Skip to main content
FoxPointe FoxPointe
  • Services
    • Cyber Risk, Assurance and Compliance
    • IT Audit
    • Penetration Testing
    • General Consulting
  • Management Team
  • About Us
    • Credentials
    • Careers
    • News
    • Videos
  • Blog
  • Contact Us
FoxPointe
  • Services
    • Cyber Risk, Assurance and Compliance
    • IT Audit
    • Penetration Testing
    • General Consulting
  • Management Team
  • About Us
    • Credentials
    • Careers
    • News
    • Videos
  • Blog

Enter Keywords

  1. Home
  2. Blog

FoxPointe Security Hub

HITRUST Third Party Risk Management Methodology

December 16, 2019 by Jill Martucci, CCSFP, CHQP, Principal

HITRUST puts on regular webinars to help educate individuals on the components, tools, and programs offered by the organization. The webinar I listened to on 12/11 covered HITRUST’s Third Party Risk Management (TPRM) Methodology and below is a quick overview.

The TPRM Methodology is a formal approach to effective and efficient management of the risk incurred from third-party relationships in which sensitive information is shared. Overall, it has six main steps as follows:

Initiate: Formally start an assessment

Collect: Gather information to determine inherent risk specific to a given relationship

Qualify: Then, evaluate residual risk for a specific relationship

Accept: Formally accept those residual risks

Select: Select the third-party (or decide to continue working with an established vendor) or determine it is too risky

Monitor: Ongoing monitoring of residual risk

The above are common to many risk management programs but many organizations do not have an approach that can be managed out of one space and through one type of questionnaire that can be generated/modified for different vendors depending on service offering, size, or risk exposure.

The HITRUST Assessment XChange (XChange), which is a subsidiary of HITRUST, helps streamline and simplify TPRM by providing organizations with tools, methodologies, and services to qualify for potential business relationships. The XChange is built on the foundation of the Third-Party Risk Management Qualification Methodology which is industry agnostic and is completed via an innovative platform (the XChange Manager) that helps automate and manage all vendors at all risk levels.

Please reach out to me at jmartucci@bonadio.com if you have any questions on HITRUST and how it may be a fit for your organization.

For more detail on TPRM and a full list of upcoming and recorded webinars, please visit the HITRUST website. https://hitrustalliance.net/webinars/. HITRUST can also provide the detail needed for an organization to join the XChange program.

 

Compliance  
Share
Twitter Facebook LinkedIn
Topics
  • Data Security (16)
  • Data Privacy (15)
  • Compliance (4)
  • Risk Management (11)
  • Cybersecurity Alert (10)
  • Cybersecurity (22)
  • tik tok (1)
Let us show you how we can help
Request Quote
FoxPointe

488 Madison Ave. 23rd Floor
New York, NY 10022

Call 844-726-8869
or Contact Us

Subscribe to the Blog

Services
Cyber Risk, Assurance and ComplianceIT AuditPenetration TestingGeneral Consulting
Company
Management TeamAbout UsBlogCareersPrivacy Policy
©2021 FoxPointe
Website by Corporate Communications, Inc.