Press Releases

HITRUST Achieves Major Milestone with Availability of Solution Making it Practical to Manage Third-Party (Information Security) Risk

Written by HITRUST | Oct 3, 2024 1:30:00 PM

HITRUST announces last mile integrations with leading TPRM platforms

FRISCO, Texas, October 3, 2024

HITRUST, the leader in information risk management, security, and compliance assurances, today announces enhancements to the HITRUST Assessment XChange, its comprehensive third-party risk management (TPRM) solution, overcoming legacy challenges and making TPRM practical and effective for organizations across all industries. In addition, HITRUST is announcing integrations with leading TPRM solution platforms to address the current “last mile” challenge of capturing and consuming detail assurance information and performing population risk analysis.

HITRUST Assessment XChange enablement and integration with leading TPRM platforms operationalizes the broad assurance portfolio, Results Distribution System, and other components in HITRUST’s portfolio for more effective and efficient risk management of vendors and partners through pre-built, streamlined workflows enabling end-to-end third-party risk, from initial evaluation, to vendor engagement, through assignments and completion of assurances, to results ingestion and analysis. The total solution enables TPRM programs to significantly improve their information security risk capabilities while reducing time, costs, and complexity.

Managing third-party risk, more specifically information security risk, has long been a critical, yet challenging task for organizations across industries. Data breaches and ransomware incidents stemming from third-party vulnerabilities have caused significant financial losses and eroded trust. Despite the increasing focus on this area, current approaches have been inefficient, impractical, and cost-prohibitive — limiting effectiveness while leaving many organizations vulnerable.

“HITRUST has been working for years to support organizations and their TPRM challenges,” said Robert Booker, Chief Strategy Officer at HITRUST. “The lifecycle that organizations manage for hundreds of third-party suppliers is complex and the outcomes to secure those relationships are essential to the integrity of the services they deliver. We have now reached a significant milestone with the components in place to make third-party risk management not only practical but comprehensive and effective.“

A Comprehensive Solution Built on Industry-Leading Assurances

The HITRUST solution addresses key TPRM functions while offloading the complexities and seamlessly bringing together key components previously not available or not capable of being integrated into a single solution. HITRUST’s TPRM solution is the culmination of many years of development, designed to address the gaps in existing and traditional methods, such as assessments with limited assurance, incomplete control selection, need for gap self-assessments and questionnaires, and non-existent third-party population risk analysis and engagement. Unlike these outdated and limited approaches, HITRUST’s solution provides:

Comprehensive Framework with Threat-Adaptive Controls: HITRUST’s continuously updated framework adapts to current and emerging cyber threats, eliminating the need for custom questionnaires and ensuring the controls maintain relevance to emerging cyber threats.

Multiple Assessment Options: A broad portfolio of assessments covering third-party suppliers with different levels of inherent risk all delivered through a portfolio of low, medium, and high assurance levels for information security in addition to the recently announced AI assessments. 

Streamlined Results Delivery: Organization’s TPRM solutions can electronically receive validated assessment results, enabling faster, more efficient consumption, and risk analysis with real-time updates of status, progress, and remediation activities through seamless integration with the HITRUST Results Distribution System.

End-to-End Security Risk Management: Enabled by integration between the HITRUST Assessment XChange and key TPRM solutions, organizations can gain access to comprehensive management of the vendor information risk process, from initial onboarding to the evaluation and management of conformity and corrective action plans. The platform supports functions such as guided setup and configuration, assignment of appropriate assessments, digital receipt of summary and detailed assessment results, regular renewals and re-assessments based on vendor changes, management reporting, and detailed third-party population analysis at the control specification level. It efficiently manages these processes across vast vendor populations, ensuring appropriate rigor and assurance at every step.

Staff Augmentation: Managed and integrated services are available from the HITRUST Assessment XChange to support vendor engagement, outreach, education, and assessment. These optional services are available to complement internal governance efforts.

Industry Adoption and Next Steps

Healthcare, finance, and other industries are already benefiting from HITRUST’s offerings that support TPRM, but the additional services in the HITRUST Assessment XChange and integration with TPRM solutions will take risk management to the next level by providing unprecedented visibility into vendors’ information risk.

Existing approaches to third-party risk management, such as relying on spreadsheets or limited control sets or assurance assessments, have proven insufficient to manage risk. HITRUST now delivers a complete solution that includes a broad portfolio of assessment options that maintain control relevance coupled with a proven effective assurance model to effectively address third-party information risk,” said Erika Del Giudice, IT Assurance Services Principal at Crowe LLP. “With the addition of its ServiceNow and other integrations, HITRUST now offers a complete solution that is not only powerful but also practical for organizations to employ”.

First Planned Integration: ServiceNow (Third-Party Risk Management) TPRM

As part of this strategic expansion, HITRUST today announced that the first planned integration of The HITRUST Assessment XChange with ServiceNow’s Third-Party Risk Management (TPRM) solution to operationalize HITRUST's TPRM portfolio and methodology within a single pane of glass.

The joint effort enables customers to harness the power of the Now Platform while enjoying the full benefits of HITRUST’s comprehensive information security and risk management capabilities.

ServiceNow’s expansive partner ecosystem and partner program is critical in supporting the $275 billion forecasted market opportunity through 2026 for the Now Platform. The ServiceNow Partner Program recognizes and rewards partners for their varied expertise and experience to drive opportunities, open new markets, and help customers transform their business across the enterprise. 

As a Registered Build Partner, the certified integration enables HITRUST to create better experiences, drive value for customers and enable organizations. The integration is expected to be available in the ServiceNow Store by the end of 2024.

Accepting Applications for ServiceNow Private Preview

HITRUST is currently accepting applications for participation in the private preview program and expects general availability of the certified ServiceNow integration by the end of 2024, with additional GRC and TPRM platform integrations prioritized for 2025 and beyond. Attendees at HITRUST Collaborate have the first opportunity to see the tool and learn about its features and functionality.

To apply for the private preview program, go to: https://info.hitrustalliance.net/preview/