Written by HITRUST Independent Security Journalist Sean Martin.
Increased regulatory oversight…outsourced relationships that share sensitive information…the evolving threat landscape. Considering all these factors, third-party assurance has become a crucial component of every organization’s risk management program. Or, if it hasn’t, it is sure to hit the project checklist sooner rather than later.
Developing and implementing an effective program to ensure your business partners handle sensitive information properly is a challenging task. It requires alignment and support—internally and with your business partners.
Taking on the Third-Party Risk Management Challenge
This is exactly the challenge that the HITRUST Third Party Assurance Summit 2018 can help you tackle on February 20-21 in Chicago. The Summit brings together leaders and experts (representing customers as well as vendors and consultancies) in various aspects of risk management. Some typical departments and roles that attend the Summit include:
- Information Security
- Enterprise Risk
- Internal Audit and Compliance
- Vendor Risk Management
- Legal and Compliance
- Customer Relationship Management
As with most aspect of business, functional teams from around the organization need work together to meet their collective business objectives. This is often easier said than done, however, as most functional teams have their own key performance indicators (KPIs) which aren’t always in support of other functional teams’ KPIs. This is why it’s extremely important that each functional team have a clear understanding for how third-party risk impacts their role and how they can collaborate with the rest of the organization to encourage efficient, yet effective, third-party risk management processes.
Fortunately, this is another key area where the HITRUST TPA Summit can help as it will bring constituents from all types of roles and functions together to help open up the conversation and establish a common understanding and language to support a collaborative effort for their third-party risk management program.
In addition to a gathering of attendees from various functional roles, the HITRUST TPA Summit will also bring together a fine collection of speakers and leaders from some of these same roles.
The speakers—representing some of the top organizations and brands from across the US—will share best practices, lessons learned and effective third-party risk management strategies that automate and streamline the process when requesting and receiving security and privacy risk assessment information from vendors. It’s information that both organizations and their vendors and business partners can benefit from.
A Great Place to Collaborate
The Summit provides a unique forum for attendees to collaborate in evolving approaches in ensuring effective communications of appropriate, timely and consumable risk management information. A combination of facilitated discussions, educational sessions and networking opportunities—along with general sessions and tracks—can meet each attendee’s specific areas of interest:
- The customer approach and challenges managing third-party risk.
- The vendor approach and challenges supporting third-party assurance requests.
- Collaboration to identify areas of contention and brainstorm solutions.
- Legal and regulatory considerations in the U.S. and internationally.
- The role of continuous monitoring and risk ratings.
- Leveraging HITRUST assurance programs for a comprehensive risk management strategy.
- Streamlining third-party assurance processes via HITRUST vendor risk management systems.
- How the HITRUST assessment meets all regulatory and third-party requirements.
- Vendor identification and risk classification.
- Vendor engagement and outreach.
- Contractual amendments and contracting process.
Who Can Benefit?
Attending the Summit can benefit any organization as well as vendors and business partners that together support the creation, transportation, processing or storage of sensitive information. Sessions will touch upon handling sensitive information relating to health, finance and intellectual property.
By engaging, partnering and coordinating with third parties in the risk management process, your organization can gain greater efficiencies and improve partner relations. Most importantly, you can assure appropriate risk management can be achieved.
What: HITRUST Third Party Assurance Summit 2018
When: February 20-21
Where: Hyatt Regency O’Hare, Chicago
Who Should Attend: Organizations and vendors involved in third-party assurance programs that support the creation, transport, processing or storage of sensitive information—including health, financial and intellectual information.
Learn more and register
The 2018 HITRUST Third Party Assurance Summit 2018 will be held February 20-21 at the Hyatt Regency O’Hare in Chicago. Visit the Summit website page to register.
Here are 5 Reasons to Attend the HITRUST Third Party Assurance Summit:
- Collaborate with other organizations in the Eco System … Meet Top CISOs and other subject matter experts representing customers, third and fourth parties
- Third Party Risk Management… Learn firsthand best practices in implementing a third party risk management program
- Leveraging HITRUST for Third Party Risk Management. Learn how to “Assess once and Report Many”
- The industry is evolving. Keep up to speed with the latest state, federal, and international impacts around third party risk management
- Prepare for the future. Learn what’s next from HITRUST and industry partners, including updates on GDPR, BASICs, Threat Catalog, and more.
You may be interested
Ensuring the Integrity of HITRUST CSF® AssessmentsSandra Omielanczuk - Jan 29, 2019
By Ken Vander Wal, Chief Compliance Officer HITRUST® There is a common theme among many of our clients following their…
Improving Cloud Security with a Shared Responsibility ModelSierra Reed - Jan 07, 2019
HITRUST streamlines the process to determine who’s responsible for what security controls among your service providers By Hector Rodriguez, Worldwide…
From Providers to Patients: Time to Protect the Entire Healthcare Supply ChainLacy Deatrich - Dec 18, 2018
Written by Taylor Lehmann, Chief Information Security Officer, Wellforce The patient-care ecosystem is a complex mix of healthcare providers, payers…