New Report: The 2022 Gartner® Market Guide for IT Vendor Risk Management Solutions
Request Demo
Hero Image Solutions Compliance Compliance Overview

Compliance Capabilities

Meet third-party compliance mandates and regulatory guidelines with speed, efficiency and scale.

According to a recent Ponemon study, 61% of U.S. companies said they experienced a data breach caused by vendor or third party. In light of growing threats, many regulations and frameworks now require organizations to assess and monitor suppliers and service providers for potential risks.

As businesses continue to diversify and globalize, organizations looking to focus squarely on core business functions are turning to third parties to fulfill specialized services, such as web hosting, payments processing and cloud services.

In the face of growing cyber threats in this extended ecosystem, many organizations are now required to develop effective third-party risk management programs to meet regulatory compliance and deepen IT security controls.

Only Prevalent enables you to meet compliance mandates for both assessing and monitoring the risk of your organization's vendors, suppliers and other third parties using a single, unified platform.

Key Capabilities for Third-Party Risk Compliance

  • Expert Consulting

    Design a new TPRM program, or optimize your existing program, with Prevalent Professional Services and Risk Operations Center experts.

  • Assessments Library

    Leverage a library of 50+ standard assessments, or build your own custom surveys, backed by fully automated workflow management.

  • Continuous Monitoring

    Conduct continuous cyber and business monitoring to reveal potential vendor risks and inform prioritization and risk awareness.

  • Fine Tuning

    Tune analysis and scoring to your organization's specific risk tolerances and other unique business requirements.

  • Frameworks Mapping

    Map answers to control frameworks to measure compliance, project future risks, predict business outcomes, and gain remediation recommendations.

  • Tailored Reports

    Communicate compliance and risk status across the vendor landscape with reports tailored to assessors, executives and other stakeholders.

Datasheet tprm platform nov 2019

Prevalent has helped us have an evidence-based methodology of third party compliance.

— Project Manager, Small Business Professional Services Company

Read Prevalent case studies

Satisfy Assessment AND Monitoring Requirements

All regulations, guidelines and industry standards listed below require the use of internal, control-based third-party risk assessments. While outside-in risk scoring or ranking can deliver risk insights, it does not meet compliance requirements when used as the only mechanism to evaluate vendor risk.

Regulation & Guideline / Industry Standard & Framework

 Assessment Required Monitoring Required

REGULATIONS

Bribery Act of 2010

CCPA

CMMC

CTSCA

DORA

EBA Guidelines on Outsourcing Arrangements

Executive Order on Improving the Nation's Cybersecurity

European Corporate Due Diligence Act

FCA FG 16/5

FCPA

GDPR

HIPAA Security Rule

OCC Bulletin 2013-29

OCC Bulletin 2017-21

NERC CIP

Modern Slavery Act of 2015

NY DFS 23 NYCRR 500

NY SHIELD Act

PRA SS2/21

SEC Cybersecurity Disclosure Rules

GUIDELINES

CSA CAIQ

FFIEC BCP Booklet: Appendix J

FFIEC Information Security Booklet

OSFI Guideline B-10

INDUSTRY STANDARDS

AICPA SOC 2

ISO 27001:2013

ISO 27002:2013

ISO 27018:2019(E)

ISO 27036-2

ISO 27701

NIST CSF 1.1

NIST SP 800-66

NIST SP 800-161

NIST SP 800-53R4

PCI DSS

Navigate the TPRM Compliance Landscape

The Third-Party Risk Management Compliance Handbook reveals TPRM requirements in key regulations and industry frameworks, so you can achieve compliance while mitigating vendor risk.

Read Now
Feature tprm compliance handbook 0821
Requirements & Guidelines Addressed by Prevalent
  • AICPA SOC 2
    AICPA System & Organization Control (SOC) 2
  • CCPA
    California Consumer Privacy Act
  • CMMC
    U.S. DoD Cybersecurity Maturity Model Certification (CMMC)
  • CSA CAIQ
    CSA Consensus Assessments Initiative Questionnaire
  • CTSCA
    California Transparency in Supply Chains Act
  • DORA
    Digital Operational Resilience Act
  • EBA
    EBA Guidelines on Outsourcing Arrangements
  • EO
    Executive Order on Improving the Nation's Cybersecurity
  • EU
    European Corporate Due Diligence Act
  • FCA
    Financial Conduct Authority FG 16/5
  • FCPA
    Foreign Corrupt Practices Act
  • FFIEC
    FFIEC IT Examination Handbook
  • GDPR
    General Data Protection Regulation
  • HIPAA
    HIPAA Security Rule
  • ISO
    ISO 27001 / 27002 / 27018 / 27036-2 / 27701
  • Modern Slavery
    UK Modern Slavery Act of 2015
  • NERC
    NERC Critical Infrastructure Protection (CIP) Standard
  • NIST
    NIST SP 800-53r4 / SP 800-161 / CSF v1.1
  • NIST
    NIST SP 800-66
  • NYDFS
    New York State DFS NY CRR 500 Compliance
  • NY SHIELD
    NY Stop Hacks & Improve Electronic Data Security Act
  • OCC
    OCC Bulletins
  • OSFI
    Third-Party Risk Management Guideline B-10
  • PCI DSS
    Payment Card Industry Data Security Standard
  • PRA SS2/21
    Bank of England Prudential Regulation Authority SS2/21
  • SEC
    U.S. SEC Cybersecurity Disclosure Rules
  • SIG Questionnaire
    The Standard Information Gathering Questionnaire
  • UK Bribery
    Bribery Act of 2010
    • Featured Resources
    • Ready to get started?
    • Schedule a personalized solution demonstration to see if Prevalent is a fit for you.
    • Request a Demo