![ITSPmagazine Podcast artwork](https://is3-ssl.mzstatic.com/image/thumb/Podcasts113/v4/5d/61/89/5d618998-327c-cc0d-b5dc-676ee5ec55f6/mza_2794539829735101717.jpg/100x100bb.jpg)
Your Pre-Crisis Culture Will Determine Your Ability To Adapt During A Crisis | A HITRUST Their Story
ITSPmagazine Podcast
English - June 09, 2020 08:33 - 47 minutes - 75.7 MB - ★★★★★ - 15 ratingsTechnology education internet business computers digital transformation future technology innovation science hacking Homepage Download Apple Podcasts Google Podcasts Overcast Castro Pocket Casts RSS feed
Guests:
- Omar Khawaja, Chief Information Security Officer, Highmark Health
- John Houston, Vice President, Information Security and Privacy; Associate Counsel, UPMC
- Michael Parisi, Vice President Assurance Strategy, HITRUST
When it comes to managing risk for your third-party vendors, do you find your organization using the “COVID-19 excuse?” Is this the right decision long term (or even short term)? Or, are you merely kicking the can of risk down the road?
If your business is anything like John’s and Omar’s, you certainly had to make some quick decisions on how to meet the new requirements of the company and your customers as the environments in which you operate change drastically.
Did you have to switch off vendors that were no longer needed or couldn’t meet the demand (or, perhaps, had to shut down due to the crisis)? Did you have to onboard new suppliers to fulfill a need you never imagined would be needed (such as temporary tents in the parking lot to test patients)? Did you have to rush a new service provider onto the network to ensure patients can get the devices and related apps to their hospital bedside as a matter of life or death (such as ventilators)?
These scenarios may not precisely match yours — primarily if you don’t operate as a health provider in the healthcare space. However, you can almost certainly appreciate the challenges that come with these scenarios and can likely connect the dots in some way to your business.
This begs the question: were you prepared for a crisis? Were you ready for your supply chain to be turned upside down? Did you have a culture of security and risk management baked into your organization such that the team could rise to the challenges introduced by the crisis without compromising security and adding unnecessary risk?
Our guests in this Their Story on ITSPmagazine share their detailed experiences with us, guiding us through the importance of having a plan, practicing that plan, maintaining open and transparent communications, and being able to measure/report on the status of risk at any given moment — even (especially) for your third-party vendors — even during a crisis.
Go on. Have a listen to what a culture of security and risk management sounds like. Then share it with your peers and colleagues.
Additional resources related to this conversation
Provider Third Party Risk Management Council: https://itspm.ag/37hpnFL
HITRUST Third Party Risk Assurance Program: https://itspm.ag/3fbfegq
You can find more on this topic here: https://itspmagazine.com/their-stories/adapting-to-unpredictability-without-compromising-quality-a-conversation-with-hitrust
Be sure to visit HITRUST at https://itspm.ag/itsphitweb to learn more about their offering.
Enjoy!