Analyst Insight: The Gartner® Market Guide for IT Vendor Risk Management Solutions

Prevalent Delivers Industry’s Most Comprehensive Third-Party Risk Management Platform

New enhancements empower organizations to quickly and easily establish or expand their TPRM program.
February 24, 2020
Blog release v3 16 feb 2020

SAN FRANCISCO, RSA CONFERENCE — February 24, 2020 – Prevalent, Inc., the company that transforms how you manage third-party risk, today announced the latest version of its Third-Party Risk Management Platform. This release features several significant enhancements including an integration with ServiceNow, new Vendor Threat Monitor (VTM) risk insights, advanced workflow and automation capabilities. Prevalent also announced new product options that include unlimited management of vendors, tiering, profiling and inherent risk assessments that enable organizations new to Vendor Risk Management to get up to speed quickly and painlessly.

“As new threats are introduced on a daily basis and malicious activity is at an all time high, it’s more important than ever for companies to ensure that security extends beyond their organization,” stated Alastair Parr, senior vice president of global products for Prevalent, Inc. “Historically third-party risk management programs have been time-consuming and manual, resulting in insufficient security. With today’s release, we are furthering our commitment to deliver the most comprehensive third-party risk management solution by providing organizations with an easy-to-use, fully-automated solution to better protect against third-party risks.”

Prevalent Third-Party Risk Management Platform

The Prevalent Third-Party Risk Management Platform is a unified solution that combines automated standardized vendor risk assessments, workflow, remediation management and continuous threat monitoring across the entire vendor life cycle to deliver a 360-degree view of vendor risks. New feature highlights include:

Workflow Task Templates Automate Vendor Lifecycle Management

To address vendor management lifecycle complexity, organizations must automate workflow wherever possible, driving alerts and tasks for all relevant parties involved in managing vendors.

In the latest version, Prevalent addresses this need by offering task templates, leveraging triggers such as entity creation and assessment completion, to generate tasks for relevant people and set off actions at task creation and/or completion. Automating actions eliminates manual steps, reducing errors and enabling customers to focus on priority tasks and issues that require their direct intervention.

Scheduling Enhancements Add Flexibility to Assessments

The new version introduces two new scheduling capabilities to simplify assessments:

  • Proactive assessment scheduling enables organizations to set a schedule type where the vendor can complete an assessment when they choose with no specific deadline or timeframe.
  • Flexible assessment scheduling enables organizations to set a schedule type where an entity must fill out the assessment within a designated time frame at the time the entity is added to the schedule.

With these enhancements, Prevalent customers can create scheduling workflows based on how they best work with their vendors, better streamlining the assessment process.

API Enhancements Centralize Risk Management Information

Organizations need the ability to view all risk management information in one place to gain and communicate actionable insights. The new Prevalent platform has enhanced its API to enable task and risk item management, where customers can create and manage task and risk items via the API. Adding this new read/write capability will allow risk teams to manage and analyze third party risk data with data from other IT service management and enterprise risk management solutions in a single location.

ServiceNow Connector Enables Central Management of Third-Party, IT Service and Risk Data

Continuing its API enhancements noted above, Prevalent is introducing a connector that lets customers consume and manage Prevalent data in the ServiceNow platform. With this capability, customers can easily centrally manage third-party risk management, IT service management activities and other enterprise risk management activities; analyze third party risk data with other risk data; and reduce the number of log-ins and platforms to manage.

Enhanced Monitoring in Vendor Threat Monitor 2.0 to Expose Cyber and Business Risks

Building on its first-to-market native integration between assessments and monitoring previously announced, the new platform extends coverage to include the deep/dark web, as well as offering more IP threat intelligence in Vendor Threat Monitor (VTM) 2.0. New threat indicators available with this monitoring collection include, but are not limited to:

  • Deep/dark leaked credential scaling and alerting
  • Dark Web activity
  • DNS Typosquat notifications, DNS suspect activity events
  • Data breach disclosures

Cyber and business events such as validated cyber attacks and security breach disclosures are scored as high, medium or low, and inform an organization’s overall risk posture.

New Product Options Provide Everything from a Starter Kit to an Enterprise TPRM Program

Overtaxed vendor management teams struggle every day with everything from defining who their vendors are to understanding how much risk they present to the business. Building on existing expertise in helping organizations establish and grow their third-party risk management programs, Prevalent now offers new options for vendor teams to manage, assess and monitor their third parties wherever they are in their program maturity. With these new options, risk management teams can mature and scale their TPRM programs with automation and greater visibility.

The latest version of the Prevalent Third-Party Risk Platform is available now. For more information please see the Prevalent Third-Party Risk Management Platform What’s New document.

About Prevalent

Prevalent helps enterprises manage risk in third-party business relationships. It is the industry’s only purpose-built, unified platform that integrates a powerful combination of automated assessments, continuous monitoring, and evidence sharing for collaboration between enterprises and vendors. No other product on the market combines all three components, providing the best solution for a highly functioning, effective third-party risk program. To learn more, please visit

Media Contact

Angelique Faul