Rush University Medical Center is an academic medical center located in Chicago, Illinois. In 2018, with a continuing pattern of data breaches and security issues across the healthcare industry, the Board decided it was time to implement a Third-Party Risk Management program. And the team chose ThirdPartyTrust as their ally.
We interviewed Wintana Girma, IS Security Analyst, Third Party Risk Management at Rush University Medical Center, to learn how they overcame their third-party risk management challenges with the ThirdPartyTrust platform.
ThirdPartyTrust was the selected tool because of its ease of use and flexibility to adapt to their business goals. What’s more, Rush benefited from the bundle partnership with GuidePoint Security, and had an expert on site to assist with setting up the tool, starting, and further maturing the program.
Those custom sessions (both at the beginning of the project and once they’d been operational for a while), were really helpful in communicating to the Senior Management and the Board the steps taken, the overall risk landscape, and steps to take in the next 1, 2 or 5 years.
The improvements on day-to-day operation
“Before we were using the ThirdPartyTrust platform, our process for assessing third-parties was very manual. We were looking for architecture diagrams and asking questions to them in a non-structured way”, described Ms. Girma.
After implementing the tool, they were able to customize the risk assessment procedure, print detailed reports, drill down to specific issues like application security, look for specific certifications, and all sorts of insights that have streamlined their process.
“The tool made it a lot easier to communicate both to the business team that’s using the third-party and the third party themselves. If we have specific documentation or security artifacts that we’re looking for and not getting, we can point to it in the tool as opposed to just verbally or via email”, said Ms. Girma.
Features and usability
The first thing that came to mind for Ms. Girma was the clear dashboard and how easy it is to understand, at a glance, the overall health of the third-party and third-party ecosystem. She also highlighted the “Connections” tab, the way that it’s organized, and how easy it is to navigate, in order to see the lifecycle status, how many high-impact third-parties there are, and so much more.
According to Ms. Girma: “In addition to being a great tool, ThirdPartyTrust has got great people behind it. They’re very supportive of our program and help us think through things differently. They have been really instrumental in educating us, they’ve been hand-holding and supporting us the whole way, which has been phenomenal.”
The team at Rush University Medical Center is now better able to organize themselves, set attainable goals, and meet those goals, thanks to both the power of the ThirdPartyTrust platform and the expertise of GuidePoint Security.
“A lot of vendors will give you a tool and give you support on the tool, but really supporting our program is something that I think has been pretty unique to ThirdPartyTrust in particular”, concluded Ms. Girma.
To learn more about how ThirdPartyTrust can help you streamline your TPRM program, request your free trial now: