The only forum to bring together customers and their vendors to learn and make supply chain risk management a shared responsibility
Frisco, TX – November 16, 2017 – HITRUST announced today the HITRUST Third Party Assurance Summit 2018, set for February 20-21, 2018 in Chicago. The conference is created to bring customers and vendors together for the first time to make third-party and fourth-party risk management a shared responsibility.
Third-party assurance is a crucial component of an organization’s risk management program. In many cases, organizations have hundreds, or even thousands, of vendors and business partners helping them keep their business running. On the other end of the contracts are the third-party vendors, which often find themselves doing business with hundreds or thousands of business partners. With the complex web of connections and contracts, it can be extremely difficult—at best—to manage risk throughout the entire supply chain. Given increased regulatory oversight, reliance on and complexity of outsourced relationships and an evolving threat landscape, developing and implementing an effective program requires alignment and support internally and externally.
Therefore, streamlining the risk management processes for both the business partners and their vendors is an action that can have an immediate and marked improvement on how businesses of all shapes and sizes work together to proactively manage supply chain risk.
“Today’s approaches to third-party and fourth-party risk management are enormously resource intensive and result in inconsistent outcomes. Finding the answer to more effective and efficient third-party assurance needs to start with a conversation between the customers, vendors and business partners impacted by the requirements and the requests. Traditionally, these groups have worked in silos. The HITRUST Third Party Assurance Summit aims to change this by providing a unique forum for bringing all stakeholders—all the way up to the board—together to truly collaborate and mitigate risk throughout the entire supply chain,” said Michael Parisi, VP Assurance Strategy and Community Development, HITRUST.
The HITRUST Third Party Assurance Summit will bring together leaders and experts representing customers, vendors and consultancies in various aspects of business continuity, information security, audit and compliance, and risk management. It will span two days of sharing perspectives and lessons learned, exploring implementation challenges and best practices, and facilitating peer discussions to identify third-party risk management strategies leveraging the HITRUST Assessment Exchange and the HITRUST CSF Assurance Program—the most widely utilized assessment approach for third-party assurance.
The Summit provides a combination of facilitated discussions, educational sessions and networking opportunities with general sessions and tracks specific to customer or vendor areas of interest.
- Customers’ perspectives and challenges around implementing an effective third-party assurance program
- Vendor and business partner perspectives and challenges in meeting customers’ information requests efficiently
- How states impact Health Information Exchanges
- Legal and regulatory considerations in the U.S. and internationally
- Why collaboration and leadership combined with HITRUST CSF Assurance is a win for everyone
- Third-party (and fourth-party) identification and risk ranking; outreach and communications; assurance-related contracts implications and approaches
- Leveraging information privacy and security as a competitive advantage
- Improving information security and reporting to meet the requirements of customers
- What to expect when undergoing a HITRUST CSF Assessment
- Leveraging HITRUST Assessment XChange and vendor risk management systems
“For a third-party risk program to scale sustainably and effectively, it is imperative that there be alignment across the industry. Unless both the enterprises and their service providers both perceive and realize value from the program, it is unlikely that it will succeed,” said Omar Khawaja, Vice President and Chief Information Security Officer, Highmark, Inc.
The Summit Committee includes these high-profile industry leaders: Jeff Martin, Manager, Information Security-VSRM, Anthem, Inc.; Debbie Hutchinson, Director IT Audit & Third Party Assurance, Availity; Jutta Williams, Program Manager, Health Research, Google; Omar Khawaja, VP & CISO, Highmark; Chetana Sankhye, Director, Vendor Risk Management & Technology Risk Management, Kaiser Permanente; Hector Rodriguez, CISO, Worldwide Health, Microsoft; Bob Smith, Senior Manager, Technology & Compliance, Salesforce; Bryan Sheehan, Senior Director, Enterprise Information Security, UnitedHealth Group; John Houston, Vice President & Associate Counsel, University of Pittsburgh Medical Center; and Taylor Lehmann , CISO, Wellforce.
Attendees represent any organization that leverages a third-party vendor to support the creation, transport, processing or storage of sensitive information, including health, financial and intellectual data. Departments include: Information Security, Enterprise Risk, Internal Audit and Compliance, Procurement, Vendor Risk Management, Finance, Legal and Compliance, Customer Relationship Management.
Founded in 2007, HITRUST Alliance is a not-for-profit organization whose mission is to champion programs that safeguard sensitive information and manage information risk for organizations across all industries and throughout the third-party supply chain. In collaboration with privacy, information security and risk management leaders from both the public and private sectors, HITRUST develops, maintains and provides broad access to its widely adopted common risk and compliance management and de-identification frameworks; related assessment and assurance methodologies; and initiatives advancing cyber sharing, analysis and resilience.
HITRUST actively participates in many efforts in government advocacy, community building and cybersecurity education. For more information, visit www.hitrustalliance.net.