Prevalent TPRM Platform v3.18 Introduces Risk Relationships & Improves Vendor Monitoring

We’re excited to announce the v3.18 release of the Prevalent Third-Party Risk Management Platform, which includes new capabilities for defining and diagraming risk relationships. In conjunction with this update, we’re also releasing v2.1 of Vendor Threat Monitor, which includes filtering, reporting and alerting enhancements.

Risk Relationships Add Context to Compensating Controls

To effectively manage risk, you need to understand compensating controls (i.e., alternate measures you can take to fulfill a requirement). After all, an identified risk might not represent an actual threat if there is a compensating control in place to mitigate it.

However, most third-party risk management platforms and frameworks (such as ISO27001, NIST, CMMC, etc.) look at controls in isolation and can lack context for compensating controls, which can make it difficult to determine the best course of remediation.

Prevalent Platform v3.18 addresses this issue by introducing risk relationships – a clear, easy way of seeing associations between risks. This new capability ensures that you have the proper context when determining whether risks should be addressed directly or by applying compensating controls.

How risk relationships work

Risk relationships are defined in the Prevalent TPRM platform. If a vendor assessment response raises a relevant risk or risks, then the platform will automatically generate and display any applicable risk relationships.

This new capability enables customers to:

• Define and customize risk relationships with multiple attributes
• Automatically identify risk relationships for both historical and current assessments
• Review, search and filter all risks and their relationships
• Manually create risks if necessary

The new Related Risks capability enables reviewers to define rules for compensating controls and view relationships between risks.

Filtering, Alerting and Reporting Enhancements in Vendor Threat Monitor Ensure Complete Risk Visibility

Since unveiling the first full-featured, natively integrated third-party risk assessment and monitoring solution in September 2019, we have released continual enhancements to deliver 360-degree visibility into third party risk. Version 3.18 builds on this momentum with Vendor Threat Monitor v2.1 improvements including:

• Interface enhancements enable users to centrally track cyber and business risk monitoring status. Users can view monitoring status by vendor and sort results by score for fast risk identification and remediation.
• New email notification capabilities increase efficiency and visibility with daily summaries of high-risk events triggered by cyber and business monitoring.
• Advanced threat event filtering allows teams to zero-in on critical risks. Filters include event type, priority, date range, and threat category.
• A new executive report clearly displays threat events and risk scores for each vendor (or other monitored entity).

New executive reports display an overview of risks by type and severity, while allowing reviewers to drill down to risk details for scoring verification and validation.

I hope you’re as excited as we are about these enhancements! For more information on this release, please see the What’s New document or read the Release Notes on the Prevalent Customer Portal.