The healthcare industry faces a continuing pattern of data breaches and security issues. In 2018, the Board at one of Chicago’s largest regional hospitals decided it was time to implement a Third-Party Risk Management program. And the team chose ThirdPartyTrust as their ally.
ThirdPartyTrust was the selected tool because of its ease of use and flexibility to adapt to their business goals. What’s more, they benefited from the bundle partnership with GuidePoint Security, and had an expert on site to assist with setting up the tool, starting, and further maturing the program.
Those custom sessions (both at the beginning of the project and once they’d been operational for a while), were really helpful in communicating to the Senior Management and the Board the steps taken, the overall risk landscape, and steps to take in the next 1, 2 or 5 years.
The improvements on day-to-day operation
“Before we were using the ThirdPartyTrust platform, our process for assessing third-parties was very manual. We were looking for architecture diagrams and asking questions to them in a non-structured way”, described a team member.
After implementing the tool, they were able to customize the risk assessment procedure, print detailed reports, drill down to specific issues like application security, look for specific certifications, and all sorts of insights that have streamlined their process.
“The tool made it a lot easier to communicate both to the business team that’s using the third-party and the third party themselves. If we have specific documentation or security artifacts that we’re looking for and not getting, we can point to it in the tool as opposed to just verbally or via email”, they added.