Third-Party Risk Management Solution Release 24-Q3: ESG Enhancements and AI Auto Assessment Completion

The Mitratech Third-Party Risk Management solution continues to evolve with an emphasis on automating third-party risk management processes and improving compliance monitoring through AI and machine learning. Updates available today in 24-Q3 release aim to provide companies with more comprehensive, faster, and streamlined risk assessments and ESG compliance and complement the comprehensive Mitratech Enterprise Risk Management platform.

ESG and Sustainability Monitoring Enhancements Standardize Supply Chain Compliance Reporting

Environmental, social, and governance (ESG) criteria, such as measuring greenhouse gas (GHG) emissions, have emerged as a key priority among companies, investors, and government regulators. Measuring GHG emissions involves focusing on direct emissions and extending attention to indirect emissions throughout the supply chain, where scope 1, 2, and 3 emissions come into play. As more governments legislate ESG and sustainability regulations, companies must sift through mountains of non-standardized ESG reporting data to meet supply chain compliance requirements.

The Mitratech TPRM solution includes new capabilities that enhance ESG and sustainability monitoring and correlate with the results of questionnaire-based ESG risk assessments to standardize global ESG compliance reporting across your supply chain. The latest release includes:

• Globally sourced, standards-based data from a recognized leader in ESG and sustainability reporting.
• Advanced sustainability ratings and scores, including scope 1, 2, and 3 emissions and equivalent value in cash (EVIC) intensity, for each supplier to compare over time and against industry averages.
• Analyst-curated emissions scores, negative news, and controversies to deliver visibility into potential reputational concerns.

The solution consolidates and improves consistency of ESG insights and reporting to deliver visibility into potential supply chain reputational and compliance issues.

This add-on module complements existing built-in ESG questionnaire templates, risk guidance, and remediations. With this new capability, procurement and supply chain teams can improve supply chain visibility and reporting consistency and save time by providing one-stop access to thousands of ESG scores, intelligence, and controversies fully aligned with other enterprise risks.

AI-Powered Questionnaire Completion Accelerates the Third-Party Risk Assessment Process

The latest release extends our leading-edge AI capabilities, originally announced in June 2024, to include importing PDF documents and leveraging AI to extract key details to automatically complete a new third-party risk assessment.

This enhanced capability benefits responders who have multiple documents, such as internal policies and audit reports, which could satisfy question requirements but have no way to efficiently extract that information without hours of manual documentation review.

Using document details to populate new risk assessments radically reduces the time required to manage the third-party risk assessment process.

Alongside the existing ability to upload Excel spreadsheets of previous assessments, this new level of AI-centric automation dramatically reduces the time required to complete new assessments, speeding risk analysis and remediation.

AI-Generated Event Summaries Simplify Risk Analysis

With increasing numbers of third-party risk events such as data breaches and operational disruptions to contend with, it’s easier than ever for organizations to be overwhelmed by the volume of alerts and risk missing the most important incident details.

The TPRM solution now includes AI-generated summaries of all events in the Vendor Threat Monitor (VTM) continuous monitoring solution. All VTM events are sent to our dedicated large language model (LLM) to generate a summary of the event. Users have a choice of a paragraph or bullet point summary, with executive summaries available in reporting.

Vendor Threat Monitor simplifies event analysis with AI-generated summaries.

With this enhancement, the company continues to lead the TPRM market by focusing on meaningful risk management and analysis capabilities with responsible AI use.

Technology Tags Accelerate Discovery, Response, and Mitigation of Potential Software Supply Chain Incidents

The widespread July 2024 CrowdStrike outage is a prime example of why organizations need to understand the technologies deployed in their vendor ecosystems. Knowing which third parties utilize a particular technology helps to speed up incident response in the case of a critical outage.

To assist in understanding which vendors have particular technologies deployed, the TPRM solution now includes Technology tags. These tags provide access to publicly disclosed technologies that can be applied to all entities in the Platform based on the technologies that entity uses.

In the event of an incident, ActiveRules automations can trigger actions based on Technology tags, including:

• Reporting on impacted third parties.
• Informing internal users of the technology association by issuing email notifications.
• Triggering tasks.
• Distributing an incident response survey to a key contact to understand how they have been impacted, and what remediation efforts are taking place.
• Generating risk items for ongoing management.

This enhancement is invaluable when news of a vulnerability or data breach impacts a specific technology and there is a need to quickly identify which organizations in a vendor ecosystem may be leveraging it.

Applying technology tags to all managed third parties improves visibility into potential risks in a company’s third-party ecosystem.

With this capability, organizations can quickly identify and communicate with vendors potentially at risk of a software supply chain disruption, reducing risk and speeding time to resolution.

Next Steps: Learn More

If you are a customer, please be sure to check out the Prevalent Customer Portal to read the detailed Release Notes. You can also reach out to your Customer Success Manager (CSM). If you’re new to us, request a demo to discover how we can help you automate and add detailed insights for third-party risk management.