Press release content from Business Wire. The AP news staff was not involved in its creation.
PRESS RELEASE: Paid content from Business Wire
Press release content from Business Wire. The AP news staff was not involved in its creation.

HITRUST® Releases New Tools to Improve Efficiency and Effectiveness of Third-Party Risk Management

November 12, 2019

FRISCO, Texas--(BUSINESS WIRE)--Nov 12, 2019--

HITRUST, a leading data protection standards development and certification organization, today announced a major release of its HITRUST Third-Party Risk Management (“TPRM”) Methodology that introduces numerous new components including an Inherent Risk Questionnaire, Rapid Assessment, and Trust Score.

Also announced today are enhancements to the HITRUST Assessment XChange (the “Xchange”) Manager platform to fully integrate the TPRM Methodology. This enables the XChange Manager platform to automate the TPRM process from the vendor qualification through the organization’s management of its vendors’ risks. Further, by bringing the methodology and technology platform together, HITRUST is simplifying the deployment and operationalization of the process organizations use to qualify a third party for a business relationship and provide a common approach that can be used across industries to drive efficient and effective third-party risk management.

“Representing an organization with over a hundred thousand business partners, the alignment of the HITRUST TPRM Methodology provides a significant step forward for any organization that wants to address the inconsistencies, inefficiencies, ineffectiveness, and high costs of their current approach to TPRM and third-party assurance,” said Taylor Lehmann, vice president and CISO, Athena Health, “We need more ‘win-win’ opportunities for organizations and their third parties like this and this gets us a lot closer.”

Today there is no consistent way to determine what information security, privacy, and compliance risk assurances should be provided and maintained when an organization shares sensitive information with a third party, including vendors, suppliers, and business partners. This creates inconsistencies when organizations seek assurances from their third parties, which can be higher than warranted for risk or regulatory compliance requirements, or lower than warranted for exposing organizations themselves to more risk than intended.

Implementation of the HITRUST TPRM methodology solves this issue by incorporating greater oversight early in the vendor selection process in support of informed decision-making, determining an acceptable level of risk, and reducing the likelihood of vulnerabilities being interjected into an organization’s environment. This is done by determining how much information security and individual privacy risk a vendor poses and developing strategies to reduce the likelihood and impact of a potential breach before a breach occurs.

The new release of the HITRUST TPRM Qualification Methodology expands on HITRUST’s popular Risk Triage Methodology with a six-step qualification process that provides organizations a comprehensive approach to defining inherent risk factors: 1. Pre-Qualification, 2. Risk Triage, 3. Risk Assessment, 4. Risk Mitigation, 5. Risk Evaluation and 6. Qualification Decision. With this new qualification process HITRUST also introduces:

“Organizations often struggle to leverage their existing technology because they lack an underlying risk management methodology to support it. HITRUST is changing the way organizations look at third-party risk by providing both of these elements in a standardized and automated approach that benefits the entire supply chain,” said Dr. Bryan Cline, Chief Research Officer, HITRUST.

To register for the webinar on December 11th:https://go.hitrustalliance.net/TPRMXChangeWebinar

To access the TPRM Methodology White Paper:https://hitrustalliance.net/content/uploads/TPRM-Methodology.pdf

To access Dr. Bryan Cline’s TPRM Blog visit:https://blog.hitrustalliance.net/understanding-improving-role-self-assessments-third-party-risk-management/

To go to the HITRUST Assessment XChange® portal:https://hitrustax.com/


Since it was founded in 2007, HITRUST has championed programs that safeguard sensitive information and manage information risk for organizations across all industries and throughout the third-party supply chain. In collaboration with privacy, information security and risk management leaders from the public and private sectors, HITRUST develops, maintains, and provides broad access to its widely adopted common risk and compliance management frameworks as well as related assessment and assurance methodologies.

For more information, visit www.hitrustalliance.net.

View source version on businesswire.com:https://www.businesswire.com/news/home/20191112005772/en/

Tamara Colbert, e:tamara.colbert@hitrustalliance.net, t: 469.269.1172




Copyright Business Wire 2019.

PUB: 11/12/2019 10:44 AM/DISC: 11/12/2019 10:44 AM