Prominent Chief Information Security Officers (CISOs) from leading health systems and providers throughout the country have come together to establish the Provider Third-Party Risk Management Council to develop, recommend and promote a series of practices to effectively manage their information security-related risks in their supply chain and to safeguard patient safety and information
Effectively assessing the security posture up and down the supply chain is prohibitively expensive given the complexity of the risks posed by information privacy and system security concerns as well as an ever-changing regulatory landscape both domestically and internationally. The challenges they face go well beyond their resources and capabilities, posing a huge challenge for organizations and third parties to create, administer, respond to and manage assessments. In addition, ineffective security, compliance and assurance methods drive cost and confusion within organizations and across third parties.
Our goal is to create a common approach to improve third-party risk management for the organization and vendor community.