Prevalent Achieves ISO 27001 Certification for Information Security Management

As a leader in third-party risk management, Prevalent considers data security to be of utmost importance. This includes not only securing our internal systems and employee records, but also protecting data about our customers and their vendors, suppliers and other third parties. That’s why I am excited to share that Prevalent has achieved ISO 27001:2013 information security management certification. This certification was awarded by an accredited third party following an extensive audit of our information security systems and controls.

Why Prevalent Chose ISO 27001

There are several information security and risk management frameworks available, and we carefully considered which would be the best for our needs. Our decision to choose the ISO 27001 international framework was informed by its foundational components of business-driven risk assessments. These are a perfect complement to the effective, structured risk assessments that form the core component of Prevalent’s third-party risk management platform and vendor risk assessment services. We assist our customers in reviewing process documentation and reports, qualifying risk status and treatment plans, and driving third-party risk tracking – all of which are directly tied to the process and workflow of achieving ISO certification.

Another factor that led us to ISO 27001 was the standard’s emphasis on continuous improvement and pragmatic risk management. ISO 27001 is also an internationally recognized standard that is rigorous to implement and maintain.

Using the Prevalent TPRM Platform as an Information Security Management System

To support the ISO certification process, we used our own third-party risk management platform as an Information Security Management System (ISMS). The Prevalent TPRM Platform gave us a single, cohesive system for:

• Tracking our policy documents and reports
• Handling risks and treatments
• Managing key performance indicators (KPIs) and requirements
• Automating the ISO 27001 Annex A assessment to establish our Statement of Applicability

The Prevalent Platform made it easy for us to add the external auditors as restricted users to review our documentation and risks, which greatly expedited the entire certification process.

Adopting an overarching management process to ensure that our information security controls continue to meet Prevalent’s information security needs on an ongoing basis has also improved our structure and focus. The certification process tied together many existing security-related processes into a holistic management system, and we’ll be reviewing and improving its efficiency as we continue to protect our data and systems.

The Prevalent TPRM Platform can be used as an ISMS to support ISO 27001 certification requirements.

Next Steps

For our customers and partners, we would be delighted to share this certification with you as assurance of our good security practices. Please reach out to your Prevalent contact to request a copy of the certificate and our Statement of Applicability.

If you are looking to kick off and manage your own ISO 27001 certification process or assess your third parties against its requirements, download our ISO compliance checklist. The checklist includes specific guidance for ISO/IEC 27001, 27002, 27018, 27036 and 27701.

Interested in how Prevalent can help with your ISO initiatives? Contact us today for a demo.