Analyst Insight: The Gartner® Market Guide for IT Vendor Risk Management Solutions

Prevalent Achieves ISO 27001 Certification for Information Security Management

This certification validates our commitment to customer data security. Read how we used our own TPRM platform to achieve this internationally recognized certification.
David Allen
Chief Technology Officer & Chief Information Security Officer
September 07, 2022
Blog prevalent iso 27001 certification 0922

As a leader in third-party risk management, Prevalent considers data security to be of utmost importance. This includes not only securing our internal systems and employee records, but also protecting data about our customers and their vendors, suppliers and other third parties. That’s why I am excited to share that Prevalent has achieved ISO 27001:2013 information security management certification. This certification was awarded by an accredited third party following an extensive audit of our information security systems and controls.

Why Prevalent Chose ISO 27001

There are several information security and risk management frameworks available, and we carefully considered which would be the best for our needs. Our decision to choose the ISO 27001 international framework was informed by its foundational components of business-driven risk assessments. These are a perfect complement to the effective, structured risk assessments that form the core component of Prevalent’s third-party risk management platform and vendor risk assessment services. We assist our customers in reviewing process documentation and reports, qualifying risk status and treatment plans, and driving third-party risk tracking – all of which are directly tied to the process and workflow of achieving ISO certification.

Another factor that led us to ISO 27001 was the standard’s emphasis on continuous improvement and pragmatic risk management. ISO 27001 is also an internationally recognized standard that is rigorous to implement and maintain.

Using the Prevalent TPRM Platform as an Information Security Management System

To support the ISO certification process, we used our own third-party risk management platform as an Information Security Management System (ISMS). The Prevalent TPRM Platform gave us a single, cohesive system for:

  • Tracking our policy documents and reports
  • Handling risks and treatments
  • Managing key performance indicators (KPIs) and requirements
  • Automating the ISO 27001 Annex A assessment to establish our Statement of Applicability

The Prevalent Platform made it easy for us to add the external auditors as restricted users to review our documentation and risks, which greatly expedited the entire certification process.

Adopting an overarching management process to ensure that our information security controls continue to meet Prevalent’s information security needs on an ongoing basis has also improved our structure and focus. The certification process tied together many existing security-related processes into a holistic management system, and we’ll be reviewing and improving its efficiency as we continue to protect our data and systems.

The Prevalent TPRM Platform can be used as an ISMS to support ISO 27001:2013 certification requirements.

The Prevalent TPRM Platform can be used as an ISMS to support ISO 27001 certification requirements.

Next Steps

For our customers and partners, we would be delighted to share this certification with you as assurance of our good security practices. Please reach out to your Prevalent contact to request a copy of the certificate and our Statement of Applicability.

If you are looking to kick off and manage your own ISO 27001 certification process or assess your third parties against its requirements, download our ISO compliance checklist. The checklist includes specific guidance for ISO/IEC 27001, 27002, 27018, 27036 and 27701.

Interested in how Prevalent can help with your ISO initiatives? Contact us today for a demo.

Headshot david allen
David Allen
Chief Technology Officer & Chief Information Security Officer

David Allen is the Chief Technology Officer & Chief Information Security Officer for Prevalent, where he oversees software development, information technology, information security and cloud operations. He has over 20 years’ experience building and managing teams, enterprise software products, and evaluating systems and processes for efficiency and security. David’s focus is to align business needs with technical vision, and evolve strategy and process for technological resources. David’s passion is building efficient processes, teams, and workspaces with an emphasis on communication, morale, job satisfaction, and career growth. He strongly believes that empathy, inclusiveness, and a holistic view of team dynamics and processes are just as important as technology and strategy. Prior to Prevalent, David held technical leadership roles at Quest Software, NetPro, eEye Digital Security, and BeyondTrust where he built high-performance software engineering teams to achieve category leadership and sales growth for enterprise software frameworks and applications. He holds a Bachelor of Computer Science degree from Monash University.

  • Ready for a demo?
  • Schedule a free personalized solution demonstration to see if Prevalent is a fit for you.
  • Request a Demo