In this CyberPHIx podcast, Kelly White, Founder and CEO of RiskRecon, outlines key concepts for effective vendor security risk management. Kelly draws on his experience in healthcare as well as other industries vulnerable to third-party data security breaches.
In 2008, the FDIC set a benchmark for vendor data risk by stating that a financial institution’s board of directors and officers are responsible for third-party actions affecting data security. These same standards apply to healthcare organizations, leading to increased oversight of vendor relationships.
You can outsource your systems and services, but you cannot outsource your risk.
Kelly’s position in the security automation market provides insight into emerging trends of innovation and technology to assess the potential risk of vendor data sharing. Our discussion with Kelly touches on some of the following trends:
- Vendor risk management in peer industries, such as financial services, reveals opportunities for innovation and more effective oversight over vendor relationships in the healthcare sector.
- The Value of Risk is a key risk management concept that supersedes the rating of risk by the size of vendors.
- Focus the lens on the Value of the Risk in risk management activities with small or medium-sized vendors to set remediation priorities.
- Healthcare is an industry primed to adopt and lead innovation and automation in risk management. The next wave of security automation/innovation is likely to come out of the healthcare industry.