The healthcare industry faces a continuing pattern of data breaches and security issues. In 2018, the Board at one of Chicago’s largest regional hospitals decided it was time to implement a Third-Party Risk Management program. And the team chose ThirdPartyTrust as their ally.
The choice
ThirdPartyTrust was the selected tool because of its ease of use and flexibility to adapt to their business goals. What’s more, they benefited from the bundle partnership with GuidePoint Security, and had an expert on site to assist with setting up the tool, starting, and further maturing the program.
“ThirdPartyTrust has been really instrumental in the initial project: putting together the program, helping us to assemble a steering committee, deciding what our procedures would be, actually conducting the assessments of the third-parties using the tool… We’ve had a lot of assistance from ThirdPartyTrust and GuidePoint Security in putting our TPRM program together”.
IS Security Analyst, Third Party Risk Management at one of Chicago’s largest regional hospitals
Those custom sessions (both at the beginning of the project and once they’d been operational for a while), were really helpful in communicating to the Senior Management and the Board the steps taken, the overall risk landscape, and steps to take in the next 1, 2 or 5 years.
The improvements on day-to-day operation
“Before we were using the ThirdPartyTrust platform, our process for assessing third-parties was very manual. We were looking for architecture diagrams and asking questions to them in a non-structured way”, described a team member.
After implementing the tool, they were able to customize the risk assessment procedure, print detailed reports, drill down to specific issues like application security, look for specific certifications, and all sorts of insights that have streamlined their process.
“The tool made it a lot easier to communicate both to the business team that’s using the third-party and the third party themselves. If we have specific documentation or security artifacts that we’re looking for and not getting, we can point to it in the tool as opposed to just verbally or via email”, they added.
