Analyst Insight: The Gartner® Market Guide for IT Vendor Risk Management Solutions

Prevalent TPRM Platform v3.28 Automates Third-Party Evidence Review and Vendor Management

New release introduces automated document analysis and custom dashboards to speed and simplify evidence review and vendor management throughout the third-party lifecycle.
Alastair Parr
Senior Vice President, Global Products & Services
July 21, 2022
Blog prevalent platform v328 0722

With 45% of organizations reporting that they experienced a third-party security incident in the last year, it’s essential that security and risk teams get control over their vendor and supplier risks. However, manual processes and insufficient visibility hamper results. The latest Prevalent Third-Party Risk Management Platform release includes differentiated capabilities that can help.

Automated Document Analysis Saves Time and Improves Accuracy of Evidence Review

Documents and other artifacts are often uploaded as evidence when answering assessment questions, resulting in third-party risk assessors spending endless hours manually reviewing documents to confirm their suitability. Manual processes like this increase the risk of missing important evidence.

Prevalent TPRM Platform v3.28 introduces automated document analysis (ADA), a method for confirming if a document contains the necessary materials and references to support a question – without manual validation and review. Here’s how it works:

  • ADA enables the creation or configuration of profiles that contain a set of keyword criteria which can be applied to review documents.
  • Built-in technology based on AWS Comprehend natural-language processing (NLP) and AWS Textrack machine learning (ML) data extraction checks each document for the keyword criteria.
  • Results of the automated analysis are presented to the reviewer in the form of a match summary, and in turn enable targeted remediation of missing evidence.

Available out-of-the-box for Prevalent assessment customers, ADA includes select pre-built profiles to support evidence scanning in the Prevalent Compliance Framework (PCF) questionnaire plus the ability to create custom profiles.

Create Document Profiles

With the ADA capability, you can create customized document analysis criteria by the type of document reviewed. Criteria can be a combination of terms and phrases – for example key terms in an information security policy or a SOC 2 report. The example screenshot below illustrates phrases in profile criteria.

Create Document Profiles

Analyze Artifacts

Using ADA, you can apply a profile to a document and run an automated analysis against that criteria. This capability enables you to identify criteria and highlight potential gaps without requiring the download/review of the artifact, greatly speeding up the process. See the example screenshot below.

Analyze Artifacts

Flag Results

When the analysis is complete, the red flagging capability identifies profiles and criteria which have not been met, as well as impacted assessment responses where artifacts are insufficient. Armed with this information, you can take remediative action with the vendor to ensure you have the appropriate evidence to match the request. See the example screenshot below for an example.

Automated document analysis provides a comprehensive review of supporting evidence without manual intervention, saving time and improving the consistency and accuracy of third-party risk management assessments and reviews.

Flag Results

Custom Dashboards Create a Personalized Launchpad for TPRM Activities

Every stakeholder has their own unique tasks to perform in a third-party risk management (TPRM) solution. Some complete assessments as a vendor, while others track vendor assessment completion status. Some monitor internal team performance against tasks or contracts, while others monitor supplier performance against key performance indicators (KPIs). In a rigid one-size-fits-all TPRM tool, stakeholders have only a single vendor view, limiting their ability to effectively manage the third-party risk lifecycle.

Prevalent Platform v3.28 expands on existing ease-of-use capabilities, introducing custom dashboards that enable users to define their own unique launchpad using customizable widgets. Available for all Prevalent customers, widgets include a new calendar view of actions, as well as survey schedules, tasks, audit trails, and requirements tracking. See the screenshot below for an example.

Custom Dashboard

The My Dashboard enhancement enables users to adapt the landing page of the Prevalent Platform to a unique view that meets their personal needs and improves their productivity.

Next Steps

If you are a customer, please be sure to check out the Prevalent Customer Portal to read the detailed release notes. You can also reach out to your Customer Success Manager (CSM). If you’re new to Prevalent, request a demo to discover how we can help you speed up and simplify third-party risk analysis and review at every stage of the vendor lifecycle.

Leadership alastair parr
Alastair Parr
Senior Vice President, Global Products & Services

Alastair Parr is responsible for ensuring that the demands of the market space are considered and applied innovatively within the Prevalent portfolio. He joined Prevalent from 3GRC, where he served as one of the founders, and was responsible for and instrumental in defining products and services. He comes from a governance, risk and compliance background; developing and driving solutions to the ever-complex risk management space. He brings over 15 years’ experience in product management, consultancy and operations deliverables.

Earlier in his career, he served as the Operations Director for a global managed service provider, InteliSecure, where he was responsible for overseeing effective data protection and risk management programs for clients. Alastair holds a university degree in Politics and International Relations, as well as several information security certifications.

  • Ready for a demo?
  • Schedule a free personalized solution demonstration to see if Prevalent is a fit for you.
  • Request a Demo