Following a busy start to the year, I'm excited to announce version 3.16 of our Third-Party Risk Management Platform.. In this post, I'll introduce significant v3.16 updates to workflow and automation, as well as new integration with ServiceNow and other solutions. I'll also cover new features in v3.15 (which was available in January), including new assessment types and an enhanced API. Finally, I'll review new risk insights added to our cyber and business monitoring solution, Vendor Threat Monitor (VTM), and introduce new licensing options to help you scale your program more efficiently. Keep reading to learn more!
Managing the vendor lifecycle can involve many complex steps – from creating entities and changing statuses, to alerting relevant parties about certain actions – making it difficult to scale your third-party risk management program. Prevalent addresses this challenge by introducing task templates in v3.16. Task templates leverage triggers (e.g., entity creation or assessment completion) to generate new workflow tasks. You can use task triggers for workflow actions such as:
By automating workflow actions, you eliminate manual steps, reduce errors, and are able to focus on priority issues that require your direct intervention. For a representation of a task template, please see the screenshot below.
Task templates generate trigger-based workflow tasks.
Organizations standardized on ServiceNow for IT service management (ITSM) often seek integration with other enterprise solutions to optimize workflows and productivity. It’s no different with risk management. Building on API enhancements announced in version 3.14 and 3.15 (see below), v3.16 introduces a connector that enables ServiceNow to consume and manage Prevalent platform data, enabling you to:
This integration is essential for organizations that run their businesses on ServiceNow.
Assessment scheduling often brings different workflow requirements, depending on whether you're assessing a new vendor for the first time or are introducing a new assessment to an existing third party. When multiple assessment types are needed, you must have the flexibility in scheduling assessments to fit your specific workflow needs. The Prevalent Platform version 3.15 introduced two new schedule types to streamline the process:
For a representation of the new schedules, please see the screenshot below.
New schedule types add flexibility to assessments.
Sound, risk-based decision making usually requires you to analyze data from multiple sources across the organization. Unfortunately, it's common for organizations to fall into a siloed approach to enterprise risk management, with collections of disparate tools making it difficult to reveal, interpret and act on risk.
API enhancements added in version 3.15 make it easier to collect and interpret data from multiple risk vectors. With the API's new read/write capability, you can now centrally manage and analyze Prevalent third-party risk data in concert with information from your IT service management and enterprise risk management solutions.
A complete third-party risk management program requires a combination of inside-out, internal controls assessments and outside-in, monitoring for cyber and business risks. However, without the proper level of integration with their assessment solutions scoring tools provide little visibility into whether a vendor’s activities could be a risk before, after, or between assessments. Organizations must be able to leverage continuous monitoring that provides visibility in the business activities and cybersecurity landscape of their vendors to better inform ongoing assessments.
Building on its first-to-market native integration between assessments and monitoring originally announced in version 3.14, Prevalent platform version 3.16 extends coverage to now include the dark web monitoring, as well as additional IP threat intelligence. New threat indicators include:
Available via a straightforward upgrade path for existing VTM customers, this solution delivers deeper insights into potential third-party risks, enabling your security and risk management teams to be more proactive. For a representation of how these new risk types and incidents influence risk scoring, please see the screenshot below.
New indicators provide additional context into risks.
Overtaxed vendor management teams struggle every day with everything from defining who their vendors are to understanding how much risk they present to the business. Building on our expertise in helping organizations establish and grow their third-party risk management programs, Prevalent now offers new options for vendor teams to manage, assess and monitor their third-parties wherever they are in their program maturity.
With these new options, risk management teams can mature and scale their TPRM programs with automation and greater visibility.