Artwork

Contenu fourni par Makala Barsolona and Britton Burton | Sr Director of Product Strategy. Tout le contenu du podcast, y compris les épisodes, les graphiques et les descriptions de podcast, est téléchargé et fourni directement par Makala Barsolona and Britton Burton | Sr Director of Product Strategy ou son partenaire de plateforme de podcast. Si vous pensez que quelqu'un utilise votre œuvre protégée sans votre autorisation, vous pouvez suivre le processus décrit ici https://fr.player.fm/legal.
Player FM - Application Podcast
Mettez-vous hors ligne avec l'application Player FM !

Horror Stories: Why Third-Party Vendor Risk Management is So Scary

44:39
 
Partager
 

Manage episode 344607250 series 3052259
Contenu fourni par Makala Barsolona and Britton Burton | Sr Director of Product Strategy. Tout le contenu du podcast, y compris les épisodes, les graphiques et les descriptions de podcast, est téléchargé et fourni directement par Makala Barsolona and Britton Burton | Sr Director of Product Strategy ou son partenaire de plateforme de podcast. Si vous pensez que quelqu'un utilise votre œuvre protégée sans votre autorisation, vous pouvez suivre le processus décrit ici https://fr.player.fm/legal.

The last few years third-party vendor risk management (TPRM) has transitioned from being a relatively minor part of security and compliance programs for healthcare entities into a massive undertaking with potentially dire consequences if not managed properly. This is one of those topics that seems to really have CISOs shaking in their boots.

What makes third party vendor risk so scary? Why are security leaders having nightmares?

Join us for this episode of the CyberPHIx podcast where we hear from James Ballou, Chief Information Security Officer for North American Partners of Anesthesia.

James shares insights from his extensive experience managing security teams and third-party risk management programs for leading healthcare organizations.

Topics covered in this session include:

  • What makes third-party vendor risk management so scary for healthcare cybersecurity and risk professionals?
  • Regulatory requirements related to third-party vendor risk management including HIPAA and state laws
  • OCR enforcement of third-party business associate compliance mandates
  • Third-party vendor risk governance best practices and models
  • The implications for vendors that acquire certifications including HITRUST, SOC 2, and ISO
  • The limitations of questionnaire-based vendor assessment models
  • Best practices for strategic and operational management of third-party vendor risk management programs in healthcare
  • The future of third-party vendor risk management
  continue reading

99 episodes

Artwork
iconPartager
 
Manage episode 344607250 series 3052259
Contenu fourni par Makala Barsolona and Britton Burton | Sr Director of Product Strategy. Tout le contenu du podcast, y compris les épisodes, les graphiques et les descriptions de podcast, est téléchargé et fourni directement par Makala Barsolona and Britton Burton | Sr Director of Product Strategy ou son partenaire de plateforme de podcast. Si vous pensez que quelqu'un utilise votre œuvre protégée sans votre autorisation, vous pouvez suivre le processus décrit ici https://fr.player.fm/legal.

The last few years third-party vendor risk management (TPRM) has transitioned from being a relatively minor part of security and compliance programs for healthcare entities into a massive undertaking with potentially dire consequences if not managed properly. This is one of those topics that seems to really have CISOs shaking in their boots.

What makes third party vendor risk so scary? Why are security leaders having nightmares?

Join us for this episode of the CyberPHIx podcast where we hear from James Ballou, Chief Information Security Officer for North American Partners of Anesthesia.

James shares insights from his extensive experience managing security teams and third-party risk management programs for leading healthcare organizations.

Topics covered in this session include:

  • What makes third-party vendor risk management so scary for healthcare cybersecurity and risk professionals?
  • Regulatory requirements related to third-party vendor risk management including HIPAA and state laws
  • OCR enforcement of third-party business associate compliance mandates
  • Third-party vendor risk governance best practices and models
  • The implications for vendors that acquire certifications including HITRUST, SOC 2, and ISO
  • The limitations of questionnaire-based vendor assessment models
  • Best practices for strategic and operational management of third-party vendor risk management programs in healthcare
  • The future of third-party vendor risk management
  continue reading

99 episodes

Alla avsnitt

×
 
Loading …

Bienvenue sur Lecteur FM!

Lecteur FM recherche sur Internet des podcasts de haute qualité que vous pourrez apprécier dès maintenant. C'est la meilleure application de podcast et fonctionne sur Android, iPhone et le Web. Inscrivez-vous pour synchroniser les abonnements sur tous les appareils.

 

Guide de référence rapide