you assess the impact of any current or future pandemics.

Focuses solely on an organization's infrastructure security controls.

Assesses compliance against the requirements of the Essential Eight framework, as determined by the Australian Signals Directorate (ASD).

Focuses solely on an organization's physical and data center security controls.

Assesses whether a vendor is compliant with the personal information disclosure requirements outlined in CCPA.

Assesses compliance against the Control Objectives for Information and Related Technologies Framework created by ISACA.

Assesses compliance against the ISA 62443-2-1:2009 standard for industrial automation and control systems.

Assesses compliance against technical control system requirements associated with the seven foundational requirements (FRs) described in IEC 62443-1-1.

Assesses compliance with the personal information disclosure requirements outlined in the European Union's General Data Protection Regulation (GPDR).

Assesses compliance against the best practice guidelines for cybersecurity outlined in 20 CIS Controls.

Assesses compliance against the security and privacy controls required for all U.S. federal information systems except those related to national security.

To better understand the impact of vendor breaches on your organization and assist with remediation efforts. This questionnaire is designed to be sent to a vendor to assess any data exposure arising from a breach and its impact on related stakeholders.