Vendor Security Assessment Competitive Landscape

Part
01
of one
Part
01

Vendor Security Assessment Competitive Landscape

According to Prevalent, "the third-party risk management (TPRM) market is currently worth $500 million and growing at 27% annually." As competitors in this market appear to be mostly private, we were limited the level of detail we were able to acquire about the companies. The one commonality between them all is their use of awards and mention by market research firms, most notably Gartner, in their advertising.

Prevalent

  • https://www.prevalent.net/
  • Founded in Warren, New Jersey in 2004, Prevalent is now headquartered in Phoenix, AZ.
  • According to Crunchbase, it has between 11 and 50 employees and $82.2 million in total funding.
  • According to its LinkedIn profile, it has between 50 and 200 employees. There are 127 employees with LinkedIn profiles.
  • Prevalent's investors are Insight Venture Partners and Fulcrum Equity Partners.
  • Fulcrum invested $4 million in 2014. By the end of 2015, Prevalent had generated $20 million in sales in its pipeline.
  • In 2015, Prevalent raised $8 million with a Series B round with Fulcrum and Spring Mountain Capital and completed a $60 million recap with Insight Capital. This represented an over 400% increase in enterprise value from Fulcrum's initial investment in 2014.
  • In 2017, Gartner named Prevalent as a leader in its Magic Quadrant.
  • According to Prevalent, the company offers "the industry’s only purpose-built, unified platform for third-party risk management. The platform integrates a powerful combination of automated assessments, continuous monitoring, and evidence sharing for collaboration between enterprises and vendors. No other product on the market combines all three components, providing the best solution for a highly functioning, effective third-party risk program."
  • In its research report, The Forrester New Wave™: Cybersecurity Risk Ratings Solutions, Q4 2018, Forrester evaluated nine vendors on ten criteria and found Prevalent to be a leader. “No other tool matched the breadth and depth of its data and risk domain coverage.”

ProcessUnity

  • https://www.processunity.com/
  • Founded in 2003, ProcessUnity is based in Concord, Massachusetts.
  • "ProcessUnity Vendor Cloud is a software-as-a-service (SaaS) application that identifies and remediates risks posed by third-party service providers. Combining a powerful vendor services catalog with risk process automation and dynamic reporting, Vendor Cloud streamlines third-party risk activities while capturing key supporting documentation that ensures compliance and fulfills regulatory requirements."
  • In December 2019, ProcessUnity "announced that it received the highest scores in two use cases in Gartner’s Critical Capabilities for IT Vendor Risk Management Tools report for the second consecutive year. The report... evaluates the capabilities of IT Vendor Risk Management software providers and delivers product ratings and scores of key capabilities."
  • In August 2019, ProcessUnity "announced that Network Products Guide recognized ProcessUnity’s Vendor Risk Management solution as one of the Best Products in Vendor Risk Management in the 14th Annual 2019 IT World Awards®."
  • Zoominfo estimates $23 million in annual revenue and 123 employees.
  • According to Crunchbase, it has between 101 and 250 employees and $24.9 million in total funding and was acquired by Long Ridge Equity Partners, which notes investing in ProcessUnity in September 2018.
  • ProcessUnity's LinkedIn profile notes 51 to 200 employees with 85 on LinkedIn.
  • In April 2013, ProcessUnity, "announced that it secured $5 million in a Series C round led by Rose Park Advisors’ Disruptive Innovation Fund. The funding will support the company’s rapid growth and expand marketing and sales of its SaaS solutions."
  • Rose Park was the ProcessUnity's first institutional investor. Prior to Rose Park's investment, "ProcessUnity raised $4.5 million in two prior rounds of funding from private individuals.... [but faced] mounting pressures in the regulatory compliance realm spell increased risk for their business-to-business clients, which include names like Fidelity Investments and RBS Citizens, as well as smaller enterprises."
  • In January 2018, ProcessUnity reported"record sales to organizations of all sizes — as small as community banks and as large as Global 50 corporations. The company experienced increased demand in markets outside of financial services — including legal, retail, high tech, life sciences and more. Additionally, ProcessUnity experienced significant revenue growth via managed services sold through partners. The company maintained its impressive subscription renewal rate of over 94 percent."

Aravo

  • https://www.aravo.com/
  • Headquartered in San Francisco, California, Aravo was founded in 2000.
  • "Since 2000, leading global brands across a diverse range of industries have counted on Aravo for their end-to-end enterprise supplier and third party risk management. Brands including GE, Unilever, Procter and Gamble, Google, SalesForce and many more. Aravo has also distilled this experience and best-in-class technology into rapid time-to-value applications that help companies manage a wide range of programs including: ABAC, responsible sourcing, data privacy, infosec, GDPR, and financial services regulatory compliance. Aravo supports a user base of 136,000 corporate users, managing more than 4.5 million third party users in 36 languages and 154 countries. "
  • Aravo was the top-ranked vendor in the "current offering" category in Forrester's report, The Forrester Wave™: Supplier Risk And Performance Management Platforms, Q1 2018.
  • Aravo received the GRC 20/20’s Value Award for Third Party Management "for providing measurable value in GRC efficiency, effectiveness and agility"
  • "Aravo was named as a Category Leader with the highest “Completeness of Offering” of any provider in the Chartis RiskTech Quadrant® for Third Party Risk Management Solutions 2017."
  • Aravo was also "named a Challenger in the 2017 Gartner® Magic Quadrant for IT Vendor Risk Management."
  • According to Crunchbase, Aravo's total funding to date is $51.4 million.
  • According to Incfact.com, Aravo's annual revenue is between $10 million and $50 million and has between 10 and 100 employees.
  • Zoominfo estimates that Aravo has 178 employees.

OneTrust

Ncontracts

  • https://ncontracts.com/
  • "Rethinking risk management requires more than software. Financial organizations deserve expert services and automated, exam and board-ready reporting capabilities."
  • Headquartered in Brentwood, Tennessee, Ncontracts was founded in 2009. ("[T]he N stands for “inside”, a nod to the need to understand the industry in order to create high-value software.")
  • Ncontracts reached 250 customers in 2014.
  • In 2015, Mainsail Partners invested in Ncontracts. Also, that year, Ncontracts acquired Strohl Risk Solutions, which grew its client base to 550 financial institutions.
  • In 2017, Ncontracts acquired Supernal Software, expanded its reach to all 50 states.
  • Ncontracts acquired TruPoint in 2019, growing the client base to 1,250.
  • In December 2019, Ncontracts announced that it had been positioned by Gartner in the Challengers quadrant of the Magic Quadrant for IT Vendor Risk Management Tools report.
  • Ncontracts also announced in December 2019 that it had achieved 345% growth over the previous three years.
  • In January 2020, Gryphon Investors announced that it had acquired Ncontracts. "Gryphon targets making equity investments of $100 million to $300 million in portfolio companies with enterprise values ranging from approximately $100 million to $500 million."
  • Crunchbase estimates that Ncontracts has 101 to 250 employees.
  • Ncontracts' LinkedIn profile sets its employee count between 51 and 200.

Research Strategy

Most information could be gleaned from company websites. Where those fell short with regard details including revenue and employee count, we scoured third-party research sites as well as company LinkedIn pages.

Sources
Sources