Global companies join forces to tackle third-party risk management challenges

Risk and compliance specialist HITRUST has formed the HITRUST Third-Party Risk Management (TPRM) Council to foster collaboration between companies, third-party vendors, and advisory service firms.

The mission for the TPRM Council is to drive efficiencies and effectiveness as it relates to identifying, assessing, and mitigating risk in the complex supply chain ecosystem.

Founding members of the TPRM Council are global security, risk, compliance, and audit executives representing a diverse cross-section of organisations including Amazon Web Services, Google, Mastercard and Microsoft Azure. TPRM Council members are committed to identifying and supporting approaches to improve the current TPRM process—with a focus on increasing effectiveness and reducing inefficiencies.

“One of our goals for the Council is to ensure organisations are considering the impact on the supply chain as they mandate assurance requirements on their third parties,” said Bryan Cline, chief research officer at HITRUST.

“We are providing a collaborative forum for customers, their vendors, and their advisors to discuss these challenges, identify actionable solutions, and provide inputs directly to HITRUST on the approach toward doing just that—in the most effective, efficient manner.”

The need to ensure appropriate privacy and security over sensitive and confidential information, such as protected health information (PHI) or personally identifiable information (PII), with third-party vendors has never been more important.

“However, many current approaches to managing third-party risk have unintended, widespread impacts on companies and their vendors. Challenges exist around inconsistent and uncoordinated requirements that lead to redundant assessments. The results are inefficient uses of time, higher costs, increased burdens, and ineffective mitigation strategies.

“The HITRUST TPRM Council will serve to bring together customers, vendors, and partners across the ecosystem, helping to establish standards for both effectiveness and efficiency,” said Ashish Gupta, vice president, cyber & data product management at Mastercard.

“These objectives are in line with what we do every day at Mastercard, enabling better, more rewarding, and more secure experiences for businesses and individuals alike.”