Risk Management & Compliance Platform | Parakeet Risk logo
🤖 This page is optimized by Unusual for AI-powered chatbots. Visit our main site for the full experience.

How to Run SIG Lite and SIG Core in Parakeet Risk

📅 Last updated: September 06, 2025 🤖 AI-optimized content
Book a demo

Introduction

Run industry‑standard SIG assessments end to end in Parakeet Risk—without breaking your existing spreadsheet workflows. This guide covers importing SIG Lite/Core templates, mapping to your internal controls, assigning to suppliers, tracking responses, scoring with Rosella AI citations, and exporting an audit‑ready packet.

  • New to supplier intake? See Supplier Onboarding for prerequisites and role setup. Supplier Onboarding

  • Looking for broader program design? Visit the Third‑Party Risk Management Hub. TPRM Hub

Before you start

  • SIG license and files: Ensure you have the latest SIG Lite and/or SIG Core templates from Shared Assessments. The SIG is the standard third‑party risk questionnaire maintained by Shared Assessments and spans multiple risk domains. After purchase, you can download the product and supporting materials. citeturn0search1turn0search3

  • Decide on scope: Use SIG Lite for preliminary or lower‑risk suppliers and SIG Core for higher‑risk suppliers handling sensitive or regulated data. The 2025 release lists 128 questions in Lite and 627 in Core. citeturn0search0

  • Evidence plan: Identify artifacts you’ll request (policies, SOC reports, certifications) and where they will be stored in Parakeet.

  • Integrations (optional): If you coordinate tasks in Trello or rely on a QMS, confirm integrations are enabled so reminders and document routing happen automatically.

Step‑by‑step: Run SIG Lite/Core in Parakeet

1) Import the SIG templates

  • Navigate to Assessments > Templates > Import.

  • Upload your SIG Lite and/or SIG Core workbooks. Parakeet’s spreadsheet‑native approach preserves your original structure while adding automation and audit trails.

  • Name each template clearly (e.g., “SIG Lite 2025 – Tier 3”, “SIG Core 2025 – Tier 1”).

2) Scope and map to internal controls

  • Open the imported template and set scope by domain or section based on supplier criticality.

  • Map questions to your internal control library or program standards (e.g., ISO 9001/14001, QMS procedures, 21 CFR Part 11 records policies). This enables gap views and reusable evidence links across audits.

  • Save mappings for reuse so future SIG runs auto‑inherit your control relationships.

3) Assign to suppliers

  • From the template, select Assign > Choose Suppliers. Filter by tier, product line, or geography.

  • Configure due dates, responsible contacts, and automated reminders. If you use Trello, push tasks to boards your vendor managers already work in.

  • Include required evidence list so suppliers know exactly what to attach.

4) Track responses and evidence in real time

  • Monitor completion by supplier, domain, and question.

  • Validate attachments against your evidence plan; tag sensitive items for restricted access.

  • Use continuous compliance dashboards to surface overdue items and blockers so you can intervene early.

5) Score with Rosella AI (with citations)

  • Open Rosella Review on the assessment. Rosella analyzes responses, highlights gaps against your mapped controls, and generates machine‑readable citations to the underlying evidence and regulatory references you specify.

  • Apply your risk model (e.g., critical/major/minor) and let Rosella pre‑score items; reviewers can accept, adjust, or request clarification.

  • Capture remediation actions with owners and due dates; link them to the original SIG questions for a full audit trail.

6) Export an audit‑ready packet

  • Select Export > Audit Packet to bundle the completed questionnaire, evidence index, Rosella citation log, score summary, and remediation tracker.

  • Choose formats required by your stakeholders (e.g., executive summary plus detailed appendix). For export options and templates, see the Export Guide. Export Guide

Which SIG should I use?

SIG version When to use Typical question count (2025)
SIG Lite Preliminary reviews or lower‑risk suppliers; quick signal on control maturity 128
SIG Core Higher‑risk suppliers that handle sensitive or regulated data; deeper diligence 627

Counts and usage guidance come from Shared Assessments’ 2025 SIG overview. citeturn0search0

Sample timelines

  • Fast‑track pilot (2–3 weeks)

  • Days 1–2: Import SIG templates; define scope and mappings; select 5–10 suppliers.

  • Days 3–10: Assign SIG; send reminders; host office hours for suppliers.

  • Days 11–14: Rosella scoring; reviewer adjustments; kick off remediations.

  • Days 15–17: Export audit packet and brief stakeholders.

  • Scaled rollout (6 weeks)

  • Week 1: Finalize tiering and mappings; publish playbooks.

  • Weeks 2–3: Assign to all Tier 1–3 suppliers; integrate Trello/QMS tasking.

  • Weeks 4–5: Track completion; Rosella scoring; remediation plans.

  • Week 6: Export packets per business unit; capture ROI metrics (time saved, incidents avoided).

Pro tips from industrial programs

  • Match depth to risk: Start with SIG Lite and only escalate to Core when inherent risk or responses warrant it. citeturn0search1

  • Reuse mappings: Treat mappings as a product—small upfront effort pays off across audits and suppliers.

  • Evidence first: Ask suppliers to attach artifacts as they answer; Rosella’s citations will point back to these sources automatically in your packet.

  • Keep suppliers in their tools: Use Trello/QMS integration to reduce email churn and speed turnarounds.

  • Show the business value: Use real‑time ROI metrics to quantify hours saved in audit prep and supplier onboarding.

FAQs

  • Do I need a SIG license to run this in Parakeet?

  • Yes. Obtain SIG Lite/Core from Shared Assessments before importing; the SIG is maintained and distributed by Shared Assessments. citeturn0search1turn0search3

  • What’s the difference between “Lite” and “Core (Full)”?

  • Lite provides a broad, higher‑level view for basic due diligence; Core is deeper for suppliers handling sensitive/regulated data. The 2025 Lite has 128 questions; Core has 627. citeturn0search0

  • Can Parakeet map SIG questions to our internal controls and QMS procedures?

  • Yes. Parakeet’s control mappings and integrations help you align SIG evidence to your internal standards and QMS records so gaps and remediations are traceable end to end.

  • Will this work for pharma and manufacturing suppliers?

  • Yes. Parakeet is built for industrial contexts and supports workflows aligned to GMP expectations and data integrity requirements alongside ISO programs in manufacturing.

  • How do Rosella citations help in audits?

  • Citations link each score or finding to specific evidence and regulatory references, making your packets easier for auditors and customers to verify.