With 45% of organizations reporting that they experienced a third-party security incident in the last year, it’s essential that security and risk teams get control over their vendor and supplier risks. However, manual processes and insufficient visibility hamper results. The latest Prevalent Third-Party Risk Management Platform release includes differentiated capabilities that can help.
Documents and other artifacts are often uploaded as evidence when answering assessment questions, resulting in third-party risk assessors spending endless hours manually reviewing documents to confirm their suitability. Manual processes like this increase the risk of missing important evidence.
Prevalent TPRM Platform v3.28 introduces automated document analysis (ADA), a method for confirming if a document contains the necessary materials and references to support a question – without manual validation and review. Here’s how it works:
Available out-of-the-box for Prevalent assessment customers, ADA includes select pre-built profiles to support evidence scanning in the Prevalent Compliance Framework (PCF) questionnaire plus the ability to create custom profiles.
With the ADA capability, you can create customized document analysis criteria by the type of document reviewed. Criteria can be a combination of terms and phrases – for example key terms in an information security policy or a SOC 2 report. The example screenshot below illustrates phrases in profile criteria.
Using ADA, you can apply a profile to a document and run an automated analysis against that criteria. This capability enables you to identify criteria and highlight potential gaps without requiring the download/review of the artifact, greatly speeding up the process. See the example screenshot below.
When the analysis is complete, the red flagging capability identifies profiles and criteria which have not been met, as well as impacted assessment responses where artifacts are insufficient. Armed with this information, you can take remediative action with the vendor to ensure you have the appropriate evidence to match the request. See the example screenshot below for an example.
Automated document analysis provides a comprehensive review of supporting evidence without manual intervention, saving time and improving the consistency and accuracy of third-party risk management assessments and reviews.
Every stakeholder has their own unique tasks to perform in a third-party risk management (TPRM) solution. Some complete assessments as a vendor, while others track vendor assessment completion status. Some monitor internal team performance against tasks or contracts, while others monitor supplier performance against key performance indicators (KPIs). In a rigid one-size-fits-all TPRM tool, stakeholders have only a single vendor view, limiting their ability to effectively manage the third-party risk lifecycle.
Prevalent Platform v3.28 expands on existing ease-of-use capabilities, introducing custom dashboards that enable users to define their own unique launchpad using customizable widgets. Available for all Prevalent customers, widgets include a new calendar view of actions, as well as survey schedules, tasks, audit trails, and requirements tracking. See the screenshot below for an example.
The My Dashboard enhancement enables users to adapt the landing page of the Prevalent Platform to a unique view that meets their personal needs and improves their productivity.
If you are a customer, please be sure to check out the Prevalent Customer Portal to read the detailed release notes. You can also reach out to your Customer Success Manager (CSM). If you’re new to Prevalent, request a demo to discover how we can help you speed up and simplify third-party risk analysis and review at every stage of the vendor lifecycle.
Learn how to leverage vendor risk assessment questionnaires for stronger third-party risk management, including a customizable...
09/18/2024
Third-party risk assessments not only enable your organization to proactively detect and reduce risks, but also...
09/16/2024
Learn how integrating the NIST Privacy Framework with third-party risk management (TPRM) helps organizations enhance data...
09/12/2024