I am absolutely thrilled to announce that the 3.11 release of our Third-Party Risk Management (TPRM) Platform is now available! Notably, this is the first significant release of the platform since Prevalent acquired 3GRC and represents the coordination of customer and partner feedback with the internal resources of our global R&D organization.
Here is what you can expect in this significant release…
Let’s be honest with one another for a moment. Compliance reporting is a pain. It takes time (more than it should), is overly complex, and prevents you from getting to other high priority activities. However, for most organizations managing third-party vendors, suppliers, or partners is an unavoidable requirement. With the latest release of our next generation TPRM platform, we have greatly simplified compliance reporting by introducing a new unified framework that maps the information gathered from controls-based questionnaires directly to both Standard Controls Frameworks and regulatory frameworks including ISO 27001, NIST, GDPR, CoBiT 5, SSAE 18, SIG, SIG Lite, and NYDFS.
Yes, you read that right… using data populated from questionnaires, you get a report on your GDPR compliance (for example)!
Unique to Prevalent is the ability for customers to take the answers and evidence from all submitted questions –those gathered in the past, and those to be gathered in the future – and map them to multiple frameworks, reducing the time and complexity required for reporting. Ask a question once and map to any framework – it’s that easy!
Here are a few capabilities you get with this new compliance reporting feature:
With these new compliance reporting capabilities, customers can quickly understand where they rate in any framework and gain a clear status of compliance per regime. For a representation of the per-regulation reporting, please see the screenshot below:
When vendors answer questions in an assessment, the platform automatically creates risks based on how the question was answered. Reviewers or vendor managers will then research the submitted evidence to identify false positives or negatives as part of the risk identification process. The Prevalent platform now provides a workflow mechanism to flag and validate the results beyond automated risk creation.
With this new capability, customers can create manual flags based on findings, or create a flag automatically when an attachment or note has been added or when a vendor selects a particular answer. As a validation step, the flag would be reviewed to determine whether to create a risk. A clear description of the flag ensures the reviewer has guidance for validation. Flagging points of concern in vendor responses ensures that the right risks are investigated, helping to reduce an organization’s overall vendor risk profile. As an example of this capability, please see the screenshot below.
I think you would agree with me that this release represents a huge step forward for organizations wishing to improve their evidence review and compliance reporting.
VRM programs are usually driven by one of three objectives. In this post, we'll examine these...
The CAIQ assessment offers a standard approach to evaluating cloud provider security controls.