Prevalent TPRM Platform v3.29 Enhances AI-Based Evidence Review & Expands on ESG Assessment Capabilities

If you attended or were watching the news from the annual RSA Conference last month, then you undoubtedly realized that the predominate discussion at the show was about the role that artificial intelligence (AI) will play in cybersecurity. The rise of ChatGPT and other generative AI technologies has driven increased interest across multiple industries – including how AI can improve the practice of third-party risk management.

For non-security third-party risk management practitioners, however, another (often board-level) conversation is happening – how to understand and quantify third-party vendor and supplier environmental, social and governance (ESG) impacts on company operations and reputation.

While seemingly on opposite ends of the TPRM spectrum, Prevalent TPRM Platform v3.29 addresses these two topics directly with enhanced AI-based documentation and evidence review, and a new dedicated and comprehensive ESG assessment. This post examines the enhancements in detail.

Enhanced AI Document Analysis Accelerates Evidence Review

Originally introduced in Prevalent Platform v3.28, Automated Document Analysis (ADA) confirmed if a document contained the necessary references to support a question – without manual validation and review – using artificial intelligence (AI) technology.

Platform version 3.29 expands on AI-based document analysis with new enhancements to provide custom queries; a weighting system in document analysis; term definition; and pre-defined templates.

Defining Custom Queries Through Regular Expressions Reduces Manual Review Effort

In the Prevalent Platform, every question response that includes associated documentation can be automatically analyzed based on predefined profiles. For example, when a responder uploads an Information Security Policy, you know that it has automatically been reviewed against InfoSec criteria as part of the submission review workflows.

Prevalent Platform version 3.29 now also uniquely offers the choice to define custom queries, so you can define criteria that are specific to your business model. As well, analysis now supports regular expressions, enabling users to define criteria to reduce manual review efforts. For example, term analysis such as “compliant controls” can now be uniquely identified from “non-compliant controls”, or from analysis of metadata of the document.

The screenshot below illustrates this enhanced capability.

Prevalent now has the ability to conduct regular expression-based analysis of documents and contracts, enabling in-depth automated document reviews.

Weighting System Provides Flexibility in Document Analysis

Platform version 3.29 has also introduced a weighting system in document analysis, enabling a compliant/non-compliant score for documents by making analysis criteria either mandatory or optional. This provides flexibility when building analysis terms which are more observational in nature.

The screenshot below illustrates this enhanced capability.

Automated Document Analysis enables users to define pass/fail criteria across mandatory and non-mandatory search terms. This provides workflows which consolidate document reviews into summary scorings.

Defining Terms Reduces False Positives

The enhanced Automated Document Analysis capabilities introduced in version 3.29 provide the ability to define minimum and total counts of terms in order to reduce the number of false positives.

Pre-Defined Templates Accelerate Documentation Reviews

Automated Document Analysis capabilities in version 3.29 include an expanded number of pre-defined templates, so that customers who choose to leverage these can immediately perform reviews on a myriad of policy documents, contracts, and audit reports such as SOC 2 and ISO 27001 Statement of Applicability (SoA) material. This further accelerates documentation reviews.

Platform version 3.29 greatly expands the use of AI-based document analysis to reduce manual review efforts, add flexibility in document analysis, reduce false positives, and accelerate documentation reviews.

New ESG Assessment Simplifies Supply Chain Compliance and Reporting

Environmental, social and governance (ESG) has become an increasingly pivotal area of consideration for organizations, with nearly every company expected to meet ESG reporting and audit requirements of investors, boards of directors, and governments. Proper oversight of ESG requires expertise in compliance with associated regulations, but many organizations lack the expertise to understand ESG impacts in their supply chains.

Prevalent Platform v3.29 solves this problem with the introduction of a new dedicated and comprehensive ESG assessment. The Prevalent ESG assessment includes customizable questions addressing ESG domain areas such as:

• Community
• CSR strategy
• Emissions
• Human rights
• Innovation
• Management
• Product responsibility
• Resource use
• Shareholders
• Workforce

To simplify compliance reporting, the Prevalent ESG assessment automatically maps responses and risks to common ESG frameworks such as:

• EU Corporate Sustainability Reporting Directive (CSRD)
• German Corporate Supply Chain Due Diligence Act (LkSG)
• Global Reporting initiative (GRI)
• ISO 26000
• Sustainability Accounting Standards Board (SASB)
• Task Force on Climate-Related Financial Disclosure (TCFD)
• United Nations Global Compact (UNGC)

The screenshot below illustrates some of the domain areas covered by the new ESG assessment.

The Prevalent comprehensive ESG assessment addresses multiple domains and enables mapping to several global ESG standards.

As well as introducing the new dedicated ESG assessment, Prevalent Vendor Threat Monitor (VTM) now also includes continuous monitoring of ESG-related business and operational news updates complementing ESG scores available out-of-the-box in the comprehensive vendor profile.

With Prevalent Platform v3.29, procurement, sourcing, supply chain management, and risk management teams now have a comprehensive one-stop solution to assess supply chain ESG risks alongside IT security, data privacy and other operational risks for a comprehensive view of vendors.

Next Steps

If you are a customer, please be sure to check out the Prevalent Customer Portal to read the detailed release notes. You can also reach out to your Customer Success Manager (CSM). If you’re new to Prevalent, request a demo to discover how we can help you speed up and simplify third-party risk review and include automated ESG analysis in your third-party risk assessments.