We're excited to announce the v3.18 release of the Prevalent Third-Party Risk Management Platform, which includes new capabilities for defining and diagraming risk relationships. In conjunction with this update, we’re also releasing v2.1 of Vendor Threat Monitor, which includes filtering, reporting and alerting enhancements.
To effectively manage risk, you need to understand compensating controls (i.e., alternate measures you can take to fulfill a requirement). After all, an identified risk might not represent an actual threat if there is a compensating control in place to mitigate it.
However, most third-party risk management platforms and frameworks (such as ISO27001, NIST, CMMC, etc.) look at controls in isolation and can lack context for compensating controls, which can make it difficult to determine the best course of remediation.
Prevalent Platform v3.18 addresses this issue by introducing risk relationships – a clear, easy way of seeing associations between risks. This new capability ensures that you have the proper context when determining whether risks should be addressed directly or by applying compensating controls.
Risk relationships are defined in the Prevalent TPRM platform. If a vendor assessment response raises a relevant risk or risks, then the platform will automatically generate and display any applicable risk relationships.
This new capability enables customers to:
The new Related Risks capability enables reviewers to define rules for compensating controls and view relationships between risks.
Since unveiling the first full-featured, natively integrated third-party risk assessment and monitoring solution in September 2019, we have released continual enhancements to deliver 360-degree visibility into third party risk. Version 3.18 builds on this momentum with Vendor Threat Monitor v2.1 improvements including:
New executive reports display an overview of risks by type and severity, while allowing reviewers to drill down to risk details for scoring verification and validation.
Prevalent Platform v3.24 enhances customer-third party collaboration and introduces technology concentration risk capabilities.