A vendor security questionnaire is only useful if the answers turn into a decision. Covenant ships SIG Lite, CAIQ Lite, a HIPAA attestation, and an SMB Lite questionnaire — and weights every risky answer into an explainable vendor score automatically.
The Shared Assessments SIG Lite shape across all nine risk domains, with conditional follow-ups that only appear when a parent answer warrants them.
The Cloud Security Alliance CAIQ Lite for cloud and SaaS vendors, mapped to the Cloud Controls Matrix domains.
A focused HIPAA attestation with CFR citations, for vendors that create, receive, maintain, or transmit PHI.
A short, plain-language questionnaire for the small vendor who has never seen a SIG — high signal, low burden.
Build your own questionnaire with weighted answers and conditional logic on paid tiers.
Questions reveal follow-ups based on prior answers, and hidden questions never count against the score — so denominators stay honest.
Each risky answer carries a weight and itemizes into the composite score — no manual tallying, no guesswork.
Answers like "no MFA" or "no encryption at rest" surface as named flags you can route to remediation.
Change one answer and the score moves by an amount you can see and explain — the opposite of an opaque letter grade.
SIG, CAIQ, HIPAA, and SMB Lite included on the free tier for up to 10 vendors.
Start free →