Vendor Risk Assessment Services

Prevalent Vendor Onboarding Services capture key third-party data to drive assessment and remediation activity.

• Contract Onboarding: The Prevalent managed services team uploads contract documentation, extracts key contract details to populate in the Platform for tracking, and configures automated reminders.
• SLA/Performance Mapping: Prevalent identifies key contract attributes relating to SLAs or performance, populates those requirements in the Platform, and assigns tasks to you and your third party for tracking purposes.
• Contact Onboarding: Prevalent identifies potential points of contact leveraging a database of over 2 million verified roles. We will send templated email communications to enroll the user or identify alternatives, and onboard the user as the primary responder against the target third party.
• Relationship Mapping: Prevalent ROC analysts leverage passively identified fourth party technologies to identify common technologies and create relationships within the Platform, with analysts curating lists based on context of service.
• Event Triage: Prevalent analysts conduct an initial point-in-time review of events identified by Prevalent Vendor Threat Monitor, analyze them to identify false positives and noteworthy events, and adjust risk scores to reflect criticality.

Prevalent Vendor Risk Assessment Services collect and analyze assessment data to confirm potential risks and vendor deficiencies and escalate for remediation.

• Collect Evidence & Chase Responders: Prevalent ROC Analysts create assessment schedules and send emails to recipients with up to 3 chasers; escalating as necessary. The team will monitor assessment completion stats, collect insights, and provide first-line support to vendors.

• Analyze Responses & Evidence: Prevalent reviews uploaded evidence to ensure it reflects what has been requested; confirms that review dates are within the last 12 months for uploaded evidence; validates that key question responses do not contradict each other; reviews notes in responses to ensure all requested information is included; and delivers reporting.

• SOC 2 Mapping: For third parties that submit a SOC 2 report instead of a completed vendor risk assessment, Prevalent reviews the list of control gaps identified within the SOC 2 report, creates risk items against the third party within the Platform, and tracks and reports against deficiencies. Learn more: SOC 2 Exception Service Data Sheet

• Contextual Risk Reporting: Prevalent analysts deliver specialized business context into each unique vendor relationship and provide more prescriptive guidance for risk remediation. Learn more: Contextual Risk Reporting Data Sheet

• Controls Validation: Prevalent delivers expert, in-depth review of third-party assessment responses and documentation against established testing protocols to validate that indicated controls are in place. Learn more: Controls Validation Service Data Sheet

• Relationship Mapping: Prevalent ROC analysts distribute an assessment to the third party seeking to identify fourth parties in use. The analyst will review the results and create relationship maps showing the type of dependency (e.g., data transfer, service necessity, etc.) and the relationship attributes.