Prevalent TPRM Platform v3.28 Automates Third-Party Evidence Review and Vendor Management

With 45% of organizations reporting that they experienced a third-party security incident in the last year, it’s essential that security and risk teams get control over their vendor and supplier risks. However, manual processes and insufficient visibility hamper results. The latest Prevalent Third-Party Risk Management Platform release includes differentiated capabilities that can help.

Automated Document Analysis Saves Time and Improves Accuracy of Evidence Review

Documents and other artifacts are often uploaded as evidence when answering assessment questions, resulting in third-party risk assessors spending endless hours manually reviewing documents to confirm their suitability. Manual processes like this increase the risk of missing important evidence.

Prevalent TPRM Platform v3.28 introduces automated document analysis (ADA), a method for confirming if a document contains the necessary materials and references to support a question – without manual validation and review. Here’s how it works:

• ADA enables the creation or configuration of profiles that contain a set of keyword criteria which can be applied to review documents.
• Built-in technology based on AWS Comprehend
  natural-language processing (NLP) and AWS Textrack machine learning (ML) data extraction checks each document for the keyword criteria.
• Results of the automated analysis are presented to the reviewer in the form of a match summary, and in turn enable targeted remediation of missing evidence.

Available out-of-the-box for Prevalent assessment customers, ADA includes select pre-built profiles to support evidence scanning in the Prevalent Compliance Framework (PCF) questionnaire plus the ability to create custom profiles.

Create Document Profiles

With the ADA capability, you can create customized document analysis criteria by the type of document reviewed. Criteria can be a combination of terms and phrases – for example key terms in an information security policy or a SOC 2 report. The example screenshot below illustrates phrases in profile criteria.

Analyze Artifacts

Using ADA, you can apply a profile to a document and run an automated analysis against that criteria. This capability enables you to identify criteria and highlight potential gaps without requiring the download/review of the artifact, greatly speeding up the process. See the example screenshot below.

Flag Results

When the analysis is complete, the red flagging capability identifies profiles and criteria which have not been met, as well as impacted assessment responses where artifacts are insufficient. Armed with this information, you can take remediative action with the vendor to ensure you have the appropriate evidence to match the request. See the example screenshot below for an example.

Automated document analysis provides a comprehensive review of supporting evidence without manual intervention, saving time and improving the consistency and accuracy of third-party risk management assessments and reviews.

Custom Dashboards Create a Personalized Launchpad for TPRM Activities

Every stakeholder has their own unique tasks to perform in a third-party risk management (TPRM) solution. Some complete assessments as a vendor, while others track vendor assessment completion status. Some monitor internal team performance against tasks or contracts, while others monitor supplier performance against key performance indicators (KPIs). In a rigid one-size-fits-all TPRM tool, stakeholders have only a single vendor view, limiting their ability to effectively manage the third-party risk lifecycle.

Prevalent Platform v3.28 expands on existing ease-of-use capabilities, introducing custom dashboards that enable users to define their own unique launchpad using customizable widgets. Available for all Prevalent customers, widgets include a new calendar view of actions, as well as survey schedules, tasks, audit trails, and requirements tracking. See the screenshot below for an example.

The My Dashboard enhancement enables users to adapt the landing page of the Prevalent Platform to a unique view that meets their personal needs and improves their productivity.

Next Steps

If you are a customer, please be sure to check out the Prevalent Customer Portal to read the detailed release notes. You can also reach out to your Customer Success Manager (CSM). If you’re new to Prevalent, request a demo to discover how we can help you speed up and simplify third-party risk analysis and review at every stage of the vendor lifecycle.