Latest Blog Articles

Read the Latest Blog Posts
Knowledge. Useful. Quick. 

Stay up-to-date by reading useful articles from industry thought leaders who tackle common challenges and discuss current or proposed industry regulations.

  • Getting Buy-In for Your Healthcare Third-Party Risk Management Program

    3 hours ago
    Many healthcare organizations have implemented at least some elements of a third-party risk management (TPRM) process, such as vendor risk assessments and due diligence , especially for business associates and vendors that provide services or medical devices critical to patient care. In some organizations, the third-party risk management process is still very manual and requires maintaining and updating multiple spreadsheets. However, these processes are inefficient, error-prone, and tend to focus on old or aging data, which limits comprehensive reporting.

  • What Vendor Management Information Should I Be Reporting?

    yesterday
    While vendor management reporting to the board and/or senior management is an important best practice that drives action, it’s also a regulatory requirement. Guidance such as OCC Bulletin 2013-29 , FDIC FIL-44-2008 , Health Insurance Portability and Accountability Act of 1996 (HIPAA) , and the Sarbanes-Oxley Act (SOX) outline these reporting responsibilities.

  • Takeaways from the NYDFS Proposed Cybersecurity Regulation Amendments

    2 days ago
    On July 29, 2022, the New York Department of Financial Services (NYDFS) released a series of amendments to its cybersecurity regulations, which, when approved, will affect financial institutions that fall under its governance. These new guidelines include setting standards for notification periods following suspicious activity on privileged accounts, updates to risk assessments, and using multifactor authentication processes for private accounts.

  • September 2022 Vendor Management News

    6 days ago
    Stay up-to-date on the latest vendor management news happening this month. Check out the articles below to stay in the know.

  • Vetting Vendors Using Blockchain Technology

    7 days ago
    Blockchain technology has been around for more than a decade, but its popularity over the last few years has grown considerably as developers create new use cases for the technology, including software that assists organizations in supply chain management.

  • When to Request a Vendor SOC 1 vs SOC 2 Report

    8 days ago
    System and Organization Controls (SOC) reports are a key component of an effective third-party risk management program. The two most common types of SOC reports, the SOC 1 and SOC 2 reports , are each responsible for covering different aspects of the vendor’s control activities that will affect your organization.

  • How to Reduce the Risk Associated With a Contract Research Organization

    9 days ago
    Third-party risk management processes can be overwhelming for many small healthcare organizations. The clinical trials process is demanding, as is working to mitigate the risks that could threaten the organization's reputation, production, and patient safety. For these reasons, many sponsoring organizations look to outsource their third-party risk management processes to contract research organizations (CROs).

  • Health Industry Cybersecurity Practices (HICP) Business Associates Implement

    14 days ago
    In January 2021, Congress passed Public Law 116-321 which states the Department of Health and Human Services (HHS) can take into consideration, for both covered entities and business associates, an organization's adherence to certain cybersecurity practices, including those outlined under 405(d) HICP, when determining fines and penalties resulting from violations of the HIPAA Security Rule, specifically data breaches involving Protected Health Information (PHI).

  • Outsourcing Vendor Management: When Does It Make Sense?

    15 days ago
    In today’s world, it can be increasingly difficult to navigate issues such as industry competitors, natural disasters, and obstacles in the supply chain. As challenges continue to arise, it may be time to consider whether leveraging external expertise is the right choice for your organization. By outsourcing vendor risk management, for example, your organization may be able to minimize costs, improve risk management outcomes, and reap the consequential benefits.

  • Vendor Risk Management in Clinical Trials

    21 days ago
    The clinical research industry relies heavily on third-party vendors or Contract Research Organizations (CROS) for a variety of services, such as protocol development, regulatory submission assistance, and everything in between, but, even as sponsoring organizations continue to outsource clinical trial activities, they can’t outsource clinical trial oversight, including vendor management. Sponsors who rely on CROs must manage vendors effectively, both as a legal requirement and a business necessity.

  • 10 Best Practices of Successful Vendor Risk Assessments

    22 days ago
    Performing a thorough vendor risk assessment is a crucial step in a third party’s lifecycle. By understanding the best ways to assess the risk posed from each of your vendor relationships, you’ll gain important insights into knowing the best ways to mitigate risks in the future and protect your organization.

  • Third-Party Data Protection: Are Your Vendors Prepared?

    28 days ago
    As news of recent data breaches has become more common, it’s more important than ever to protect your organization from cyber criminals. Organizations who have fallen victim to data breaches suffer legal action as well as damages to reputation and revenue.

  • Why Both Vendors and Their Customers Benefit From Due Diligence

    29 days ago
    Due diligence may seem like an all-or-nothing proposition in which only the buyer benefits, while the third-party vendor must slog through the process of answering detailed questionnaires and collecting and providing documentation . However, vendors and service providers need to recognize that due diligence is just as important for them as it is for their customers. It may be your customer's requirement for you to participate in their due diligence processes, but it’s also your opportunity to identify your organization's value and service capabilities while promoting trust that can lead to a stronger working relationship.

  • August 2022 Vendor Management News

    one month ago
    Stay up-to-date on the latest vendor management news happening this month. Check out the articles below to stay in the know.

  • Incorporating Third-Party Risk Management Into Your ESG & CSR Strategy

    one month ago
    Over the past several years, pressure from consumers and regulators has pushed organizations to make environmental, social, and governance (ESG) and corporate social responsibility (CSR) goals a top priority. CSR goals, as well as ESG transparency and reporting, naturally extend to an organization's vendors. However, effectively implementing CSR and ESG requirements for your vendors requires a lot of careful assessment, planning, and communication.
More