Take a proactive step to assess risk, establish a target end-state, and improve long-term cyber posture.

Abstract blue background11b 2021 09 04 07 52 06 utc

It’s Time for Healthcare to Focus on Vendor Risk Maturity

Cybersecurity breaches in healthcare are more numerous and costly than ever before, and most of them come via the supply chain. For healthcare companies looking to reduce risk associated with vendors and other business partners, a mature third-party risk management (TPRM) program is an imperative. A mature TPRM program is also mandatory under HIPAA’s Omnibus rule.

For any healthcare company looking to improve, an assessment of the current TPRM maturity is the best way to start.

Read the latest Third-Party Risk Management articles from our team:
It’s Time for Healthcare to Focus on Vendor Risk Maturity
Cybersecurity breaches are on the rise for healthcare, with many coming through the supply chain. Here's practical advice on how to assess the maturity of a third-party risk management program and reduce the risk associated with vendors and business partners.
Are Your Vendors “Tall enough to Ride the Ride”?
We can think about an amusement park’s rider height and restriction requirements as a useful way to describe risk tolerances when onboarding new vendors or increasing scopes of work to existing ones.
Looking Inward, Charting a New Course for Effective TPRM
Most current third-party risk management (TPRM) programs are external-facing. But what if the greatest threat to your organization wasn’t external?

TPRM Maturity Assessments – The Executive Report

Our Executive Report takes stock of your current TPRM program maturity, establishes a target state, and offers a plan for continuous improvement in your unique environment.

While these reports are unique for each of our clients, here are some typical views you can expect.

TPRM Maturity Assessment Results - Summary View
TPRM Maturity Assessment Results - Summary View
TPRM Maturity Assessment Results - Average Maturity Rating
TPRM Maturity Assessment Results - Average Maturity Rating

Download an example of our TPRM Assessment Executive Report

Comprehensive Assessments Using the Most Respected Maturity Model

Shared Assessments Logo

As a member of the Shared Assessments program, we use their Vendor Risk Management Maturity Model (VRMMM) tool to provide a holistic view of your program, identify strengths and gaps, jointly establish a target end-state, and provide actionable recommendations to continuously improve your unique environment.

During your TPRM assessment, we establish a maturity benchmark across the eight domains covered within the following Shared Assessments VRMMM program components:

Our TPRM Assessment Covers these Foundational Areas:

The VRMMM presents maturity levels based from 0 (meaning it’s non-existent), up to a maturity rating of 5 (meaning it’s in a state of continuous improvement). While you may not need or desire to be in the most mature state in all the foundational areas, the TPRM Assessment exercise allows for important, thought-provoking discussion around your unique risks, and what is required to reach the desired state.

Echelon’s TPRM Maturity Assessment Price Range:

$20,000-25,000 USD per TPRM Program “Core” assessment

Reach Out to Get Started!

Hands-On TPRM Help Beyond the Assessment

Our TPRM assessments are just the beginning. We offer a full suite of follow-on services that are right-sized for you and your needs. After completing your TPRM maturity assessment, we offer additional services to support your journey to level up, including:

Assessment Scoping: Decrease mistakes while scoping your vendor assessments to prevent delays that can strain the outsourcer/vendor relationship. This helps you to move quickly while asking the right questions to ensure proper due diligence.

Remediation and Support: After completing a TPRM vendor assessment, we focus on remediation activities for your organization’s unique third-party environment to help you achieve a higher state of TPRM maturity.

TPRM as a Service: We understand the time and investment required to manage a TPRM program. Let us to perform the heavy lifting as we arm you with the data to make the best risk-based decisions for your organization.

Vendor Intelligence Centers: As your TPRM partner, we will operate a vendor intelligence center that gathers and interprets vendor-related data from your existing monitoring tools or from our trusted sources. We report these to you at the cadence right for you.

Reach Out to Get Started!
Are you ready to get started?
Latest Intelligence