Our policy regarding content ownership, access, sharing and sale of data, privacy, and security assurances for vendors
Prevalent helps firms identify and manage risk in third party business relationships by offering the industry’s only purpose-built, unified platform that integrates a powerful combination of automated assessments, continuous monitoring, and evidence sharing for collaboration between enterprises and vendors. No other product on the market combines all three components, providing the best solution for a highly-functioning, efficient third-party risk program.
As a vendor who has received a request to complete an online survey in the Prevalent platform, you may have some questions regarding how your company’s sensitive data is handled. This document will cover content ownership, access, sharing and sale of data, privacy, and security assurances.
Prevalent, Inc., is a Delaware Corporation with its principal place of business located at 11811 N. Tatum Blvd., Suite 2400, Phoenix, Arizona 85028 USA and the parent company to its wholly owned subsidiary, Prevalent Limited (formerly 3GRC LTD), incorporated and registered in England and Wales with company number 09673268 whose registered office is at First Floor, 10/11 Cedarwood Chineham Business Park, Crockford Lane, Basingstoke, Hampshire, England, RG24 8WD. Insight Venture Partners, LLC (“Insight”), a private equity and venture capital firm, is the principal owner of Prevalent, Inc.
For further information on this document, contact the Prevalent support and customer success team at:
The vendor owns their content in the Prevalent platform. Vendors have the power to update their content, request that their content is removed, share it with others, or not share it at all.
Completed vendor assessments and associated evidence are stored in our secure repository where it is viewable only by the company requesting the assessment or by Prevalent if the company has outsourced the collection to Prevalent. By completing and submitting the assessment and associated evidence vendors are allowing the requesting company and/or Prevalent to view it.
Vendor data is not shared unless vendors expressly approve their assessment results and associated evidence be shared with other entities besides the requesting company or Prevalent.
Data in the Prevalent Platform will not be sold under any circumstances.
Prevalent holds a SCA certification. The assessment was completed in late December 2019 by PivotPoint as the auditor.
The Standardized Control Assessment (SCA) is the Shared Assessment group’s on-site third-party vendor assessment tool. It is in-depth, independently validated security assessment of Prevalent’s internal controls - essentially an onsite validation of the answers provided in the SIG questionnaire.
It is applicable to a broad range of frameworks and requirements. The controls specified in the SCA are expressly mapped to controls and requirements for the following:
The Prevalent Platform allows clients to choose the geographic region of deployment and makes use of Availability Zones to ensure service. Data is replicated within Availability Zones, and daily backups are performed. Client data is never stored outside of their chosen region.
Users can check the region their data is stored in at any time by checking the footer of the application user interface.
Prevalent assesses the software and service providers used in the operation and support of our applications using our technology. We provide our own SIG Lite and PCF assessments within the Prevalent platform, as well as third-party attestations of our suppliers (as applicable), and documentation of policy, procedure, and technical artifacts as necessary.
Prevalent’s products are all cloud-based SaaS applications hosted in AWS. They are designed to run securely at high scalability and availability, with robust failover processes.
The Prevalent Platform includes layers of security throughout the technology stack. This includes the following security features:
Data and file encryption
Network Security and DDOS Protection
Monitoring and Auditing
This process is under constant review and verified by the Prevalent security team.
Updated September 10, 2020
This complimentary guide details best practices for successfully managing risk throughout the vendor lifecycle.