Prevalent Adds New Sources of Vendor Risk Intelligence to Networks and Extends Benefits of TPRM to New Audiences with Latest Release

Prevalent v3.21 introduces cyber, business and financial scoring to the Vendor Risk Intelligence Networks, complementing assessment scores with continuous risk insights. New TPRM platform onboarding and requirements capabilities add value for procurement and other business teams.
Alastair Parr
Senior Vice President, Global Products & Services
November 10, 2020
Blog prevalent v321 1120

In 2016 Prevalent introduced the concept of vendor risk intelligence networks that share standardized completed assessments, and we have continually innovated to scale and enrich those networks for our customers ever since. For example, we were the first to offer preview licenses that enable quick access to vendor risk assessment scores and data. We were also the first to offer a marketplace that enables vendors to submit their own self-assessments and proactively share them with the networks.

With the latest release of our Prevalent Vendor Intelligence Networks, we are introducing the first-to-market capability to view cyber, business and financial risk scores alongside risk scores from completed vendor assessments. This is available in the Prevalent Exchange, Prevalent Legal Vendor Network (LVN), and Prevalent Healthcare Vendor Network (HVN).

Below is a summary of the newest network enhancements, as well as other updates in version 3.21 of the Prevalent Third-Party Risk Management Platform.

Cyber, Business and Financial Risk Scores in the Prevalent Networks Accelerate Sourcing and Pre-Contract Due Diligence

To check third-party risk, vendor risk network customers often start by searching the network for a company’s risk profile. Most networks base their scores solely on periodic assessments of vendors’ internal controls. However, since these assessments are typically conducted on an annual basis, typical risk profiles in vendor networks can be up to a year old – and a lot can happen in a year!

With our latest release, Prevalent is adding cyber, business and financial scorecards to its Vendor Intelligence Networks. The scorecards are continually updated based on current data culled from thousands of public and private sources. This intelligence helps to fill the gaps between periodic assessments.

The new scorecards are available in the “Risk Preview” package of the Prevalent Exchange Network, Legal Vendor Network (LVN), and Healthcare Vendor Network (HVN). As a result, procurement, security and risk management teams gain instant, updated risk visibility into the thousands of vendors represented in our networks.

Prevalent Networks Risk Monitoring Dashboard
Cyber, business, and financial scorecards enable immediate access to vendor risk data prior to completing an assessment.

The new release also expands Prevalent’s comprehensive business monitoring sources with new sanctions coverage (e.g., OFAC, EU, UN, BOE, FBI, BIS), over 1,000 global enforcement lists and court filings (e.g., FDA, US HHS, UK FSA, SEC), PEP monitoring, and state-owned enterprise screening across more than 240 countries. These new sources help your business stay ahead of white-collar crime, money laundering, and reputational damage.

Prevalent delivers unmatched risk intelligence based on business updates, financial performance, brand shifts, operational issues, legal cases, compliance violations, privacy incidents, cyber security exposure, and more. With self-service access to our networks, procurement teams can accelerate the secure sourcing of vendors and conduct pre-contract due diligence with confidence.

Single-Click Vendor Requests Improve Responsiveness

As vendor networks grow, it can be time-consuming to scroll through endless lists of vendors to find the ones most relevant to your business. With the latest enhancements to the Vendor Intelligence Networks, Prevalent adds the ability to search for a specific vendor in the network, returning results if assessment, cyber, business and financial data is available. Along with this enhancement, users can easily request data on a missing vendor with a single click.

Prevalent Vendor Intelligence Network Search
Network search provides immediate insight into whether a vendor is included within the hundreds of thousands monitored within the Prevalent network.

These enhancements simplify search in Prevalent’s rapidly growing networks, enabling customers to quickly see the risks that matter to them and request comprehensive vendor risk profiles.

Expanded Intake Form Accelerates Vendor Onboarding and Initial Triage

In most organizations, line-of-business owners share responsibility for vendor relationships. However, those organizations can sometimes operate in silos. This makes it difficult to collaborate on vendor risk identification and management across departments.

Prevalent TPRM Platform v3.21 includes an updated intake process that facilitates participation from business users who may not have access to the Prevalent Platform. With the updated process, the Platform enables anyone to populate key details about third parties, without requiring them to have Platform access or knowledge. Customers can easily customize intake forms and include them as part of automated workflows.

Completed intake forms are queued for vendor managers to approve or reject. ActiveRules automatically recommend triage actions to inform profiling and tiering decisions.

Prevalent TPRM Vendor Intake Form
The vendor intake form can be customized for multiple recipients to gather more complete data for each vendor.

The updated vendor intake process enables busy risk and vendor management collaborate on populating vendor profiles. This reduces the time required to onboard vendors and gain visibility into their initial inherent risk.

Proactive Event Reporting Accelerates the Annual Re-Assessment Process

Internal, controls-based vendor assessments are typically conducted on an annual basis. However, a lot can happen between periodic assessments. Without regular insights into business news, financial results, cyber incidents and other developments, annual re-assessments can become bloated and unwieldy for vendors – and quickly outdated for their customers.

Prevalent TPRM Platform v3.21 addresses this challenge with a new event reporting assessment that enables third parties to proactively report updates such as mergers and acquisitions, data breaches, service outages, and more. Event reports are added to the vendor’s risk register, and vendor relationship owners are notified with each update.

Prevalent Proactive Vendor Assessment
Proactive event reporting enables entities to self-report noteworthy events at any time.

This enhancement helps vendors to be proactive and reduce the burden of annual re-assessments.

New “Requirements” Feature Extends Risk Assessment Value for Internal Stakeholders

Multiple internal teams can benefit from third-party risk management solutions. For example:

  • Procurement managers need to understand a vendor’s security, compliance, ethics and sustainability risk profiles for effective due diligence and SLA performance management.
  • IT security professionals need to determine whether suppliers maintain the controls and processes necessary to mitigate potential data breaches.
  • Risk management experts need to correlate and analyze vendor risk data from a variety of sources, while coordinating third-party risk reduction across internal departments.

The challenge with most TPRM tools, however, is that they don’t satisfy the needs of teams outside of IT security. To address this challenge, Prevalent TPRM Platform v3.21 enables procurement, risk management and other business teams to specify “requirements.”

Requirements can be anything an organization needs to track and manage throughout the vendor lifecycle – from typical cybersecurity assessments, SLA and performance monitoring, to responsible sourcing management. A requirement can be a recurring task such as a satisfaction review with a pass/fail measure, supplier performance management metrics, or internal governance checks. All requirements map back to each assessed vendor’s central risk register for unified reporting.

Prevalent TPRM Requirements
Requirements enable pass/fail metrics to be reviewed on a regular basis. This can cover SLAs/KPIs, or internal governance controls. Tasks, discussions, and risks can be associated to requirements.

Requirements expand the scope and applicability of third-party risk management to additional enterprise teams, ensuring that the organization benefits from a single source of the truth.

Next Steps

Be sure to check out the What’s New features document or visit the Prevalent Customer Portal to read the release notes or view a new features demo video and learn more about additional features not listed here. If you’re new to Prevalent, request a demo to discuss how we can help you get ahead of third-party risk.

Leadership alastair parr
Alastair Parr
Senior Vice President, Global Products & Services

Alastair Parr is responsible for ensuring that the demands of the market space are considered and applied innovatively within the Prevalent portfolio. He joined Prevalent from 3GRC, where he served as one of the founders, and was responsible for and instrumental in defining products and services. He comes from a governance, risk and compliance background; developing and driving solutions to the ever-complex risk management space. He brings over 15 years’ experience in product management, consultancy and operations deliverables.

Earlier in his career, he served as the Operations Director for a global managed service provider, InteliSecure, where he was responsible for overseeing effective data protection and risk management programs for clients. Alastair holds a university degree in Politics and International Relations, as well as several information security certifications.

  • Ready for a demo?
  • Schedule a free personalized solution demonstration to see if Prevalent is a fit for you.
  • Request a Demo