Cybersecurity breaches in healthcare are more numerous and costly than ever before, and most of them come via the supply chain. For healthcare companies looking to reduce risk associated with vendors and other business partners, a mature third-party risk management (TPRM) program is an imperative. A mature TPRM program is also mandatory under HIPAA’s Omnibus rule.
For any healthcare company looking to improve, an assessment of the current TPRM maturity is the best way to start.
Our Executive Report takes stock of your current TPRM program maturity, establishes a target state, and offers a plan for continuous improvement in your unique environment.
While these reports are unique for each of our clients, here are some typical views you can expect.
As a member of the Shared Assessments program, we use their Vendor Risk Management Maturity Model (VRMMM) tool to provide a holistic view of your program, identify strengths and gaps, jointly establish a target end-state, and provide actionable recommendations to continuously improve your unique environment.
During your TPRM assessment, we establish a maturity benchmark across the eight domains covered within the following Shared Assessments VRMMM program components:
Our TPRM Assessment Covers these Foundational Areas:
The VRMMM presents maturity levels based from 0 (meaning it’s non-existent), up to a maturity rating of 5 (meaning it’s in a state of continuous improvement). While you may not need or desire to be in the most mature state in all the foundational areas, the TPRM Assessment exercise allows for important, thought-provoking discussion around your unique risks, and what is required to reach the desired state.
$20,000-25,000 USD per TPRM Program “Core” assessment
Our TPRM assessments are just the beginning. We offer a full suite of follow-on services that are right-sized for you and your needs. After completing your TPRM maturity assessment, we offer additional services to support your journey to level up, including:
Assessment Scoping: Decrease mistakes while scoping your vendor assessments to prevent delays that can strain the outsourcer/vendor relationship. This helps you to move quickly while asking the right questions to ensure proper due diligence.
Remediation and Support: After completing a TPRM vendor assessment, we focus on remediation activities for your organization’s unique third-party environment to help you achieve a higher state of TPRM maturity.
TPRM as a Service: We understand the time and investment required to manage a TPRM program. Let us to perform the heavy lifting as we arm you with the data to make the best risk-based decisions for your organization.
Vendor Intelligence Centers: As your TPRM partner, we will operate a vendor intelligence center that gathers and interprets vendor-related data from your existing monitoring tools or from our trusted sources. We report these to you at the cadence right for you.