ProcessUnity Introduces Generative AI Technology for Intelligent Questionnaire Scoping and Instant Controls Validation for Third-Party Risk Management

CONCORD, Mass.--(BUSINESS WIRE)--ProcessUnity, The Third-Party Risk Management Company, today introduced Evidence Evaluator, groundbreaking generative AI that reduces the manual lift of assessing and validating third-party security controls. A key component of ProcessUnity’s leading Third-Party Risk Management (TPRM) Platform, Evidence Evaluator automatically reviews third-party evidence and populates assessment responses complete with references to the specified evidence in the source documents.

"Evidence Evaluator is purpose-built for third-party risk management. It delivers confidence, precision, and speed right where customers and their third parties need it most: vendor assessments."

Share

For third-party risk teams overwhelmed by the hours spent reading security policies, SOC 2 reports, ISO 27001 certifications, and other evidentiary documentation, Evidence Evaluator delivers a more consistent, accurate, and faster alternative. The technology analyzes third-party evidence, generates responses to questionnaires with supporting rationale and page reference locations, and flags any discrepancies in a third-party's controls.

Unlike other AI-based TPRM assessment tools on the market, Evidence Evaluator stands out because it prioritizes:

• Accuracy – Built and trained on ProcessUnity’s expansive cybersecurity large language model that delivers highly relevant reasoning behind each contextual result to reduce assessor review cycles.
• Privacy – Built and trained in-house, with strict data protections in place. All data is encrypted in transit and at rest, and user-provided inputs are discarded after processing.
• Flexibility – Created as framework-agnostic, Evidence Evaluator recognizes the nuances in language between different standards, regulations, and custom assessments.
• Adaptability – Continuously updated through automated retraining, the dataset and resulting platform evolves to keep up with changes in industry language and regulations.
• Integration – Embedded directly into the ProcessUnity TPRM platform, Evidence Evaluator eliminates the need for separate AI tools or manual integrations.

“We invested heavily in developing this advanced GenAI model to deliver far more than a generic, open-source tool,” said Dan Tobin, Senior Director of Analytics at ProcessUnity. “Evidence Evaluator is purpose-built for third-party risk management. It delivers confidence, precision, and speed right where customers and their third parties need it most: vendor assessments. And because it’s fully integrated into our platform, teams can realize these benefits immediately.”

Built to Review the Documents That Define Third-Party Risk Posture

Trained using the world’s most comprehensive Third-Party Risk Management Large Language Model (LLM), Evidence Evaluator reads and understands virtually any document submitted as part of the vendor assessment process, accurately analyzing and interpreting the documents your team relies on to validate third-party controls. Examples include:

• Statement of Controls Reports (SOC 1, SOC 2, etc.)
• Certifications (ISO 27001, etc.)
• Completed Questionnaires (SIG Core, SIG Lite, etc.)
• Compliance Attestations (GDPR, CCPA, etc.)
• Information Security Policies & Procedures
• Business Continuity / Disaster Recovery Plans

Whether your third parties provide formal audit reports or internal policies, Evidence Evaluator extracts relevant insights and translates them into accurate, defensible responses, helping your team move from document review to decision faster than ever before.

About ProcessUnity

ProcessUnity is the Third-Party Risk Management company. Our software platforms and data services protect customers from cybersecurity threats, breaches, and outages that originate from their ever-growing ecosystem of business partners. By combining the world’s largest third-party risk data exchange, leading TPRM workflow platform, and powerful artificial intelligence, ProcessUnity extends third-party risk, procurement, and cybersecurity teams so they can cover their entire vendor portfolio. With ProcessUnity, organizations of all sizes reduce assessment work while improving quality and securing intellectual property and customer data so business operations continue to operate uninterrupted.

To learn more about Evidence Evaluator or to request a demo, visit our Evidence Evaluator page on the website.