I am absolutely thrilled to announce that the 3.11 release of our Third-Party Risk Management (TPRM) Platform is now available! Notably, this is the first significant release of the platform since Prevalent acquired 3GRC and represents the coordination of customer and partner feedback with the internal resources of our global R&D organization.
Here is what you can expect in this significant release…
Enhanced Regulatory and Control Framework Reporting Provides a Clear Status of Compliance
Let’s be honest with one another for a moment. Compliance reporting is a pain. It takes time (more than it should), is overly complex, and prevents you from getting to other high priority activities. However, for most organizations managing third-party vendors, suppliers, or partners is an unavoidable requirement. With the latest release of our next generation TPRM platform, we have greatly simplified compliance reporting by introducing a new unified framework that maps the information gathered from controls-based questionnaires directly to both Standard Controls Frameworks and regulatory frameworks including ISO 27001, NIST, GDPR, CoBiT 5, SSAE 18, SIG, SIG Lite, and NYDFS.
Yes, you read that right… using data populated from questionnaires, you get a report on your GDPR compliance (for example)!
Unique to Prevalent is the ability for customers to take the answers and evidence from all submitted questions –those gathered in the past, and those to be gathered in the future – and map them to multiple frameworks, reducing the time and complexity required for reporting. Ask a question once and map to any framework – it’s that easy!
Here are a few capabilities you get with this new compliance reporting feature:
- Visualize a “% Compliant” against a particular compliance regime or framework (either the entire regulation or only the parts you care about), providing instant visibility into the compliance status of a vendor and enabling focus on problem areas.
- Customize the 5x5 Risk Matrix by criticality. This heat map enables customers to drill down into the individual risks in the matrix as identified in the compliance reporting to quickly prioritize those most impactful to the business.
- View compliance by entity (vendor) or by question, helping to group particular risks for remediation across all vendors.
With these new compliance reporting capabilities, customers can quickly understand where they rate in any framework and gain a clear status of compliance per regime. For a representation of the per-regulation reporting, please see the screenshot below:
Flagging Findings Ensures Thorough Review of Evidence
When vendors answer questions in an assessment, the platform automatically creates risks based on how the question was answered. Reviewers or vendor managers will then research the submitted evidence to identify false positives or negatives as part of the risk identification process. The Prevalent platform now provides a workflow mechanism to flag and validate the results beyond automated risk creation.
With this new capability, customers can create manual flags based on findings, or create a flag automatically when an attachment or note has been added or when a vendor selects a particular answer. As a validation step, the flag would be reviewed to determine whether to create a risk. A clear description of the flag ensures the reviewer has guidance for validation. Flagging points of concern in vendor responses ensures that the right risks are investigated, helping to reduce an organization’s overall vendor risk profile. As an example of this capability, please see the screenshot below.
I think you would agree with me that this release represents a huge step forward for organizations wishing to improve their evidence review and compliance reporting.