Analyst Insight: The Gartner® Market Guide for IT Vendor Risk Management Solutions

How ITV Efficiently Manages Supplier Risk Across Its Enterprise

With more than 400 suppliers, ITV needed to automate its assessment processes to stay ahead of third-party risk.
March 16, 2021
Case study media entertainment

Launched in 1955, ITV is a free-to-air television network in the United Kingdom. ITV is supported by its supply chain to secure content pre-distribution and to secure its broadcast chain. Therefore, it is essential that any entity interacting with the network have the proper security controls in place. However, the process for the ITV cyber security team to assess entities against requirements was manual and time-consuming, leaving potentially risky gaps.

The Challenge: Complex and Time-Consuming Supplier Risk Assessments

With more than 400 entities to assess – from large global organizations to small post-production shops – ITV’s manual, spreadsheet-based risk assessment process could no longer keep up, taking weeks of effort per entity to determine their risk visibility.

Other departments within ITV also struggled with using clunky spreadsheets to manage suppliers and risk which led to inconsistencies, inefficiencies and no single view on supplier risk. Finally, third parties and business unit owners alike wanted a simpler data driven way to engage in conversations around risk.

ITV searched the market and found that potential solutions typically fell into one of two categories: tools to simply automate questionnaires, and overly complex GRC tools. The problem with questionnaire automation tools was that they couldn’t provide useful insights. On the other hand, GRC tools typically require significant effort (and therefore cost) to address unique company needs.

It was clear that ITV had to provide their entities and internal departments with a simple, meaningful single view of risks, so stakeholders felt there was value in the process rather than just seeing it as a compliance exercise.

The Solution: The Prevalent Third-Party Risk Management Platform

ITV needed a solution that not only automated the process of sending out and analyzing questionnaire responses, but also offered workflow and risk management capabilities that simplified third-party risk management for everyone involved – inside and outside the enterprise. To achieve this, ITV turned to Prevalent.

Prevalent takes the pain out of third-party risk management (TPRM). Companies use Prevalent software and services to eliminate the cyber risk and compliance exposures that come from working with third party suppliers. Prevalent’s customers benefit from a flexible, hybrid approach to TPRM, where they not only gain solutions tailored to their needs, but also realize a rapid return on investment.

“It’s easy to justify Prevalent, because it goes beyond compliance and just a tick box. The business understands the value of assessing third-party risk because of how Prevalent takes the pain out of the process. It allows us to focus on value driven outcomes that reduce harm to our business. That’s why we continue to build and invest in our risk management capabilities supported by Prevalent.”
Jaspal Jandu
Head of Cyber Security, ITV

ITV leverages the Prevalent Third-Party Risk Management Platform to:

  • Automate the process of building and tweaking questionnaires specific to each entity using Prevalent’s pre-built questionnaire library.
  • Simplify the identification, analysis and mitigation of risks through out-of-the-box workflow rules and built-in remediation guidance.
  • Identify single points of failure among suppliers, providing an entity map of how suppliers link up with services provided across multiple studios to easily assess impact of a potential single supplier risk in a more holistic manner.
  • Notify them when suppliers are vulnerable to a specific cyber threat allowing ITV to quickly reach out to impacted suppliers and track remediation.
  • Make it easier for non-technical people to answer questions and make sense of their cyber risks, providing a foundation upon which to build a value led third-party risk management program.

The Results: Massive Time Savings and Deeper Risk Insights

ITV has seen tremendous return on their Prevalent investment, narrowing their risk assessment process down from weeks to no more than a couple of hours effort per entity. Complementing these time savings, ITV can now intelligently automated tailor-made questionnaires for suppliers based on the services being provided, which saves a massive amount of time and effort during new supplier onboarding.

ITV has also expanded into assessing operational risk, enabling them to connect the dots on previously unseen risks across their broader spectrum of enterprise risk.

Finally, the simplicity of the Prevalent Platform enables ITV to provide a clear risk report to the business. This has encouraged internal business units to proactively come to the cyber security team to get their suppliers assessed as they see the value in the TPRM process.

Next Steps

Interested in hearing how we've helped other organizations? Discover more Prevalent success stories in our customers and case studies section. Want to discuss whether Prevalent may be a fit for you? Request a demo today!


Prevalent takes the pain out of third-party risk management (TPRM). Companies use our software and services to eliminate the security and compliance exposures that come from working with vendors and suppliers throughout the third-party lifecycle. Our customers benefit from a flexible, hybrid approach to TPRM, where they not only gain solutions tailored to their needs, but also realize a rapid return on investment. Regardless of where they start, we help our customers stop the pain, make informed decisions, and adapt and mature their TPRM programs over time.

  • Ready for a demo?
  • Schedule a free personalized solution demonstration to see if Prevalent is a fit for you.
  • Request a Demo