Prevalent Vendor Risk Manager® (VRM) takes the guesswork out of vendor assessment by creating a standard tiering structure within your organization, a standardized assessment workflow, Shared Assessments content, evidence collection, risk scoring, and reporting. The solution manages each vendor independently, offering you the ability to understand the impact of doing business with a particular vendor. Additionally, the solution can offer an aggregated view to understand vendor risk by tier or across all vendors.
Prevalent Vendor Risk Manager®
Create and evaluate vendors based on tiers determined by their importance or potential risk to the organization.
Integrate Technical Monitoring
Trust, but verify your vendor’s security controls using their security technologies with Prevalent VRM Technical Monitoring integrations. Using a secure integration model developed by Prevalent, your vendors can now directly provide evidence into your assessments from the security technologies they use to secure your data.
Integrate VRM with Your Current GRC System
Prevalent VRM offers an open architecture to allow you to integrate your organization’s GRC system with VRM to include both information from your GRC as well as push completed third-party assessment and risk information.
The following standard integrations are supported by Prevalent Vendor Risk Manager®. In addition, VRM features a full API for any other integrations that might be required.
Veracode has become the de facto standard for third-party application scanning due to its extensive software vulnerability and flaw library as well as its patented, static analysis requiring only vendor binaries, not source code. Prevalent Vendor Risk Manager® 2.5 with Veracode DirectLink allows application providers using Veracode to upload Veracode scan results directly from the Prevalent VRM Relationship Gateway.
Prevalent Vendor Risk Manager® integrates with Symantec CCS, offering direct evidence collection from CCS Response Assessment Manager (RAM) as well as Symantec Policy Manager. Additionally, the solution offers advanced compliance reporting, dashboarding, and analytics. The integration enables companies that utilize CCS to keep compliance information in a single place and leverage existing investments. For clients that do not currently utilize CCS, the integration offers a view into the power of the overall solution for other compliance automation requirements.
Netskope™ is the leader in cloud app analytics and policy enforcement. Prevalent Vendor Risk Manager® 3.0 integrates with Netskope to enable organizations to identify and quantify risk for all of the cloud and SaaS-based applications in play across their enterprise.
HP Fortify on Demand provides a flexible application security testing platform for cloud based application security testing, open source analysis, and vendor application security management. Prevalent Vendor Risk Manager® with HP FoD DirectLink allows applications providers using HP Fortify on Demand to upload scan results directly from the Prevalent VRM Relationship Gateway.
Standardize Content with Shared Assessments
Prevalent has licensed Shared Assessments for use by Prevalent clients within Prevalent Vendor Risk Manager ®. The Shared Assessments Program was created by leading financial institutions, the Big Four accounting firms, and key service providers to inject standardization, consistency, speed, efficiency and cost savings into the service provider assessment process.
The Prevalent Vendor Risk Manager® Relationship Gateway is the single point of access for third-party evidence collection. It also offers the following features:
- Ability for third parties to manage their own key contacts and role assignments.
- See evidence requests and their status in a single location.
- Ability for third-party providers to route evidence requests to the appropriate people within the vendor organization.
- Manage multiple relationships and assessments a single organization may be involved in.
- Completely separated from the VRM Console for enhanced security and data control.
Prevalent Vendor Risk Manager®