Gramm-Leach-Bliley Act Safeguards Rule

Prevalent centralizes and automates the distribution, comparison, and management of requests for proposals (RFPs) and requests for in-formation (RFIs).

With this capability, you can examine a potential third-party service provider’s risks – including business, operational, reputational, financial, and prior data breaches – to inform and add context to third-party selection decisions and ensure that the selected service provider meets not only technical requirements but also acceptable risk thresholds.

Prevalent then automatically moves selected third parties into the contracting phrase to kick off further due diligence.

Prevalent centralizes the distribution, discussion, retention, and review of third-party service provider contracts to ensure key contractual provisions are included and enforced throughout the third-party lifecycle.

Key capabilities include:

• Centralized tracking of all contracts and contract attributes such as type, key dates, value, reminders, and status – with customized, role-based views.
• AI-based document profiling that enables the extraction of key provisions for automated tracking.
• Workflow capabilities (based on user or contract type) to automate the contract management lifecycle.
• Automated reminders and overdue notices to streamline contract reviews.
• Centralized contract discussion and comment tracking.
• Contract and document storage with role-based permissions and audit trails of all access.
• Version control tracking that supports offline contract and document edits.
• Role-based permissions that enable allocation of duties, access to contracts, and read/write/modify access.

As with (1) above, Prevalent includes automated workflows that move contracted vendors into further due diligence steps as appropriate.

The Prevalent TPRM Platform features a large library of pre-built templates for third-party risk assessments. Assessments can be conducted at the time of onboarding, contract renewal, or at any required frequency (e.g., quarterly or annually) depending on material changes in the relationship.
Key data security and privacy assessment capabilities in the Platform include:

• Scheduled assessments and relationship mapping to reveal where personal data exists, where it is shared, and who has access – all summarized in a risk register that highlights critical exposures.
• Privacy Impact Assessments to uncover at-risk business data and personally identifiable information (PII).
• Risk and response mapping to controls. Includes percent-compliance ratings and stakeholder-specific reports.

Assessments are managed centrally and backed by workflow; task management and automated evidence review capabilities to ensure that your team has visibility into third-party risks throughout the relationship lifecycle.

Importantly, Prevalent includes built-in remediation recommendations based on risk assessment results to ensure that your third parties address risks in a timely and satisfactory manner and can provide the appropriate evidence to auditors.

As part of this process, Prevalent continuously tracks and analyzes external threats to third parties. Prevalent monitors the Internet and dark web for cyber threats and vulnerabilities, as well as public and private sources of reputational, sanctions and financial information.

All monitoring data is correlated to assessment results and centralized in a unified risk register for each vendor, streamlining risk review, reporting and response initiatives.