Vendor Risk Manager

Prevalent Vendor Risk Manager® (VRM) allows organizations to effectively manage and monitor risks posed by third and fourth-party vendors. The solution automates the collection of third-party information in a secure and scalable manner, helping better understand and manage the risks of your data supply chain.

Download the Prevalent Vendor Risk Manager® Data Sheet to learn more.

  • Overview

  • Features

  • Integrations

  • Shared Assessments

  • Architecture

  • Framework

Prevalent Vendor Risk Manager® (VRM) takes the guesswork out of vendor assessment by creating a standard tiering structure within your organization, a standardized assessment workflow, Shared Assessments content, evidence collection, risk scoring, and reporting. The solution manages each vendor independently, offering you the ability to understand the impact of doing business with a particular vendor. Additionally, the solution can offer an aggregated view to understand vendor risk by tier or across all vendors.


Prevalent Vendor Risk Manager

Prevalent Vendor Risk Manager®

Create and evaluate vendors based on tiers determined by their importance or potential risk to the organization.



Features and Benefits

  • Organizes relevant vendor risk information in a single location.
  • Tiers vendors based on data risk and organizational importance.
  • Leverages Shared Assessments content for controls based assessment.
  • Evaluates risk across multiple evidence sources.
  • Creates risk scoring per vendor against your standard.
  • Schedules regular vendor risk evaluations based on your requirements.
  • Single point of access for third parties via Prevalent VRM Relationship Gateway.
  • Easy to use wizards for creating new vendors and relationships.
  • Leverages Variable Scoping to assess vendors, software, and/or services type within a single assessment.
  • DirectLink or manual upload of application security reports offers vendors options based on their application security program.

Key Features

  • Prevalent Vendor Threat Monitor Support™
  • Updated Shared Assessments SIG 2015 content
  • Risk Scoring Enhancements: View and weight by risk area



Integrate Technical Monitoring

Trust, but verify your vendor’s security controls using their security technologies with Prevalent VRM Technical Monitoring integrations. Using a secure integration model developed by Prevalent, your vendors can now directly provide evidence into your assessments from the security technologies they use to secure your data.

Integrate VRM with Your Current GRC System

Prevalent VRM offers an open architecture to allow you to integrate your organization’s GRC system with VRM to include both information from your GRC as well as push completed third-party assessment and risk information.

The following standard integrations are supported by Prevalent Vendor Risk Manager®.  In addition, VRM features a full API for any other integrations that might be required.



Veracode has become the de facto standard for third-party application scanning due to its extensive software vulnerability and flaw library as well as its patented, static analysis requiring only vendor binaries, not source code. Prevalent Vendor Risk Manager® 2.5 with Veracode DirectLink allows application providers using Veracode to upload Veracode scan results directly from the Prevalent VRM Relationship Gateway.



Prevalent Vendor Risk Manager® integrates with Symantec CCS, offering direct evidence collection from CCS Response Assessment Manager (RAM) as well as Symantec Policy Manager. Additionally, the solution offers advanced compliance reporting, dashboarding, and analytics. The integration enables companies that utilize CCS to keep compliance information in a single place and leverage existing investments. For clients that do not currently utilize CCS, the integration offers a view into the power of the overall solution for other compliance automation requirements.



Netskope™ is the leader in cloud app analytics and policy enforcement.   Prevalent Vendor Risk Manager® 3.0 integrates with Netskope to enable organizations to identify and quantify risk for all of the cloud and SaaS-based applications in play across their enterprise.



HP Fortify on Demand provides a flexible application security testing platform for cloud based application security testing, open source analysis, and vendor application security management.  Prevalent Vendor Risk  Manager® with HP FoD DirectLink allows applications providers using HP Fortify on Demand to upload scan results directly from the Prevalent VRM Relationship Gateway.

Shared Assessments logo

Standardize Content with Shared Assessments

Prevalent has licensed Shared Assessments for use by Prevalent clients within Prevalent Vendor Risk Manager ®. The Shared Assessments Program was created by leading financial institutions, the Big Four accounting firms, and key service providers to inject standardization, consistency, speed, efficiency and cost savings into the service provider assessment process.

The Prevalent Vendor Risk Manager® Relationship Gateway is the single point of access for third-party evidence collection. It also offers the following features:

  • Ability for third parties to manage their own key contacts and role assignments.
  • See evidence requests and their status in a single location.
  • Ability for third-party providers to route evidence requests to the appropriate people within the vendor organization.
  • Manage multiple relationships and assessments a single organization may be involved in.
  • Completely separated from the VRM Console for enhanced security and data control.



Prevalent Vendor Risk Manager®


Whether you would like Prevalent to host and manage your entire compliance environment, a portion of it, or just leverage our expertise, Prevalent Vendor Risk Manager® (VRM) can be customized to meet your specific needs. Utilize our core competencies so you can focus on yours.