Our policy regarding content ownership, access, sharing and sale of data, privacy, and security assurances for vendors
Prevalent helps firms identify and manage risk in third party business relationships by offering the industry’s only purpose-built, unified platform that integrates a powerful combination of automated assessments, continuous monitoring, and evidence sharing for collaboration between enterprises and vendors. No other product on the market combines all three components, providing the best solution for a highly-functioning, efficient third-party risk program.
As a vendor who has received a request to complete an online survey in the Prevalent platform, you may have some questions regarding how your company’s sensitive data is handled. This document will cover content ownership, access, sharing and sale of data, privacy, and security assurances.
Prevalent, Inc., is a Delaware Corporation with its principal place of business located at 11811 N. Tatum Blvd., Suite 2400, Phoenix, Arizona 85028 USA and the parent company to its wholly owned subsidiary, Prevalent Limited (formerly 3GRC LTD), incorporated and registered in England and Wales with company number 09673268 whose registered office is at Prevalent LTD, located at The Square, Basing View, Basingstoke, England, RG21 4EB. Insight Venture Partners, LLC (“Insight”), a private equity and venture capital firm, is the principal owner of Prevalent, Inc.
For further information on this document, contact the Prevalent support and customer success team at:
The vendor owns their content in the Prevalent platform. Vendors have the power to update their content, request that their content is removed, share it with others, or not share it at all.
Completed vendor assessments and associated evidence are stored in our secure repository where it is viewable only by the company requesting the assessment or by Prevalent if the company has outsourced the collection to Prevalent. By completing and submitting the assessment and associated evidence vendors are allowing the requesting company and/or Prevalent to view it.
Vendor data is not shared unless vendors expressly approve their assessment results and associated evidence be shared with other entities besides the requesting company or Prevalent.
Data in the Prevalent Platform will not be sold under any circumstances.
Prevalent, including the Prevalent TPRM Platform, has achieved and maintains ISO/IEC 27001:2013 certification for implementing and managing an information security management system within the context of the organization.
The Prevalent Platform allows clients to choose the geographic region of deployment and makes use of Availability Zones to ensure service. Data is replicated within Availability Zones, and daily backups are performed. Client data is never stored outside of their chosen region.
Users can check the region their data is stored in at any time by checking the footer of the application user interface.
Prevalent assesses the software and service providers used in the operation and support of our applications using our technology. We provide our own SIG Lite and PCF assessments within the Prevalent platform, as well as third-party attestations of our suppliers (as applicable), and documentation of policy, procedure, and technical artifacts as necessary.
Prevalent’s products are all cloud-based SaaS applications hosted in AWS. They are designed to run securely at high scalability and availability, with robust failover processes.
The Prevalent Platform includes layers of security throughout the technology stack. This includes the following security features:
Data and file encryption
Network Security and DDOS Protection
Monitoring and Auditing
This process is under constant review and verified by the Prevalent security team.
Prevalent is committed to upholding ethical practices in all aspects of our operations including the use of artificial intelligence tools and services. We carefully evaluate the security, privacy, and reputational aspects for any AI tool or service used by the Prevalent Platform. Any AI use by our team members must meet our security and data protection standards and must be continuously supervised and monitored to avoid the risk of AI hallucinations. For the optional AI-Powered Virtual Third-Party Risk Advisor feature, user inputs are evaluated by large language models to parse questions and determine intentions so that it can deliver risk guidance. No data from clients or entities are added to those inputs, and nothing specifically links risks to the user's organization or any third-parties. These sources may not be accurate or complete, or up-to-date and is subject to ongoing and continual change without notice and should not be a substitute for your own judgment, professional advice, or the need to seek additional input and research before making any decisions based on the inputs. Prevalent assumes no responsibility for any damages that may arise in connection with use of the AI tool and use of the AI tool.
Updated November 28, 2023
Prevalent believes it is differentiated by delivering comprehensive coverage of multiple risk types and by delivering...
Gain insights into emerging VRM technology trends and market developments.