Prevalent Simplifies Third-Party Risk Analysis and Accelerates Remediation with Latest Release

Prevalent Platform v3.24 enhances customer-third party collaboration and introduces technology concentration risk capabilities.
Alastair Parr
Senior Vice President, Global Products & Services
April 20, 2021
Blog 324 new features 0421

Given the incredible volume of third-party risk noise that organizations are subject to, it’s never been more important to have a solution that distills the most important signals into meaningful intelligence. That’s precisely what the latest version of the Prevalent Third-Party Risk Management Platform does. Version 3.24 introduces new risk category letter grades for clear visual analysis; bi-directional risk conversations and custom risk definitions for faster remediation; technology mapping across third parties to discern concentration risk more easily; and custom thresholds for Prevalent Vendor Threat Monitor to ensure you’re focusing on the most important risks.

New Risk Category Letter Grades Simplify Risk Analysis and Vendor Comparison

A simple, clear method for visualizing the risks that suppliers bring to your organization is the hallmark of a great third-party risk management solution, and the Prevalent Platform expands on this capability in v3.24 introducing new risk category ratings based on color-coded letter grades from A (low risk) to E (high risk).

With this enhancement, you can define percentage thresholds per grade and can choose weightings for individual control domains and sub-domains on a per-entity basis. Risk grades are also available on the entity profile tab in the Platform and supplement existing risk scoring to better enable comparison between controls and vendors.

Grades can be issued automatically on a per-risk domain/category basis.

Bi-Directional Risk Conversations Accelerate Risk Identification

In third-party risk management, context is key. For example, an issue identified during the course of analyzing a vendor questionnaire might not be a risk at all if there is a compensating control in place. However, most TPRM tools don’t allow for additional context to be added when third parties are answering their assessment questionnaires, which just ends up adding unnecessary complexity and time to risk identification and management.

Prevalent Platform v3.24 addresses this challenge by enabling bi-directional conversations to occur within assessments. With this enhancement, you and your third parties can discuss survey answers in-platform commenting on responses for better context before creating a risk.

Risk Conversations

Comments can be made by both reviewers and responders on a per question basis to encourage an open dialogue.

Custom Risk Definitions Speed Up Remediation Workflows

Each risk requires its own unique treatment based on its likelihood of occurring and impact to the business. Yet, many third-party risk management tools force a one-size-fits-all approach on risk disposition which lengthens remediation timelines.

Prevalent Platform v3.24 enables the creation of custom attributes for risks. For each risk, customers can specify fields like risk owner, remediation guidance, validation steps and more. Plus, you can pre-populate fields based on a risk; for example defining steps to execute when a specific risk occurs. This enhancement helps to accelerate risk remediation by defining workflow to a greater level of detail and offering richer remediation guidance.

Risk Definitions

Once custom attributes have been auto populated, risks items can also include detailed guidance for remediation, named ownership, and more.

Technology Relationship Mapping Identifies Concentration Risk

The Prevalent Platform includes a comprehensive vendor profile built using automated feeds that incorporate multiple third-party attributes including legal name, year founded, annual revenue, industry codes, and much more.

One of the unique attributes available in the vendor profile is 4th party products and services. Prevalent Platform v3.24 includes an enhancement that auto-creates entity relationships by 4th party technology. You now have the option to create these entity relationships directly against each technology or set default entities for relationship mapping to streamline the process.

With this enhancement, you can more clearly visualize technology concentration risk among your third parties, and quickly identify which vendors might be at risk in a 4th-party data breach.

Technology Relationship Mapping

Relationships can be set by selecting the automatically identified fourth party technology and creating a linkage. This can be pre-populated for future occurrences.

Custom Thresholds for Vendor Threat Monitoring

Prevalent Vendor Threat Monitor has also been enhanced in this release, offering customers the ability to set their own thresholds for cyber and business monitoring events. You can now pre-define risk scores and apply priority to focus on specific risks such as brand risks or Dark Web-related events. With this new capability, you can also change the default Low, Medium and High grades in risk categories, providing more granular control based on their risk appetite.

Monitoring Thresholds

Each instance can leverage custom default priority levels based on the focus area in question. This can impact risk ratings and automated alerts.

Next Steps

Be sure to check out the Prevalent Customer Portal to read the release notes or view a new features demo video and learn more about additional features not listed here. If you’re new to Prevalent, request a demo to discuss how we can help you get ahead of third-party risk at every stage of the vendor lifecycle.

Leadership alastair parr
Alastair Parr
Senior Vice President, Global Products & Services

Alastair Parr is responsible for ensuring that the demands of the market space are considered and applied innovatively within the Prevalent portfolio. He joined Prevalent from 3GRC, where he served as one of the founders, and was responsible for and instrumental in defining products and services. He comes from a governance, risk and compliance background; developing and driving solutions to the ever-complex risk management space. He brings over 15 years’ experience in product management, consultancy and operations deliverables.

Earlier in his career, he served as the Operations Director for a global managed service provider, InteliSecure, where he was responsible for overseeing effective data protection and risk management programs for clients. Alastair holds a university degree in Politics and International Relations, as well as several information security certifications.

  • Ready for a demo?
  • Schedule a free personalized solution demonstration to see if Prevalent is a fit for you.
  • Request a Demo