Analyst Insight: The Gartner® Market Guide for IT Vendor Risk Management Solutions

Prevalent TPRM Platform v3.29 Enhances AI-Based Evidence Review & Expands on ESG Assessment Capabilities

New release addresses two of the most frequently discussed topics among third-party risk management practitioners today.
Alastair Parr
Senior Vice President, Global Products & Services
May 18, 2023
Blog 3 29 0523

If you attended or were watching the news from the annual RSA Conference last month, then you undoubtedly realized that the predominate discussion at the show was about the role that artificial intelligence (AI) will play in cybersecurity. The rise of ChatGPT and other generative AI technologies has driven increased interest across multiple industries – including how AI can improve the practice of third-party risk management.

For non-security third-party risk management practitioners, however, another (often board-level) conversation is happening – how to understand and quantify third-party vendor and supplier environmental, social and governance (ESG) impacts on company operations and reputation.

While seemingly on opposite ends of the TPRM spectrum, Prevalent TPRM Platform v3.29 addresses these two topics directly with enhanced AI-based documentation and evidence review, and a new dedicated and comprehensive ESG assessment. This post examines the enhancements in detail.

Enhanced AI Document Analysis Accelerates Evidence Review

Originally introduced in Prevalent Platform v3.28, Automated Document Analysis (ADA) confirmed if a document contained the necessary references to support a question – without manual validation and review – using artificial intelligence (AI) technology.

Platform version 3.29 expands on AI-based document analysis with new enhancements to provide custom queries; a weighting system in document analysis; term definition; and pre-defined templates.

Defining Custom Queries Through Regular Expressions Reduces Manual Review Effort

In the Prevalent Platform, every question response that includes associated documentation can be automatically analyzed based on predefined profiles. For example, when a responder uploads an Information Security Policy, you know that it has automatically been reviewed against InfoSec criteria as part of the submission review workflows.

Prevalent Platform version 3.29 now also uniquely offers the choice to define custom queries, so you can define criteria that are specific to your business model. As well, analysis now supports regular expressions, enabling users to define criteria to reduce manual review efforts. For example, term analysis such as “compliant controls” can now be uniquely identified from “non-compliant controls”, or from analysis of metadata of the document.

The screenshot below illustrates this enhanced capability.

Prevalent Custom Queries

Prevalent now has the ability to conduct regular expression-based analysis of documents and contracts, enabling in-depth automated document reviews.

Weighting System Provides Flexibility in Document Analysis

Platform version 3.29 has also introduced a weighting system in document analysis, enabling a compliant/non-compliant score for documents by making analysis criteria either mandatory or optional. This provides flexibility when building analysis terms which are more observational in nature.

The screenshot below illustrates this enhanced capability.

Prevalent Automated Document Analysis

Automated Document Analysis enables users to define pass/fail criteria across mandatory and non-mandatory search terms. This provides workflows which consolidate document reviews into summary scorings.

Defining Terms Reduces False Positives

The enhanced Automated Document Analysis capabilities introduced in version 3.29 provide the ability to define minimum and total counts of terms in order to reduce the number of false positives.

Pre-Defined Templates Accelerate Documentation Reviews

Automated Document Analysis capabilities in version 3.29 include an expanded number of pre-defined templates, so that customers who choose to leverage these can immediately perform reviews on a myriad of policy documents, contracts, and audit reports such as SOC 2 and ISO 27001 Statement of Applicability (SoA) material. This further accelerates documentation reviews.

Platform version 3.29 greatly expands the use of AI-based document analysis to reduce manual review efforts, add flexibility in document analysis, reduce false positives, and accelerate documentation reviews.

New ESG Assessment Simplifies Supply Chain Compliance and Reporting

Environmental, social and governance (ESG) has become an increasingly pivotal area of consideration for organizations, with nearly every company expected to meet ESG reporting and audit requirements of investors, boards of directors, and governments. Proper oversight of ESG requires expertise in compliance with associated regulations, but many organizations lack the expertise to understand ESG impacts in their supply chains.

Prevalent Platform v3.29 solves this problem with the introduction of a new dedicated and comprehensive ESG assessment. The Prevalent ESG assessment includes customizable questions addressing ESG domain areas such as:

  • Community
  • CSR strategy
  • Emissions
  • Human rights
  • Innovation
  • Management
  • Product responsibility
  • Resource use
  • Shareholders
  • Workforce

To simplify compliance reporting, the Prevalent ESG assessment automatically maps responses and risks to common ESG frameworks such as:

The screenshot below illustrates some of the domain areas covered by the new ESG assessment.

ESG Assessment

The Prevalent comprehensive ESG assessment addresses multiple domains and enables mapping to several global ESG standards.

As well as introducing the new dedicated ESG assessment, Prevalent Vendor Threat Monitor (VTM) now also includes continuous monitoring of ESG-related business and operational news updates complementing ESG scores available out-of-the-box in the comprehensive vendor profile.

With Prevalent Platform v3.29, procurement, sourcing, supply chain management, and risk management teams now have a comprehensive one-stop solution to assess supply chain ESG risks alongside IT security, data privacy and other operational risks for a comprehensive view of vendors.

Next Steps

If you are a customer, please be sure to check out the Prevalent Customer Portal to read the detailed release notes. You can also reach out to your Customer Success Manager (CSM). If you’re new to Prevalent, request a demo to discover how we can help you speed up and simplify third-party risk review and include automated ESG analysis in your third-party risk assessments.

Leadership alastair parr
Alastair Parr
Senior Vice President, Global Products & Services

Alastair Parr is responsible for ensuring that the demands of the market space are considered and applied innovatively within the Prevalent portfolio. He joined Prevalent from 3GRC, where he served as one of the founders, and was responsible for and instrumental in defining products and services. He comes from a governance, risk and compliance background; developing and driving solutions to the ever-complex risk management space. He brings over 15 years’ experience in product management, consultancy and operations deliverables.

Earlier in his career, he served as the Operations Director for a global managed service provider, InteliSecure, where he was responsible for overseeing effective data protection and risk management programs for clients. Alastair holds a university degree in Politics and International Relations, as well as several information security certifications.

  • Ready for a demo?
  • Schedule a free personalized solution demonstration to see if Prevalent is a fit for you.
  • Request a Demo