Prevalent CIS Top 20 Case Studies

Read examples of customers that utilized Prevalent to meet the third-party risk management requirements of the CIS Top 20 security controls.

Prevalent Case Study

Large Enterprise Retail Company


This case study of a large enterprise retail company is based on an October 2019 survey of Prevalent customers by TechValidate, a 3rd-party research service. The profiled company asked to have their name blinded to protect their confidentiality.


The business challenges that led the profiled company to evaluate and ultimately select Prevalent:

  • Top driver for purchasing their Prevalent third-party risk management solution:
    • Reduce operational burden (the process of assessing and evaluating vendors took too much time and resources)
  • Challenges that deploying Prevalent solved for their organization:
    • A lack of automation in collecting and analyzing vendor surveys
    • Having no centralization of TPRM functions
    • An inconsistent methodology for vendor risk management
  • Vendors evaluated before choosing Prevalent:
    • OneTrust
    • Riskonnect

Use Case

  • Regulations or industry frameworks they must regularly report against:
  • Looking to grow the number of vendors they assess in the next 12 months by 0-10%.


The surveyed company achieved the following results with Prevalent:

  • The following Prevalent capabilities in terms of how differentiated they are compared to the competition:
    • Breadth of available surveys: differentiated
    • Centralized document/evidence management: differentiated
    • Create tasks, flags, and risks based on results of assessment responses in risk register: differentiated
    • Identify key controls and apply reporting to the most critical relevant risks: differentiated
    • In-solution communication with suppliers on remediating risks: differentiated
    • Map results to regulatory and industry frameworks like ISO, NIST, GDPR, CoBiT 5, SSAE 18, SIG, SIG Lite, NYDFS for reporting purposes: differentiated
    • Identify and visualize relationships between entities to demonstrate dependencies and flows of information: differentiated
    • User dashboard of tasks, schedules, risk activities, survey completion status, agreements, and documents: differentiated