Are you ready for what's next? The 2022 TPRM Preparedness Toolkit will take your program to the next level!

Hero managed services

Vendor Risk Assessment Services

Leave your vendor risk lifecycle management to us, so you can focus on what matters

Prevalent™ Vendor Risk Assessment Services provide managed services to handle your third-party risk assessment and monitoring needs. Our in-region Risk Operations Centers (ROCs) manage the vendor lifecycle on your behalf – from onboarding vendors and collecting evidence, to providing remediation guidance and reporting on contract SLAs. As a result, you reduce vendor risk and simplify compliance without burdening internal staff.

Key Benefits

  • Improve efficiency and productivity by focusing on managing risk, rather than on managing vendor details

  • Leverage domain expertise from a team of certified third-party risk professionals

  • Gain comprehensive visibility into risk at every stage of a vendor's lifecycle

  • Realize a faster time-to-value from your risk reduction initiatives

Blog extending irm jan 2020

“Prevalent really cares, and the ROC team is exceedingly responsive. Sometimes when you deal with a large company, you’re just a number. With Prevalent, we don’t feel like that at all. They are a stakeholder in our success.”

— Information Security Advisory Services Manager, Global Insurance Company

  • Onboarding Services

    Prevalent Vendor Onboarding Services capture key third-party data to drive assessment and remediation activity.

    • Contract Onboarding: The Prevalent managed services team uploads contract documentation, extracts key contract details to populate in the Platform for tracking, and configures automated reminders.
    • SLA/Performance Mapping: Prevalent identifies key contract attributes relating to SLAs or performance, populates those requirements in the Platform, and assigns tasks to you and your third party for tracking purposes.
    • Contact Onboarding: Prevalent identifies potential points of contact leveraging a database of over 2 million verified roles. We will send templated email communications to enroll the user or identify alternatives, and onboard the user as the primary responder against the target third party.
    • Relationship Mapping: Prevalent ROC analysts leverage passively identified fourth party technologies to identify common technologies and create relationships within the Platform, with analysts curating lists based on context of service.
    • Event Triage: Prevalent analysts conduct an initial point-in-time review of events identified by Prevalent Vendor Threat Monitor, analyze them to identify false positives and noteworthy events, and adjust risk scores to reflect criticality.
  • Assessment Services

    Prevalent Vendor Risk Assessment Services collect and analyze assessment data to confirm potential risks and vendor deficiencies and escalate for remediation.

    • Collect Evidence & Chase Responders: Prevalent ROC Analysts create assessment schedules and send emails to recipients with up to 3 chasers; escalating as necessary. The team will monitor assessment completion stats, collect insights, and provide first line support to vendors.
    • Analyze Responses & Evidence: Prevalent reviews uploaded evidence to ensure it reflects what has been requested; confirms that review dates are within the last 12 months for uploaded evidence; validates that key question responses do not contradict each other; reviews notes in responses to ensure all requested information is included; and delivers reporting.
    • SOC 2 Mapping: For third parties that submit a SOC 2 report instead of a completed vendor risk assessment, Prevalent reviews the list of control gaps identified within the SOC 2 report, creates risk items against the third party within the Platform, and tracks and reports against deficiencies. Learn more: SOC 2 Report Review Service Data Sheet
    • Contextual Risk Reporting: Prevalent analysts deliver specialized business context into each unique vendor relationship and provide more prescriptive guidance for risk remediation. Learn more: Contextual Risk Reporting Data Sheet
    • Controls Validation: Prevalent delivers expert, in-depth review of third-party assessment responses and documentation against established testing protocols to validate that indicated controls are in place. Learn more: Controls Validation Service Data Sheet
    • Relationship Mapping: Prevalent ROC analysts distribute an assessment to the third party seeking to identify fourth parties in use. The analyst will review the results and create relationship maps showing type of dependency (e.g., data transfer, service necessity, etc.) and attributes of the relationship.
  • Management Services

    Prevalent Vendor Risk Management Services provide continuous remediation and management of third parties throughout their lifecycle.

    • Remediation: Prevalent ROC analysts work with your team to develop recommendations to mitigate risks and communicate with third parties for resolution.
    • SLA & Performance Tracking: Prevalent continually tracks the status of SLAs identified during the onboarding phase, alerting to potential missed expectations.
    • Contact Maintenance: Prevalent ROC analysts send bi-annual chasers to confirm that primary responder points of contact remain accurate, and update the primary responder accordingly. Prevalent will also communicate via email to platform users who have not logged in within an agreed timeframe.
    • Continuous Event Curation: The Prevalent team continuously monitors third parties for cyber, business, reputational or financial red flags and escalates critical events for triage review.
    • Incident Response: Prevalent ROC analysts distribute and track event-driven assessments in response to third-party security incidents, curate the results, and report on each event to track completion and impact. Learn more: Incident Response Service Data Sheet
  • Ready to get started?
  • Schedule a personalized solution demonstration to see if Prevalent is a fit for you.
  • Request a Demo