Given the incredible volume of third-party risk noise that organizations are subject to, it’s never been more important to have a solution that distills the most important signals into meaningful intelligence. That’s precisely what the latest version of the Prevalent Third-Party Risk Management Platform does. Version 3.24 introduces new risk category letter grades for clear visual analysis; bi-directional risk conversations and custom risk definitions for faster remediation; technology mapping across third parties to discern concentration risk more easily; and custom thresholds for Prevalent Vendor Threat Monitor to ensure you’re focusing on the most important risks.
A simple, clear method for visualizing the risks that suppliers bring to your organization is the hallmark of a great third-party risk management solution, and the Prevalent Platform expands on this capability in v3.24 introducing new risk category ratings based on color-coded letter grades from A (low risk) to E (high risk).
With this enhancement, you can define percentage thresholds per grade and can choose weightings for individual control domains and sub-domains on a per-entity basis. Risk grades are also available on the entity profile tab in the Platform and supplement existing risk scoring to better enable comparison between controls and vendors.
Grades can be issued automatically on a per-risk domain/category basis.
In third-party risk management, context is key. For example, an issue identified during the course of analyzing a vendor questionnaire might not be a risk at all if there is a compensating control in place. However, most TPRM tools don’t allow for additional context to be added when third parties are answering their assessment questionnaires, which just ends up adding unnecessary complexity and time to risk identification and management.
Prevalent Platform v3.24 addresses this challenge by enabling bi-directional conversations to occur within assessments. With this enhancement, you and your third parties can discuss survey answers in-platform commenting on responses for better context before creating a risk.
Comments can be made by both reviewers and responders on a per question basis to encourage an open dialogue.
Each risk requires its own unique treatment based on its likelihood of occurring and impact to the business. Yet, many third-party risk management tools force a one-size-fits-all approach on risk disposition which lengthens remediation timelines.
Prevalent Platform v3.24 enables the creation of custom attributes for risks. For each risk, customers can specify fields like risk owner, remediation guidance, validation steps and more. Plus, you can pre-populate fields based on a risk; for example defining steps to execute when a specific risk occurs. This enhancement helps to accelerate risk remediation by defining workflow to a greater level of detail and offering richer remediation guidance.
Once custom attributes have been auto populated, risks items can also include detailed guidance for remediation, named ownership, and more.
The Prevalent Platform includes a comprehensive vendor profile built using automated feeds that incorporate multiple third-party attributes including legal name, year founded, annual revenue, industry codes, and much more.
One of the unique attributes available in the vendor profile is 4th party products and services. Prevalent Platform v3.24 includes an enhancement that auto-creates entity relationships by 4th party technology. You now have the option to create these entity relationships directly against each technology or set default entities for relationship mapping to streamline the process.
With this enhancement, you can more clearly visualize technology concentration risk among your third parties, and quickly identify which vendors might be at risk in a 4th-party data breach.
Relationships can be set by selecting the automatically identified fourth party technology and creating a linkage. This can be pre-populated for future occurrences.
Prevalent Vendor Threat Monitor has also been enhanced in this release, offering customers the ability to set their own thresholds for cyber and business monitoring events. You can now pre-define risk scores and apply priority to focus on specific risks such as brand risks or Dark Web-related events. With this new capability, you can also change the default Low, Medium and High grades in risk categories, providing more granular control based on their risk appetite.
Each instance can leverage custom default priority levels based on the focus area in question. This can impact risk ratings and automated alerts.
Be sure to check out the Prevalent Customer Portal to read the release notes or view a new features demo video and learn more about additional features not listed here. If you’re new to Prevalent, request a demo to discuss how we can help you get ahead of third-party risk at every stage of the vendor lifecycle.