Latest Blog Articles

Read the Latest Blog Posts
Knowledge. Useful. Quick. 


Stay up-to-date by reading useful articles from industry thought leaders who tackle common challenges and discuss current or proposed industry regulations.

  • Many healthcare organizations have implemented at least some elements of a third-party risk management (TPRM) process, such as vendor risk assessments and due diligence , especially for business associates and vendors that provide services or medical devices critical to patient care. In some organizations, the third-party risk management process is still very manual and requires maintaining and updating multiple spreadsheets. However, these processes are inefficient, error-prone, and tend to focus on old or aging data, which limits comprehensive reporting.
  • While vendor management reporting to the board and/or senior management is an important best practice that drives action, it’s also a regulatory requirement. Guidance such as OCC Bulletin 2013-29 , FDIC FIL-44-2008 , Health Insurance Portability and Accountability Act of 1996 (HIPAA) , and the Sarbanes-Oxley Act (SOX) outline these reporting responsibilities.
  • On July 29, 2022, the New York Department of Financial Services (NYDFS) released a series of amendments to its cybersecurity regulations, which, when approved, will affect financial institutions that fall under its governance. These new guidelines include setting standards for notification periods following suspicious activity on privileged accounts, updates to risk assessments, and using multifactor authentication processes for private accounts.
  • Stay up-to-date on the latest vendor management news happening this month. Check out the articles below to stay in the know.
  • Blockchain technology has been around for more than a decade, but its popularity over the last few years has grown considerably as developers create new use cases for the technology, including software that assists organizations in supply chain management.
  • System and Organization Controls (SOC) reports are a key component of an effective third-party risk management program. The two most common types of SOC reports, the SOC 1 and SOC 2 reports , are each responsible for covering different aspects of the vendor’s control activities that will affect your organization.
  • Third-party risk management processes can be overwhelming for many small healthcare organizations. The clinical trials process is demanding, as is working to mitigate the risks that could threaten the organization's reputation, production, and patient safety. For these reasons, many sponsoring organizations look to outsource their third-party risk management processes to contract research organizations (CROs).
  • In January 2021, Congress passed Public Law 116-321 which states the Department of Health and Human Services (HHS) can take into consideration, for both covered entities and business associates, an organization's adherence to certain cybersecurity practices, including those outlined under 405(d) HICP, when determining fines and penalties resulting from violations of the HIPAA Security Rule, specifically data breaches involving Protected Health Information (PHI).
  • In today’s world, it can be increasingly difficult to navigate issues such as industry competitors, natural disasters, and obstacles in the supply chain. As challenges continue to arise, it may be time to consider whether leveraging external expertise is the right choice for your organization. By outsourcing vendor risk management, for example, your organization may be able to minimize costs, improve risk management outcomes, and reap the consequential benefits.
  • The clinical research industry relies heavily on third-party vendors or Contract Research Organizations (CROS) for a variety of services, such as protocol development, regulatory submission assistance, and everything in between, but, even as sponsoring organizations continue to outsource clinical trial activities, they can’t outsource clinical trial oversight, including vendor management. Sponsors who rely on CROs must manage vendors effectively, both as a legal requirement and a business necessity.
  • Performing a thorough vendor risk assessment is a crucial step in a third party’s lifecycle. By understanding the best ways to assess the risk posed from each of your vendor relationships, you’ll gain important insights into knowing the best ways to mitigate risks in the future and protect your organization.
  • As news of recent data breaches has become more common, it’s more important than ever to protect your organization from cyber criminals. Organizations who have fallen victim to data breaches suffer legal action as well as damages to reputation and revenue.
  • Due diligence may seem like an all-or-nothing proposition in which only the buyer benefits, while the third-party vendor must slog through the process of answering detailed questionnaires and collecting and providing documentation . However, vendors and service providers need to recognize that due diligence is just as important for them as it is for their customers. It may be your customer's requirement for you to participate in their due diligence processes, but it’s also your opportunity to identify your organization's value and service capabilities while promoting trust that can lead to a stronger working relationship.
  • Stay up-to-date on the latest vendor management news happening this month. Check out the articles below to stay in the know.
  • Over the past several years, pressure from consumers and regulators has pushed organizations to make environmental, social, and governance (ESG) and corporate social responsibility (CSR) goals a top priority. CSR goals, as well as ESG transparency and reporting, naturally extend to an organization's vendors. However, effectively implementing CSR and ESG requirements for your vendors requires a lot of careful assessment, planning, and communication.