Prevalent GDPR Case Studies

Read examples of customers that utilized Prevalent to meet the third-party risk management requirements of the GDPR.



Prevalent Case Study

Large Enterprise Retail Company

Introduction

This case study of a large enterprise retail company is based on an October 2019 survey of Prevalent customers by TechValidate, a 3rd-party research service. The profiled company asked to have their name blinded to protect their confidentiality.

Challenges

The business challenges that led the profiled company to evaluate and ultimately select Prevalent:

  • Top driver for purchasing their Prevalent third-party risk management solution:
    • Reduce operational burden (the process of assessing and evaluating vendors took too much time and resources)
  • Challenges that deploying Prevalent solved for their organization:
    • A lack of automation in collecting and analyzing vendor surveys
    • Having no centralization of TPRM functions
    • An inconsistent methodology for vendor risk management
  • Vendors evaluated before choosing Prevalent:
    • OneTrust
    • Riskonnect

Use Case

  • Regulations or industry frameworks they must regularly report against:
  • Looking to grow the number of vendors they assess in the next 12 months by 0-10%.

Results

The surveyed company achieved the following results with Prevalent:

  • The following Prevalent capabilities in terms of how differentiated they are compared to the competition:
    • Breadth of available surveys: differentiated
    • Centralized document/evidence management: differentiated
    • Create tasks, flags, and risks based on results of assessment responses in risk register: differentiated
    • Identify key controls and apply reporting to the most critical relevant risks: differentiated
    • In-solution communication with suppliers on remediating risks: differentiated
    • Map results to regulatory and industry frameworks like ISO, NIST, GDPR, CoBiT 5, SSAE 18, SIG, SIG Lite, NYDFS for reporting purposes: differentiated
    • Identify and visualize relationships between entities to demonstrate dependencies and flows of information: differentiated
    • User dashboard of tasks, schedules, risk activities, survey completion status, agreements, and documents: differentiated

Prevalent Case Study

Large Enterprise Media & Entertainment Company

Introduction

This case study of a large enterprise media & entertainment company is based on an October 2019 survey of Prevalent customers by TechValidate, a 3rd-party research service. The profiled company asked to have their name blinded to protect their confidentiality.

Challenges

The business challenges that led the profiled company to evaluate and ultimately select Prevalent:

  • Top driver for purchasing their Prevalent third-party risk management solution:
    • Reduce operational burden (the process of assessing and evaluating vendors took too much time and resources)
  • Challenges that deploying Prevalent solved for their organization:
    • A lack of automation in collecting and analyzing vendor surveys
    • A limited ability to continuously monitor vendors
    • A lack of insights to make risk-based decisions
    • An inability to share completed assessment content and supporting evidence to more quickly identify risks and vulnerabilities
  • Vendors evaluated before choosing Prevalent:
    • BitSight
    • SecurityScorecard

Use Case

  • Regulations or industry frameworks they must regularly report against:
  • Looking to grow the number of vendors they assess in the next 12 months by more than 25%+.

Results

The surveyed company achieved the following results with Prevalent:

  • The following Prevalent capabilities in terms of how differentiated they are compared to the competition:
    • Breadth of available surveys: differentiated
    • Assessment scheduling and automated chasing reminders: differentiated
    • Automated risk and compliance register: differentiated
    • Centralized document/evidence management: differentiated
    • Create tasks, flags, and risks based on results of assessment responses in risk register: differentiated
    • Identify key controls and apply reporting to the most critical relevant risks: differentiated
    • In-solution communication with suppliers on remediating risks: differentiated
    • scan third-party networks and apply business intelligence to provide and “outside-in” weighted score of risks: differentiated
    • Map results to regulatory and industry frameworks like ISO, NIST, GDPR, CoBiT 5, SSAE 18, SIG, SIG Lite, NYDFS for reporting purposes: differentiated
    • Identify and visualize relationships between entities to demonstrate dependencies and flows of information: differentiated
    • User dashboard of tasks, schedules, risk activities, survey completion status, agreements, and documents: differentiated
  • Saved 1 day per assessment on average by utilizing the Prevalent Platform.

Prevalent Case Study

Euromoney Institutional Investor

Introduction

This case study of Euromoney Institutional Investor is based on an October 2019 survey of Prevalent customers by TechValidate, a 3rd-party research service.

Challenges

The business challenges that led the profiled company to evaluate and ultimately select Prevalent:

  • Top driver for purchasing their Prevalent third-party risk management solution:
    • Stronger cybersecurity, to ensure that third parties do not introduce cyber risks that could negatively impact the business
  • Challenges that deploying Prevalent solved for their organization:
    • A lack of automation in collecting and analyzing vendor surveys
    • A limited ability to continuously monitor vendors
    • Having no centralization of TPRM functions
  • Vendors evaluated before choosing Prevalent:
    • CyberGRX
    • OneTrust
    • SecurityScorecard
    • ServiceNow

Use Case

  • Regulations or industry frameworks they must regularly report against:
  • Looking to grow the number of vendors they assess in the next 12 months by more than 25%+.

Results

The surveyed company achieved the following results with Prevalent:

  • The following Prevalent capabilities in terms of how differentiated they are compared to the competition:
    • Breadth of available surveys: differentiated
    • Assessment scheduling and automated chasing reminders: differentiated
    • Automated risk and compliance register: very differentiated
    • Create tasks, flags, and risks based on results of assessment responses in risk register: differentiated
    • Map results to regulatory and industry frameworks like ISO, NIST, GDPR, CoBiT 5, SSAE 18, SIG, SIG Lite, NYDFS for reporting purposes: very differentiated
    • Identify and visualize relationships between entities to demonstrate dependencies and flows of information: very differentiated
    • User dashboard of tasks, schedules, risk activities, survey completion status, agreements, and documents: very differentiated
  • How long it took to complete an assessment:
    • Before deploying Prevalent: 2-3 weeks
    • After deploying Prevalent: 1-2 weeks
  • Saved 1 day per assessment on average by utilizing the Prevalent Platform.

Prevalent Case Study

Global 500 Insurance Company

Introduction

This case study of a Global 500 insurance company is based on an October 2019 survey of Prevalent customers by TechValidate, a 3rd-party research service. The profiled company asked to have their name blinded to protect their confidentiality.

Challenges

The business challenges that led the profiled company to evaluate and ultimately select Prevalent:

  • Top driver for purchasing their Prevalent third-party risk management solution:
    • Reduce operational burden (the process of assessing and evaluating vendors took too much time and resources)
  • Challenges that deploying Prevalent solved for their organization:
    • A lack of automation in collecting and analyzing vendor surveys
    • An inability to share completed assessment content and supporting evidence to more quickly identify risks and vulnerabilities
  • Vendors evaluated before choosing Prevalent:
    • BitSight
    • Dell RSA Archer
    • OneTrust
    • SecurityScorecard
    • ServiceNow

Use Case

  • Regulations or industry frameworks they must regularly report against:

Results

The surveyed company achieved the following results with Prevalent:

  • The following Prevalent capabilities in terms of how differentiated they are compared to the competition:
    • Breadth of available surveys: differentiated
    • Assessment scheduling and automated chasing reminders: very differentiated
    • Automated risk and compliance register: very differentiated
    • Create tasks, flags, and risks based on results of assessment responses in risk register: differentiated
    • Identify key controls and apply reporting to the most critical relevant risks: differentiated
    • In-solution communication with suppliers on remediating risks: differentiated
    • Identify and visualize relationships between entities to demonstrate dependencies and flows of information: very differentiated
    • User dashboard of tasks, schedules, risk activities, survey completion status, agreements, and documents: very differentiated
  • How long it took to complete an assessment:
    • Before deploying Prevalent: 3-4 weeks
    • After deploying Prevalent: 2-3 weeks

Prevalent Case Study

S&P 500 Pharmaceuticals Company

Introduction

This case study of an S&P 500 pharmaceuticals company is based on an October 2019 survey of Prevalent customers by TechValidate, a 3rd-party research service. The profiled company asked to have their name blinded to protect their confidentiality.

“Very positive impact. Speeded up assessments. Nice for the eye. Good reporting and nice dashboards.”

Challenges

The business challenges that led the profiled company to evaluate and ultimately select Prevalent:

  • Top drivers for purchasing their Prevalent third-party risk management solution:
    • Stronger cybersecurity, to ensure that third parties do not introduce cyber risks that could negatively impact the business
    • Reduce operational burden (the process of assessing and evaluating vendors took too much time and resources)
  • Challenges that deploying Prevalent solved for their organization:
    • A lack of automation in collecting and analyzing vendor surveys
    • An inability to share completed assessment content and supporting evidence to more quickly identify risks and vulnerabilities
    • Having no centralization of TPRM functions
    • An inconsistent methodology for vendor risk management

Use Case

  • Regulations or industry frameworks they must regularly report against:
  • Looking to grow the number of vendors they assess in the next 12 months by 0-10%.

Results

The surveyed company achieved the following results with Prevalent:

  • The following Prevalent capabilities in terms of how differentiated they are compared to the competition:
    • Breadth of available surveys: very highly differentiated
    • Assessment scheduling and automated chasing reminders: very differentiated
    • Create tasks, flags, and risks based on results of assessment responses in risk register: very highly differentiated
    • In-solution communication with suppliers on remediating risks: very differentiated
    • Scan third-party networks and apply business intelligence to provide and “outside-in” weighted score of risks: very highly differentiated
    • User dashboard of tasks, schedules, risk activities, survey completion status, agreements, and documents: very highly differentiated
  • How long it took to complete an assessment:
    • Before deploying Prevalent: 3-4 weeks
    • After deploying Prevalent: 1-2 weeks
  • Saved about 1 week per assessment on average by utilizing the Prevalent Platform.

Prevalent Case Study

Medium Enterprise Energy & Utilities Company

Introduction

This case study of a medium enterprise energy & utilities company is based on an October 2019 survey of Prevalent customers by TechValidate, a 3rd-party research service. The profiled company asked to have their name blinded to protect their confidentiality.

“Prevalent will make it easier to visually see how vendors stack up in a single place.”

Challenges

The business challenges that led the profiled company to evaluate and ultimately select Prevalent:

  • Top drivers for purchasing their Prevalent third-party risk management solution:
    • Stronger cybersecurity, to ensure that third parties do not introduce cyber risks that could negatively impact the business
    • Reduce operational burden (the process of assessing and evaluating vendors took too much time and resources)
    • Greater risk-based intelligence
  • Challenges that deploying Prevalent solved for their organization:
    • A lack of automation in collecting and analyzing vendor surveys
    • A limited ability to continuously monitor vendors
    • A lack of insights to make risk-based decisions
    • An inability to share completed assessment content and supporting evidence to more quickly identify risks and vulnerabilities
    • An inconsistent methodology for vendor risk management
  • Vendors evaluated before choosing Prevalent:
    • BitSight
    • CyberGRX

Use Case

  • Regulations or industry frameworks they must regularly report against:
  • Looking to grow the number of vendors they assess in the next 12 months by 11-25%.

Results

The surveyed company achieved the following results with Prevalent:

  • The following Prevalent capabilities in terms of how differentiated they are compared to the competition:
    • Breadth of available surveys: very differentiated
    • Assessment scheduling and automated chasing reminders: very differentiated
    • Automated risk and compliance register: very differentiated
    • Centralized document/evidence management: very differentiated
    • Create tasks, flags, and risks based on results of assessment responses in risk register: very differentiated
    • Identify key controls and apply reporting to the most critical relevant risks: very differentiated
    • In-solution communication with suppliers on remediating risks: very differentiated
    • User dashboard of tasks, schedules, risk activities, survey completion status, agreements, and documents: very differentiated
  • How long it took to complete an assessment:
    • Before deploying Prevalent: 3-4 weeks
    • After deploying Prevalent: 2-3 weeks
  • Saved several days per assessment on average by utilizing the Prevalent Platform.

Prevalent Case Study

Medium Enterprise Insurance Company

Introduction

This case study of a medium enterprise insurance company is based on an October 2019 survey of Prevalent customers by TechValidate, a 3rd-party research service. The profiled company asked to have their name blinded to protect their confidentiality.

“Prevalent allows us to manage third-party risk in an organized way.”

Challenges

The business challenges that led the profiled company to evaluate and ultimately select Prevalent:

  • Top drivers for purchasing their Prevalent third-party risk management solution:
    • Compliance – reporting against specific regulatory or industry framework requirements
    • Stronger cybersecurity, to ensure that third parties do not introduce cyber risks that could negatively impact the business
    • Reduce operational burden (the process of assessing and evaluating vendors took too much time and resources)
  • Challenges that deploying Prevalent solved for their organization:
    • A limited ability to continuously monitor vendors
    • An inability to share completed assessment content and supporting evidence to more quickly identify risks and vulnerabilities
    • Having no centralization of TPRM functions
  • Vendors evaluated before choosing Prevalent:
    • BitSight
    • OneTrust
    • RiskRecon

Use Case

  • Regulations or industry frameworks they must regularly report against:
  • Looking to grow the number of vendors they assess in the next 12 months by more than 25%+.

Results

The surveyed company achieved the following results with Prevalent:

  • The following Prevalent capabilities in terms of how differentiated they are compared to the competition:
    • Automated risk and compliance register: differentiated
    • Map results to regulatory and industry frameworks like ISO, NIST, GDPR, CoBiT 5, SSAE 18, SIG, SIG Lite, NYDFS for reporting purposes: differentiated
    • User dashboard of tasks, schedules, risk activities, survey completion status, agreements, and documents: differentiated
  • How long it took to complete an assessment:
    • After deploying Prevalent: 3-4 weeks
  • Saved several days per assessment on average by utilizing the Prevalent Platform.

Prevalent Case Study

Medium Enterprise Financial Services Company

Introduction

This case study of a medium enterprise financial services company is based on an October 2019 survey of Prevalent customers by TechValidate, a 3rd-party research service. The profiled company asked to have their name blinded to protect their confidentiality.

“Prevalent is providing a more automated and interactive feature set that allows me to analyze the most important areas.”

Challenges

The business challenges that led the profiled company to evaluate and ultimately select Prevalent:

  • Top drivers for purchasing their Prevalent third-party risk management solution:
    • Compliance – reporting against specific regulatory or industry framework requirements
    • Reduce operational burden (the process of assessing and evaluating vendors took too much time and resources)
  • Challenges that deploying Prevalent solved for their organization:
    • A lack of automation in collecting and analyzing vendor surveys
    • A limited ability to continuously monitor vendors
    • An inability to share completed assessment content and supporting evidence to more quickly identify risks and vulnerabilities
    • Having no centralization of TPRM functions
    • An inconsistent methodology for vendor risk management

Use Case

  • Regulations or industry frameworks they must regularly report against:
  • Looking to grow the number of vendors they assess in the next 12 months by more than 25%+.

Results

The surveyed company achieved the following results with Prevalent:

  • The following Prevalent capabilities in terms of how differentiated they are compared to the competition:
    • Breadth of available surveys: differentiated
    • Assessment scheduling and automated chasing reminders: differentiated
    • Automated risk and compliance register: differentiated
    • Create tasks, flags, and risks based on results of assessment responses in risk register: very differentiated
    • Identify key controls and apply reporting to the most critical relevant risks: very differentiated
    • Map results to regulatory and industry frameworks like ISO, NIST, GDPR, CoBiT 5, SSAE 18, SIG, SIG Lite, NYDFS for reporting purposes: very differentiated
    • Identify and visualize relationships between entities to demonstrate dependencies and flows of information: very differentiated
  • How long it took to complete an assessment:
    • Before deploying Prevalent: more than a month
    • After deploying Prevalent: 3-4 weeks
  • Saved several days per assessment on average by utilizing the Prevalent Platform.

Prevalent Case Study

Non-Profit

Introduction

This case study of a non-profit is based on an October 2019 survey of Prevalent customers by TechValidate, a 3rd-party research service. The profiled organization asked to have their name blinded to protect their confidentiality.

“Security risk management for subcontractors has improved significantly; Prevalent has reduced manual analysis & improved visibility.”

Challenges

The business challenges that led the profiled organization to evaluate and ultimately select Prevalent:

  • Top drivers for purchasing their Prevalent third-party risk management solution:
    • Compliance – reporting against specific regulatory or industry framework requirements
    • Stronger cybersecurity, to ensure that third parties do not introduce cyber risks that could negatively impact the business
    • Reduce operational burden (the process of assessing and evaluating vendors took too much time and resources)
    • Greater risk-based intelligence
  • Challenges that deploying Prevalent or solved for their organization:
    • A lack of automation in collecting and analyzing vendor surveys
    • A limited ability to continuously monitor vendors
    • A lack of insights to make risk-based decisions
    • An inability to share completed assessment content and supporting evidence to more quickly identify risks and vulnerabilities
    • Having no centralization of TPRM functions
  • Vendor evaluated before choosing Prevalent:
    • AdaptiveGRC

Use Case

  • Regulations or industry frameworks they must regularly report against:
  • Looking to grow the number of vendors they assess in the next 12 months by 0-10%.

Results

The surveyed organization achieved the following results with Prevalent:

  • The following Prevalent capabilities in terms of how differentiated they are compared to the competition:
    • In-solution communication with suppliers on remediating risks: differentiated
    • Scan third-party networks and apply business intelligence to provide and “outside-in” weighted score of risks: differentiated
  • How long it took to complete an assessment:
    • Before deploying Prevalent: more than a month
    • After deploying Prevalent: 2-3 weeks
  • Saved more than 1 week per assessment on average by utilizing the Prevalent Platform.

Prevalent Case Study

Medium Enterprise Professional Services Company

Introduction

This case study of a medium enterprise professional services company is based on an October 2019 survey of Prevalent customers by TechValidate, a 3rd-party research service. The profiled company asked to have their name blinded to protect their confidentiality.

“We’ve built Prevalent into our internal processes as it pertains to vendor on-boarding. If the new vendor meets certain criteria, then they will undergo Prevalent assessment.”

Challenges

The business challenges that led the profiled company to evaluate and ultimately select Prevalent:

  • Top drivers for purchasing their Prevalent third-party risk management solution:
    • Stronger cybersecurity, to ensure that third parties do not introduce cyber risks that could negatively impact the business
    • Reduce operational burden (the process of assessing and evaluating vendors took too much time and resources)
    • Greater risk-based intelligence
  • Challenges that deploying Prevalent or 3GRC solved for their organization:
    • A lack of automation in collecting and analyzing vendor surveys
    • A limited ability to continuously monitor vendors
    • A lack of insights to make risk-based decisions
    • An inability to share completed assessment content and supporting evidence to more quickly identify risks and vulnerabilities
    • An inconsistent methodology for vendor risk management

Use Case

  • Regulations or industry frameworks they must regularly report against:
  • Looking to grow the number of vendors they assess in the next 12 months by 0-10%.

Results

The surveyed company achieved the following results with Prevalent:

  • Saved more than 1 week per assessment on average by utilizing the Prevalent Platform.

Prevalent Case Study

Small Business Educational Institution Company

Introduction

This case study of a small business educational institution company is based on an October 2019 survey of Prevalent customers by TechValidate, a 3rd-party research service. The profiled company asked to have their name blinded to protect their confidentiality.

Challenges

The business challenges that led the profiled company to evaluate and ultimately select Prevalent:

  • Top drivers for purchasing their Prevalent third-party risk management solution:
    • Compliance – reporting against specific regulatory or industry framework requirements
    • Stronger cybersecurity, to ensure that third parties do not introduce cyber risks that could negatively impact the business
  • Challenges that deploying Prevalent or 3GRC solved for their organization:
    • Having no centralization of TPRM functions
  • Vendor evaluated before choosing Prevalent:
    • NCC Group, Zoonou

Use Case

  • Regulations or industry frameworks they must regularly report against:

Results

The surveyed company achieved the following results with Prevalent:

  • The following Prevalent capabilities in terms of how differentiated they are compared to the competition:
    • Identify key controls and apply reporting to the most critical relevant risks: differentiated
    • In-solution communication with suppliers on remediating risks: very differentiated
    • Scan third-party networks and apply business intelligence to provide and “outside-in” weighted score of risks: differentiated

Prevalent Case Study

Large Enterprise Retail Company

Introduction

This case study of a large enterprise retail company is based on an October 2019 survey of Prevalent customers by TechValidate, a 3rd-party research service. The profiled company asked to have their name blinded to protect their confidentiality.

“With Prevalent, my organization has been able to redirect resources previously dedicated to collecting and analyzing vendor-submitted questionnaires and evidence to other activities.”

Challenges

The business challenges that led the profiled company to evaluate and ultimately select Prevalent:

  • Top drivers for purchasing their Prevalent third-party risk management solution:
    • Stronger cybersecurity, to ensure that third parties do not introduce cyber risks that could negatively impact the business
    • Reduce operational burden (the process of assessing and evaluating vendors took too much time and resources)
    • Greater risk-based intelligence
  • Challenges that deploying Prevalent or 3GRC solved for their organization:
    • A lack of automation in collecting and analyzing vendor surveys
    • A limited ability to continuously monitor vendors
    • A lack of insights to make risk-based decisions

Use Case

  • Regulations or industry frameworks they must regularly report against:
  • Looking to grow the number of vendors they assess in the next 12 months by more than 25%+.

Results

The surveyed company achieved the following results with Prevalent:

  • The following Prevalent capabilities in terms of how differentiated they are compared to the competition:
    • Breadth of available surveys: differentiated
    • Assessment scheduling and automated chasing reminders: very differentiated
    • Automated risk and compliance register: very differentiated
    • Centralized document/evidence management: very highly differentiated
    • Create tasks, flags, and risks based on results of assessment responses in risk register: differentiated
    • In-solution communication with suppliers on remediating risks: differentiated
    • Scan third-party networks and apply business intelligence to provide and “outside-in” weighted score of risks: differentiated
    • User dashboard of tasks, schedules, risk activities, survey completion status, agreements, and documents: differentiated
  • How long it took to complete an assessment:
    • Before deploying Prevalent: 1-2 weeks
    • After deploying Prevalent: less than 1 week
  • Saved more than 1 week per assessment on average by utilizing the Prevalent Platform.

Prevalent Case Study

Large Enterprise Automotive & Transport Company

Introduction

This case study of a large enterprise automotive & transport company is based on an October 2019 survey of Prevalent customers by TechValidate, a 3rd-party research service. The profiled company asked to have their name blinded to protect their confidentiality.

“Helps enable quicker conversation between us and the vendor. Helps quantify the risk.”

Challenges

The business challenges that led the profiled company to evaluate and ultimately select Prevalent:

  • Challenges that deploying Prevalent or 3GRC solved for their organization:
    • A lack of automation in collecting and analyzing vendor surveys
    • A limited ability to continuously monitor vendors
    • A lack of insights to make risk-based decisions
    • A lack of guidance in addressing industry standards or third-party regulatory compliance requirements for cyber risk, InfoSec, or data privacy
    • An inability to share completed assessment content and supporting evidence to more quickly identify risks and vulnerabilities
    • Having no centralization of TPRM functions
    • An inconsistent methodology for vendor risk management

Use Case

  • Regulations or industry frameworks they must regularly report against:
  • Looking to grow the number of vendors they assess in the next 12 months by 11-25%.

Results

The surveyed company achieved the following results with Prevalent:

  • Top drivers for purchasing their Prevalent third-party risk management solution:
    • Reduce operational burden (the process of assessing and evaluating vendors took too much time and resources)
    • Greater risk-based intelligence

Prevalent Case Study

Global 500 Retail Company

Introduction

This case study of a Global 500 retail company is based on an October 2019 survey of Prevalent customers by TechValidate, a 3rd-party research service. The profiled company asked to have their name blinded to protect their confidentiality.

“It has automated and brought consistency to the initial onboarding of all Third Parties, which has allowed the team to focus on what matters.”

Challenges

The business challenges that led the profiled company to evaluate and ultimately select Prevalent:

  • Top drivers for purchasing their Prevalent third-party risk management solution:
    • Reduce operational burden (the process of assessing and evaluating vendors took too much time and resources)
  • Challenges that deploying Prevalent solved for their organization:
    • A lack of automation in collecting and analyzing vendor surveys
    • A limited ability to continuously monitor vendors
    • An inability to share completed assessment content and supporting evidence to more quickly identify risks and vulnerabilities
    • An inconsistent methodology for vendor risk management
  • Vendor evaluated before choosing Prevalent:
    • Synergi

Use Case

  • Regulations or industry frameworks they must regularly report against:
  • Looking to grow the number of vendors they assess in the next 12 months by 11-25%.

Results

The surveyed company achieved the following results with Prevalent:

  • The following Prevalent capabilities in terms of how differentiated they are compared to the competition:
    • Breadth of available surveys: differentiated
    • Centralized document/evidence management: differentiated
    • Create tasks, flags, and risks based on results of assessment responses in risk register: differentiated
    • In-solution communication with suppliers on remediating risks: differentiated
    • Identify and visualize relationships between entities to demonstrate dependencies and flows of information: differentiated
  • How long it took to complete an assessment:
    • Before deploying Prevalent: 1-2 weeks
    • After deploying Prevalent: less than 1 week
  • Saved about 1 week per assessment on average by utilizing the Prevalent Platform.

Prevalent Case Study

S&P 500 Financial Services Company

Introduction

This case study of an S&P 500 financial services company is based on an October 2019 survey of Prevalent customers by TechValidate, a 3rd-party research service. The profiled company asked to have their name blinded to protect their confidentiality.

“We have risk reporting on time when we need to report to the authorities. Consistent reporting metrics is another key benefit.”

Challenges

The business challenges that led the profiled company to evaluate and ultimately select Prevalent:

  • Top drivers for purchasing their Prevalent third-party risk management solution:
    • Compliance – reporting against specific regulatory or industry framework requirements
    • Stronger cybersecurity, to ensure that third parties do not introduce cyber risks that could negatively impact the business
    • Greater risk-based intelligence
  • Challenges that deploying Prevalent solved for their organization:
    • A limited ability to continuously monitor vendors
    • A lack of guidance in addressing industry standards or third-party regulatory compliance requirements for cyber risk, InfoSec, or data privacy
    • An inconsistent methodology for vendor risk management

Use Case

The key features and functionalities of Prevalent that the surveyed company uses:

Results

The surveyed company achieved the following results with Prevalent:

  • The following Prevalent capabilities in terms of how differentiated they are compared to the competition:
    • Breadth of available surveys: very differentiated
    • Assessment scheduling and automated chasing reminders: very differentiated
    • Automated risk and compliance register: very differentiated
    • Centralized document/evidence management: very differentiated
    • Create tasks, flags, and risks based on results of assessment responses in risk register: very differentiated
    • Identify key controls and apply reporting to the most critical relevant risks: very differentiated
    • In-solution communication with suppliers on remediating risks: very differentiated
    • Scan third-party networks and apply business intelligence to provide and “outside-in” weighted score of risks: very differentiated
    • Map results to regulatory and industry frameworks like ISO, NIST, GDPR, CoBiT 5, SSAE 18, SIG, SIG Lite, NYDFS for reporting purposes: very differentiated
    • Identify and visualize relationships between entities to demonstrate dependencies and flows of information: very differentiated
    • User dashboard of tasks, schedules, risk activities, survey completion status, agreements, and documents: very differentiated
  • How long it took to complete an assessment:
    • Before deploying Prevalent: more than a month
    • After deploying Prevalent: 2-3 weeks
  • Saved about 1 week per assessment on average by utilizing the Prevalent Platform.

Prevalent Case Study

Medium Enterprise Professional Services Company

Introduction

This case study of a medium enterprise professional services company is based on an October 2019 survey of Prevalent customers by TechValidate, a 3rd-party research service. The profiled company asked to have their name blinded to protect their confidentiality.

“With Prevalent, my organization has been able to redirect resources previously dedicated to collecting and analyzing vendor-submitted questionnaires and evidence to other activities.”

Challenges

The business challenges that led the profiled company to evaluate and ultimately select Prevalent:

  • Top drivers for purchasing their Prevalent third-party risk management solution:
    • Compliance – reporting against specific regulatory or industry framework requirements
    • Stronger cybersecurity, to ensure that third parties do not introduce cyber risks that could negatively impact the business
    • Reduce operational burden (the process of assessing and evaluating vendors took too much time and resources)
    • Greater risk-based intelligence
  • Challenges that deploying Prevalent solved for their organization:
    • A limited ability to continuously monitor vendors
    • A lack of guidance in addressing industry standards or third-party regulatory compliance requirements for cyber risk, InfoSec, or data privacy
    • Having no centralization of TPRM functions

Use Case

The key features and functionalities of Prevalent that the surveyed company uses:

  • Regulations or industry frameworks they must regularly report against:
  • Looking to grow the number of vendors they assess in the next 12 months by 11-25%.

Results

The surveyed company achieved the following results with Prevalent:

  • The following Prevalent capabilities in terms of how differentiated they are compared to the competition:
    • Assessment scheduling and automated chasing reminders: differentiated
    • Automated risk and compliance register: differentiated
    • Centralized document/evidence management: very differentiated
    • Create tasks, flags, and risks based on results of assessment responses in risk register: very differentiated
    • Identify key controls and apply reporting to the most critical relevant risks: differentiated
    • In-solution communication with suppliers on remediating risks: very differentiated
    • Scan third-party networks and apply business intelligence to provide and “outside-in” weighted score of risks: very differentiated
    • Map results to regulatory and industry frameworks like ISO, NIST, GDPR, CoBiT 5, SSAE 18, SIG, SIG Lite, NYDFS for reporting purposes: very differentiated
    • Identify and visualize relationships between entities to demonstrate dependencies and flows of information: very differentiated
    • User dashboard of tasks, schedules, risk activities, survey completion status, agreements, and documents: very differentiated
  • How long it took to complete an assessment:
    • Before deploying Prevalent: 2-3 weeks
    • After deploying Prevalent: 1-2 weeks
  • Saved about 1 week per assessment on average by utilizing the Prevalent Platform.