Skip to main content
FoxPointe FoxPointe
  • Services
    • Cyber Risk, Assurance and Compliance
    • IT Audit
    • Penetration Testing
    • General Consulting
    • Virtual Chief Information Security Officer (vCISO)
  • About Us
    • Management Team
    • Credentials
    • Careers
  • Resources
    • Events
    • News
    • Videos
    • Whitepapers
  • Blog
  • Contact Us
FoxPointe
  • Services
    • Cyber Risk, Assurance and Compliance
    • IT Audit
    • Penetration Testing
    • General Consulting
    • Virtual Chief Information Security Officer (vCISO)
  • About Us
    • Management Team
    • Credentials
    • Careers
  • Resources
    • Events
    • News
    • Videos
    • Whitepapers
  • Blog

Enter Keywords

  1. Home
  2. Blog

FoxPointe Security Hub

HITRUST Third Party Risk Management Methodology

December 16, 2019

HITRUST puts on regular webinars to help educate individuals on the components, tools, and programs offered by the organization. As a HITRUST CSF Assessor, we make it a point to attend these webinars to stay up-to-date on the latest information. The webinar I listened to on 12/11 covered HITRUST’s Third Party Risk Management (TPRM) Methodology and below is a quick overview.

The Third Party Risk Management Methodology is a formal approach to effective and efficient management of the risk incurred from third-party relationships in which sensitive information is shared. Overall, it has six main steps as follows:

Initiate: Formally start an assessment

Collect: Gather information to determine inherent risk specific to a given relationship

Qualify: Then, evaluate residual risk for a specific relationship

Accept: Formally accept those residual risks

Select: Select the third-party (or decide to continue working with an established vendor) or determine it is too risky

Monitor: Ongoing monitoring of residual risk

The above are common to many risk management programs but many organizations do not have an approach that can be managed out of one space and through one type of questionnaire that can be generated/modified for different vendors depending on service offering, size, or risk exposure.

The HITRUST Assessment XChange® (XChange), which is a subsidiary of HITRUST, helps streamline and simplify third party risk management by providing organizations with tools, methodologies, and services to qualify for potential business relationships. The XChange is built on the foundation of the Third-Party Risk Management Qualification Methodology which is industry agnostic and is completed via an innovative platform (the XChange Manager) that helps automate and manage all vendors at all risk levels.

Please reach out to me at jmartucci@bonadio.com if you have any questions on HITRUST and how it may be a fit for your organization.

For more detail on TPRM and a full list of upcoming and recorded webinars, please visit the HITRUST website. https://hitrustalliance.net/webinars/. HITRUST can also provide the detail needed for an organization to join the XChange program.

Compliance  
Share
Twitter Facebook LinkedIn
  • Topics
  • Authors
  • Data Security (13)
  • Data Privacy (15)
  • Compliance (4)
  • Risk Management (8)
  • Cybersecurity Alert (7)
  • Cybersecurity (25)
  • Archive (34)
  • Charlie Wood | PCI QSA, CISA, CRISC, CISM
  • Carl Cadregari | CISA, CCSFP, CTPRP
  • Allison Hall | PCIP, CCSFP
  • Courtney Caryl | CCSFP, CHQP
Let us show you how we can help
Request Quote
FoxPointe

171 Sully's Trail
Pittsford, NY 14534

Call 844-726-8869
or Contact Us

Subscribe to the Blog

Services
Cyber Risk, Assurance and ComplianceIT AuditPenetration TestingGeneral ConsultingVirtual Chief Information Security Officer (vCISO)
Company
Management TeamAbout UsBlogCareersPrivacy Policy
©2023 FoxPointe
Website by Corporate Communications, Inc.
We use cookies and other technologies to optimize site functionally, analyze website traffic, and share information with our service and analytics partners. To view our Privacy Policy, which discusses cookies, click here. By continuing to use & browse our services, you agree to our Privacy Policy, our use of cookies, and the Terms and Conditions.