The Prevalent™ Assessment Service enables you to speed and simplify vendor security and compliance assessments, extending the visibility, efficiency and scale of your third-party risk management program.
With a library of 50+ standardized assessments, content customization capabilities, and built-in workflow, the solution automates everything from survey collection and analysis to risk identification and reporting.
Part of the cloud-based Prevalent Third-Party Management Platform, the Assessment Service is integrated with outside-in risk monitoring to deliver a comprehensive, 360-degree view of vendor security and compliance.
Reduce the manual labor behind vendor survey management
Zero-in on risks and control failures, and gain actionable remediation guidance
Clearly communicate actual business risk to stakeholders
Speed communications and status reporting with vendors
Increase risk visibility and measure program effectiveness
Integrate with ITSM and GRC solutions for centralized risk management
Scale your program with flexible platform configuration options
Vendor Survey Selection & Creation
Leverage 50+ pre-defined assessments including SIG Core, SIG Lite and H-ISAC standardized questionnaires, as well as GDPR, FCA, PCI-DSS, ISO 27001, NIST and more with the Prevalent Compliance Framework (PCF). It’s also easy to build custom questionnaires with risk and control elements relevant to your business.
Vendor Survey Scheduling Assistant
Quickly specify the “what, when and how” behind assessments; conduct assessments proactively, on a fixed schedule, or both; monitor real-time questionnaire completion progress; and set automated chasing reminders to keep surveys on schedule.
Automated Vendor Risk & Compliance Registers
Generate risk registers upon survey completion, filtering out noise and focusing on areas of concern. Understand your risk profile with real-time results, and generate reports to document status by regulation.
Vendor Risk Remediation Workflow
Efficiently communicate with vendors and coordinate remediation efforts. Capture and audit conversations; record estimated completion dates; assign tasks based on risks, documents or entities; and match documentation and evidence to risks.
Reveal risk trends and status for individual vendors or groups. Quickly get the details you need via interactive charts with filtering and drill-down capabilities (e.g., view status by compliance requirement).
Automatically map information gathered from control-based assessments to regulatory frameworks including ISO 27001, NIST, GDPR, CoBiT 5, SSAE 18, SIG, SIG Lite, SOX, and NYDFS to quickly visualize and address important compliance requirements.
Data Mapping & Relationships
Identify relationships between your organization and third parties to discover dependencies and visualize information paths.
Provide an overview of tasks, schedules, risk activities, response status, agreements and documents.
Document & Evidence Management
Centralize agreements, contracts and supporting evidence with built-in task and acceptance management, plus mandatory upload features.
Simplify vendor management with dashboards for individual entities and entity groups. Capabilities include bulk entity import; assessment and remediation status reporting; entity categorization by criticality to the business; and other functions for managing the full vendor lifecycle.
Simplify both internal and vendor communications with centralized task creation and management. Create tasks related to risks or other items; check task status via email rules linked to the platform; and access full audit trails to ensure closed-loop risk management.
Let us handle the dirty work
From managing your third-party assessment process to monitoring your vendors for emerging risks, our Managed Services option frees your team to focus on remediating risk and keeping your business moving forward.
A Unified TPRM Platform
Measure compliance with data security and privacy requirements via automated assessment, review, analysis, remediation and reporting.
Gain an outside-in view of risk with continuous cyber and business monitoring, notification of critical issues, and remediation guidance.
Access shared libraries of completed, standardized assessments to quickly check risk scores and augment 1:1 assessment activities.
Gartner’s 2019 Magic Quadrant for IT Vendor Risk Management reviews 16 VRM providers.
This complementary guide distills 6 key best practices for third-party risk management from our 15+ years...