TechValidate Research on Prevalent

Prevalent Case Study

Medium Enterprise Professional Services Company


This case study of a medium enterprise professional services company is based on an October 2019 survey of Prevalent customers by TechValidate, a 3rd-party research service. The profiled company asked to have their name blinded to protect their confidentiality.

“With Prevalent, my organization has been able to redirect resources previously dedicated to collecting and analyzing vendor-submitted questionnaires and evidence to other activities.”


The business challenges that led the profiled company to evaluate and ultimately select Prevalent:

  • Top drivers for purchasing their Prevalent third-party risk management solution:
    • Compliance – reporting against specific regulatory or industry framework requirements
    • Stronger cybersecurity, to ensure that third parties do not introduce cyber risks that could negatively impact the business
    • Reduce operational burden (the process of assessing and evaluating vendors took too much time and resources)
    • Greater risk-based intelligence
  • Challenges that deploying Prevalent solved for their organization:
    • A limited ability to continuously monitor vendors
    • A lack of guidance in addressing industry standards or third-party regulatory compliance requirements for cyber risk, InfoSec, or data privacy
    • Having no centralization of TPRM functions

Use Case

The key features and functionalities of Prevalent that the surveyed company uses:

  • Regulations or industry frameworks they must regularly report against:
  • Looking to grow the number of vendors they assess in the next 12 months by 11-25%.


The surveyed company achieved the following results with Prevalent:

  • The following Prevalent capabilities in terms of how differentiated they are compared to the competition:
    • Assessment scheduling and automated chasing reminders: differentiated
    • Automated risk and compliance register: differentiated
    • Centralized document/evidence management: very differentiated
    • Create tasks, flags, and risks based on results of assessment responses in risk register: very differentiated
    • Identify key controls and apply reporting to the most critical relevant risks: differentiated
    • In-solution communication with suppliers on remediating risks: very differentiated
    • Scan third-party networks and apply business intelligence to provide and “outside-in” weighted score of risks: very differentiated
    • Map results to regulatory and industry frameworks like ISO, NIST, GDPR, CoBiT 5, SSAE 18, SIG, SIG Lite, NYDFS for reporting purposes: very differentiated
    • Identify and visualize relationships between entities to demonstrate dependencies and flows of information: very differentiated
    • User dashboard of tasks, schedules, risk activities, survey completion status, agreements, and documents: very differentiated
  • How long it took to complete an assessment:
    • Before deploying Prevalent: 2-3 weeks
    • After deploying Prevalent: 1-2 weeks
  • Saved about 1 week per assessment on average by utilizing the Prevalent Platform.

About This Data

This data was sourced directly from verified users of Prevalent by TechValidate.

TechValidate verifies the identity and organizational affiliation of all participants that contribute to published research data. When research participants so desire, we also guarantee their anonymity so that they may share information honestly and freely.

More Research on Prevalent