))
Horror Stories: Why Third-Party Vendor Risk Management is So Scary
Manage episode 344607250 series 3052259
内容由Makala Barsolona and Britton Burton | Sr Director of Product Strategy提供。所有播客内容(包括剧集、图形和播客描述)均由 Makala Barsolona and Britton Burton | Sr Director of Product Strategy 或其播客平台合作伙伴直接上传和提供。如果您认为有人在未经您许可的情况下使用您的受版权保护的作品,您可以按照此处概述的流程进行操作https://zh.player.fm/legal。
The last few years third-party vendor risk management (TPRM) has transitioned from being a relatively minor part of security and compliance programs for healthcare entities into a massive undertaking with potentially dire consequences if not managed properly. This is one of those topics that seems to really have CISOs shaking in their boots.
What makes third party vendor risk so scary? Why are security leaders having nightmares?
Join us for this episode of the CyberPHIx podcast where we hear from James Ballou, Chief Information Security Officer for North American Partners of Anesthesia.
James shares insights from his extensive experience managing security teams and third-party risk management programs for leading healthcare organizations.
Topics covered in this session include:
- What makes third-party vendor risk management so scary for healthcare cybersecurity and risk professionals?
- Regulatory requirements related to third-party vendor risk management including HIPAA and state laws
- OCR enforcement of third-party business associate compliance mandates
- Third-party vendor risk governance best practices and models
- The implications for vendors that acquire certifications including HITRUST, SOC 2, and ISO
- The limitations of questionnaire-based vendor assessment models
- Best practices for strategic and operational management of third-party vendor risk management programs in healthcare
- The future of third-party vendor risk management
99集单集
分享
