Artwork

Contenido proporcionado por Makala Barsolona and Britton Burton | Sr Director of Product Strategy. Todo el contenido del podcast, incluidos episodios, gráficos y descripciones de podcast, lo carga y proporciona directamente Makala Barsolona and Britton Burton | Sr Director of Product Strategy o su socio de plataforma de podcast. Si cree que alguien está utilizando su trabajo protegido por derechos de autor sin su permiso, puede seguir el proceso descrito aquí https://es.player.fm/legal.
Player FM : aplicación de podcast
¡Desconecta con la aplicación Player FM !

Horror Stories: Why Third-Party Vendor Risk Management is So Scary

44:39
 
Compartir
 

Manage episode 344607250 series 3052259
Contenido proporcionado por Makala Barsolona and Britton Burton | Sr Director of Product Strategy. Todo el contenido del podcast, incluidos episodios, gráficos y descripciones de podcast, lo carga y proporciona directamente Makala Barsolona and Britton Burton | Sr Director of Product Strategy o su socio de plataforma de podcast. Si cree que alguien está utilizando su trabajo protegido por derechos de autor sin su permiso, puede seguir el proceso descrito aquí https://es.player.fm/legal.

The last few years third-party vendor risk management (TPRM) has transitioned from being a relatively minor part of security and compliance programs for healthcare entities into a massive undertaking with potentially dire consequences if not managed properly. This is one of those topics that seems to really have CISOs shaking in their boots.

What makes third party vendor risk so scary? Why are security leaders having nightmares?

Join us for this episode of the CyberPHIx podcast where we hear from James Ballou, Chief Information Security Officer for North American Partners of Anesthesia.

James shares insights from his extensive experience managing security teams and third-party risk management programs for leading healthcare organizations.

Topics covered in this session include:

  • What makes third-party vendor risk management so scary for healthcare cybersecurity and risk professionals?
  • Regulatory requirements related to third-party vendor risk management including HIPAA and state laws
  • OCR enforcement of third-party business associate compliance mandates
  • Third-party vendor risk governance best practices and models
  • The implications for vendors that acquire certifications including HITRUST, SOC 2, and ISO
  • The limitations of questionnaire-based vendor assessment models
  • Best practices for strategic and operational management of third-party vendor risk management programs in healthcare
  • The future of third-party vendor risk management
  continue reading

99 episodios

Artwork
iconCompartir
 
Manage episode 344607250 series 3052259
Contenido proporcionado por Makala Barsolona and Britton Burton | Sr Director of Product Strategy. Todo el contenido del podcast, incluidos episodios, gráficos y descripciones de podcast, lo carga y proporciona directamente Makala Barsolona and Britton Burton | Sr Director of Product Strategy o su socio de plataforma de podcast. Si cree que alguien está utilizando su trabajo protegido por derechos de autor sin su permiso, puede seguir el proceso descrito aquí https://es.player.fm/legal.

The last few years third-party vendor risk management (TPRM) has transitioned from being a relatively minor part of security and compliance programs for healthcare entities into a massive undertaking with potentially dire consequences if not managed properly. This is one of those topics that seems to really have CISOs shaking in their boots.

What makes third party vendor risk so scary? Why are security leaders having nightmares?

Join us for this episode of the CyberPHIx podcast where we hear from James Ballou, Chief Information Security Officer for North American Partners of Anesthesia.

James shares insights from his extensive experience managing security teams and third-party risk management programs for leading healthcare organizations.

Topics covered in this session include:

  • What makes third-party vendor risk management so scary for healthcare cybersecurity and risk professionals?
  • Regulatory requirements related to third-party vendor risk management including HIPAA and state laws
  • OCR enforcement of third-party business associate compliance mandates
  • Third-party vendor risk governance best practices and models
  • The implications for vendors that acquire certifications including HITRUST, SOC 2, and ISO
  • The limitations of questionnaire-based vendor assessment models
  • Best practices for strategic and operational management of third-party vendor risk management programs in healthcare
  • The future of third-party vendor risk management
  continue reading

99 episodios

Alla avsnitt

×
 
Loading …

Bienvenido a Player FM!

Player FM está escaneando la web en busca de podcasts de alta calidad para que los disfrutes en este momento. Es la mejor aplicación de podcast y funciona en Android, iPhone y la web. Regístrate para sincronizar suscripciones a través de dispositivos.

 

Guia de referencia rapida