In 2016 Prevalent introduced the concept of vendor risk intelligence networks that share standardized completed assessments, and we have continually innovated to scale and enrich those networks for our customers ever since. For example, we were the first to offer preview licenses that enable quick access to vendor risk assessment scores and data. We were also the first to offer a marketplace that enables vendors to submit their own self-assessments and proactively share them with the networks.
With the latest release of our Prevalent Vendor Intelligence Networks, we are introducing the first-to-market capability to view cyber, business and financial risk scores alongside risk scores from completed vendor assessments. This is available in the Prevalent Exchange, Prevalent Legal Vendor Network (LVN), and Prevalent Healthcare Vendor Network (HVN).
Below is a summary of the newest network enhancements, as well as other updates in version 3.21 of the Prevalent Third-Party Risk Management Platform.
To check third-party risk, vendor risk network customers often start by searching the network for a company’s risk profile. Most networks base their scores solely on periodic assessments of vendors’ internal controls. However, since these assessments are typically conducted on an annual basis, typical risk profiles in vendor networks can be up to a year old – and a lot can happen in a year!
With our latest release, Prevalent is adding cyber, business and financial scorecards to its Vendor Intelligence Networks. The scorecards are continually updated based on current data culled from thousands of public and private sources. This intelligence helps to fill the gaps between periodic assessments.
The new scorecards are available in the “Risk Preview” package of the Prevalent Exchange Network, Legal Vendor Network (LVN), and Healthcare Vendor Network (HVN). As a result, procurement, security and risk management teams gain instant, updated risk visibility into the thousands of vendors represented in our networks.
Cyber, business, and financial scorecards enable immediate access to vendor risk data prior to completing an assessment.
The new release also expands Prevalent’s comprehensive business monitoring sources with new sanctions coverage (e.g., OFAC, EU, UN, BOE, FBI, BIS), over 1,000 global enforcement lists and court filings (e.g., FDA, US HHS, UK FSA, SEC), PEP monitoring, and state-owned enterprise screening across more than 240 countries. These new sources help your business stay ahead of white-collar crime, money laundering, and reputational damage.
Prevalent delivers unmatched risk intelligence based on business updates, financial performance, brand shifts, operational issues, legal cases, compliance violations, privacy incidents, cyber security exposure, and more. With self-service access to our networks, procurement teams can accelerate the secure sourcing of vendors and conduct pre-contract due diligence with confidence.
As vendor networks grow, it can be time-consuming to scroll through endless lists of vendors to find the ones most relevant to your business. With the latest enhancements to the Vendor Intelligence Networks, Prevalent adds the ability to search for a specific vendor in the network, returning results if assessment, cyber, business and financial data is available. Along with this enhancement, users can easily request data on a missing vendor with a single click.
Network search provides immediate insight into whether a vendor is included within the hundreds of thousands monitored within the Prevalent network.
These enhancements simplify search in Prevalent’s rapidly growing networks, enabling customers to quickly see the risks that matter to them and request comprehensive vendor risk profiles.
In most organizations, line-of-business owners share responsibility for vendor relationships. However, those organizations can sometimes operate in silos. This makes it difficult to collaborate on vendor risk identification and management across departments.
Prevalent TPRM Platform v3.21 includes an updated intake process that facilitates participation from business users who may not have access to the Prevalent Platform. With the updated process, the Platform enables anyone to populate key details about third parties, without requiring them to have Platform access or knowledge. Customers can easily customize intake forms and include them as part of automated workflows.
Completed intake forms are queued for vendor managers to approve or reject. ActiveRules automatically recommend triage actions to inform profiling and tiering decisions.
The vendor intake form can be customized for multiple recipients to gather more complete data for each vendor.
The updated vendor intake process enables busy risk and vendor management collaborate on populating vendor profiles. This reduces the time required to onboard vendors and gain visibility into their initial inherent risk.
Internal, controls-based vendor assessments are typically conducted on an annual basis. However, a lot can happen between periodic assessments. Without regular insights into business news, financial results, cyber incidents and other developments, annual re-assessments can become bloated and unwieldy for vendors – and quickly outdated for their customers.
Prevalent TPRM Platform v3.21 addresses this challenge with a new event reporting assessment that enables third parties to proactively report updates such as mergers and acquisitions, data breaches, service outages, and more. Event reports are added to the vendor’s risk register, and vendor relationship owners are notified with each update.
Proactive event reporting enables entities to self-report noteworthy events at any time.
This enhancement helps vendors to be proactive and reduce the burden of annual re-assessments.
Multiple internal teams can benefit from third-party risk management solutions. For example:
The challenge with most TPRM tools, however, is that they don’t satisfy the needs of teams outside of IT security. To address this challenge, Prevalent TPRM Platform v3.21 enables procurement, risk management and other business teams to specify “requirements.”
Requirements can be anything an organization needs to track and manage throughout the vendor lifecycle – from typical cybersecurity assessments, SLA and performance monitoring, to responsible sourcing management. A requirement can be a recurring task such as a satisfaction review with a pass/fail measure, supplier performance management metrics, or internal governance checks. All requirements map back to each assessed vendor’s central risk register for unified reporting.
Requirements enable pass/fail metrics to be reviewed on a regular basis. This can cover SLAs/KPIs, or internal governance controls. Tasks, discussions, and risks can be associated to requirements.
Requirements expand the scope and applicability of third-party risk management to additional enterprise teams, ensuring that the organization benefits from a single source of the truth.
Be sure to check out the What’s New features document or visit the Prevalent Customer Portal to read the release notes or view a new features demo video and learn more about additional features not listed here. If you’re new to Prevalent, request a demo to discuss how we can help you get ahead of third-party risk.