How do we statisfy the information privacy and security assurance requests from our customers?

Similar documents
Navigating the New Health Economy

Lessons Learned in Streamlining the Third-party Risk Assessment Process

Effects of GDPR and NY DFS on your Third Party Risk Management Program

Revised IT Governance Charter Toolkit

HITRUST Managing Third Party Compliance How the CSF Can Help

HITRUST CSF Assurance Program. The Common Healthcare Industry Approach for Assessing Security and Reporting Compliance

THE ACCOUNTANT & INTERNATIONAL ACCOUNTING BULLETIN. Conference & Awards October 2016 I Millennium Gloucester, London AGENDA

HITRUST CSF Assurance Program

Compliance 2017: The Year of Regulatory Automation

Outsourcing transparency evolution

Evolving Core Tasks for Improved Internal Audit Performance. Copyright 2018 AuditBoard Inc. 1

5 Core Must-Haves for Improved Internal Audit Performance. Copyright 2018 AuditBoard Inc. 1

Adopting HITRUST as the Backbone of Your Information Security Program. Mangoné Fall, Kelly Robertson, Sean Murphy

Sustaining Reliability: Balancing Operations and Compliance August 21-23, 2018 W Seattle

Technical Standards and Safety Authority Minutes of the Operating Engineers Advisory Council Meeting on April 3, 2013

2018 Confirmed Speakers

Thursday, October 18, 2018

Global CISO Forum 2019

Stay Protected. Registration Details. April 27, NJAMHAA IT Conference. cybersecurity and the internet of things

Rick Ensenbach, CISSP-ISSMP, CISA, CISM, CCSFP Senior Manager, Wipfli Risk Advisory Services OBJECTIVES

Ramifications of the New COSO Framework & Recent PCAOB Actions

Service Organization Controls (SOC) Reporting Discussion: Perspectives and Opportunities

MONDAY. *All preconference workshops require registration. Space is limited. 5:00 p.m. 7:00 p.m. WELCOME RECEPTION + EXPO TUESDAY

Transformational Cost Management Conference

IN-HOUSE TRADEMARK COUNSEL'S WORKSHOP MARCH 20, 2006 WESTIN MICHIGAN AVENUE CHICAGO, IL

Third Party Risk Management: How to Identify and Manage Data Security Risks from your Vendors

Program API Cybernetics Symposium April 25-26, 2018 St. Louis Unions Station Hotel St. Louis, Missouri

Vendor Risk Management Data Privacy & Security - Panel

Beaver Works: Business Excellence Adding Value & Service. Business Operations Project Plan Information Sessions August-October 2018

Third Party Risk Management ( TPRM ) Transformation

IT Governance for Boards & Senior Executives

2019 PRODUCT STRATEGY AND EXPERIENCE SUMMIT MARCH 27-28, 2019 SAN FRANCISCO, CA

Site Selectors Guild Conference

Sourcing & Vendor Management. The Services Innovation Mandate. May 24 25, 2012 The Cosmopolitan Las Vegas

Emerging Technology & Brand Success Summit Discover How to Grow Your Brand Within the Life Science Industry Using Innovative Technologies

Power for America Conference

In the aftermath of the worst global economic jolt in 30 years, information security confronts a new economic order.

Considering the Cloud: Inside the Mind of the Healthcare CIO. December 15, :00 3:00 pm ET

Registered Entities and ERO Enterprise IT Applications Update

Summit on Accelerating Innovation to Drive Sustainable Automotive Manufacturing Growth Across North America

Quality and GMP Compliance for Virtual Companies (Pharmaceutical, Medical Device & Biologics Industries)

A Guide to IT Risk Assessment for Financial Institutions. March 2, 2011

What Your Board Needs to Know About IT

2018 Retail & Consumer Goods Forum: Marketing to the Modern Consumer. Tuesday, May 1, 2018 Chicago

Certified Chief Information Security Officer (CCISO)

Enterprise Risk Management Framework

Vendor Management Risk Mitigation:

2015 COAA-MI SPRING OWNER CONNECT WORKSHOP THE DOUBLE TREE BY HILTON NOVI, MI A G E N D A

Outsourcing Transparency Evolution: Creating Value Across the Third-Party Extended Enterprise

Protecting Your Personal Data Globally

REGISTER NOW TO SAVE $200!

The Fourth Industrial Revolution Is Here Are You Ready? Key findings

Effective Compliance Programs How Does Your Program Measure Up?

Global Modern Day Slavery & Supply Chain Summit

PROGRAM OF EVENTS October 23-25, 2012

Tuesday, June 26, 2018 Hyatt regency Hotel, New Brunswick, New Jersey

Internal Oversight Division. Internal Audit Strategy

THE 2014 AUSTR ALIAN PUBLIC SECTOR LEADERSHIP SUMMIT

Welcome to the CMMI Use in DoD Programs Workshop & Summit September 7 & 8, 2005

Sponsorship Opportunities

Modernizing compliance: Moving from value protection to value creation

CONNECT WITH YOUR TARGET AUDIENCE

Pre-Conference Workshop. Agenda. Tuesday, April 17, Day 1: Tuesday, April 17, 2018

CANADIAN PAYMENTS INNOVATION FORUM 2017

Emerging Technology and Security Update

RAI Compliance Activities Overview

Speed to Value: How Data Drives Clinical Insights. November 15, pm 3 pm ET

On the Alert: Incident Response Plan for Healthcare 111/13/2017

CFO Pulse Survey 2018

2017 Corporate Responsibility Summit

Modernizing Compliance: Evolving From a Foundational Program to a Value-Creating Strategic Partner

ISACA San Francisco Chapter

Agenda December 11-12, 2014 Ritz-Carlton Hotel Fort Lauderdale, FL

HCL s HITRUST SOLUTION Redefining Healthcare Security Compliance

Presentation for INCC LUMS 2008 May 2, 2008 Presented by Shahed Latif, KPMG LLP, Silicon Valley

How to Measure the Value of Your Internal Audit Group

Tuesday, February 2, :00 8:30 AM Registration, Continental Breakfast Texas Foyer. Proposed Agenda Updated

Assessments for Certified and Non-Certified Vendors

Invitation... ACLA Legal Resources & Technology Showcase 2009 Giving you unprecedented access

TOR NAME Responsible Owner Effective date Technology Strategy Committee (TSC) Terms of Reference (TOR) College Board

Blanchard Summit 2013

AGENDA. 12:00 p.m. 1:00 p.m. Registration 1:00 p.m. 4:00 p.m. Pre-Conference Workshop: Data Integrity Problems on the Rise

People in. October 8th, West Club- New York, NY. Financial Services. 3rd Annual

Fact Sheet February 2008

Agenda Member Representatives Committee Pre-Meeting Informational Session Conference Call and Webinar July 18, :00 a.m. 12:00 p.m.

26-28, 2017 KAUFFMAN FOUNDATION KANSAS CITY, MO

On the road(map) again. Balancing the emerging regulatory requirements in the Middle East public sector

Finding the Balance between Clinical & Commercial Key Roles. Stewart Geary Chief Medical Officer, Senior Vice President, Eisai, Japan

10/27/2016. Banner Health s Journey Towards Information Governance March 2016

The past, present and future of service organization control reporting

IT GOVERNANCE. WITH ROBERT GOODSELL, MANAGING DIRECTOR JOE BRUTSCHE, DIRECTOR PwC. April 4, 2013

Transforming Ideas into Distinguished Results

Achieving Continuous Process Improvement, Driving Operational Efficiency, and Increasing Value Across the Organization

EPMO: A Strategic Enabler?

Blanchard Summit 2013

Document 3: Internet Corporation for Assigned Names and Numbers (ICANN) Draft FY19 Key Projects and Activities. ICANN 19 January 2018

The Essential Experience for CAEs

LEADERSHIP STRATEGIES FOR MANAGING COMPLEXITY IN SUPPLY CHAINS

LEGAL AND REGULATORY CONSIDERATIONS IN THE US AND INTERNATIONALLY

New York Forum. May 4 & 5,

Transcription:

How can I leverage a single privacy and security assessment with all my customers? how are other organizations addressing third-party risk management? How do we statisfy the information privacy and security assurance requests from our customers? What are the impacts of changing U.S. and International regulations on third-party assurance?

Streamlining third party risk management Most agree that third-party assurance is a crucial component of an organization s risk management program. Developing and implementing an effective program, given the increased regulatory oversight, reliance and complexity of outsourced relationships and evolving threat landscape, is a challenging task and one that requires alignment and support internally and with business partners. Also, by engaging, partnering and coordinating with third parties in the risk management process, versus imposing redundant and inconsistent assessment and reporting requirements, greater efficiencies and improved partner relations can be gained, and appropriate risk management can be ensured. The HITRUST Third Party Assurance Summit brings together leaders and experts representing customers, vendors and consultancies in various aspects of risk management to share best practices, lessons learned and effective third-party risk management strategies leveraging the HITRUST CSF Assurance Program and HITRUST Assessment XChange. Additionally, the Summit provides a unique forum for customers, their business partners and vendors to truly collaborate in evolving approaches, ensuring effective communications of appropriate, timely and consumable risk management information. The Summit provides a combination of facilitated discussions, educational sessions and networking opportunities with general sessions and tracks specific to customer or vendor areas of interest. FPO: Art render by Matthew Warlick - drawing of venue?? location city?? Summit Committee Ryan sawyer Staff VP, technology risk & vendor security oversight anthem, inc. Debbie Hutchinson Director IT Audit & third-party assurance availity jutta Williams Program manager, health research Google Omar khawaja VP & ciso highmark Chetana Sankhye Director, Vendor risk management & Technology risk management Kaiser Permanente Hector Rodriguez ciso, WORLDWIDE health Microsoft Bob Smith Senior manager, Technology Compliance Salesforce Bryan sheehan Senior director, enterprise information security unitedhealth group John Houston VP, privacy & Information Security & associate counsel University of Pittsburgh medical center Taylor LehmanN CISO Wellforce P2

General sessions will include: Customer s perspective, approach, challenges and issues managing third-party and fourth-party risk Vendor s perspective, approach, challenges and issues in supporting customer third-party assurance requests Collaboration to identify areas of contention and brainstorm solutions Legal and regulatory considerations in the U.S. and internationally Role of continuous monitoring and risk ratings Streamlining the process by leveraging HITRUST Assessment XChange and vendor risk management systems How just one HITRUST CSF assessment can meet all your regulatory and third-party requirements including SOC 2, NIST Cybersecurity, HIPAA, and more Educational sessions will include: Leveraging the HITRUST CSF Assurance and CSF BASICs programs as part of comprehensive risk management strategy Vendor identification and risk classification Vendor engagement and outreach Contractual amendments and contracting process Come learn why the HITRUST CSF Assurance program is the most widely utilized assessment approach for third-party assurance, how to enhance your third-party assurance program, or how to better engage with your partners on this topic. Regardless if you are a customer or vendor, large or small, the HITRUST Third Party Assurance Summit is a great venue to learn, collaborate and be part of the conversation driving change in third-party risk management. For more information or to register, click here. Who Should Attend? Organizations: Any organization that leverages a third-party vendor to support the creation, transport, processing or storage of sensitive information, including health, financial and intellectual information Any vendor or business partner Departments: Information Security Enterprise Risk Internal Audit and Compliance Procurement Vendor Risk Management Finance Legal and Compliance Customer Relationship Management P3

Summit Agenda Day 1 Pre-Summit Meetings 9:15 a.m. - 11:30 a.m. Third party assurance council meeting Summit Meetings Customer and Vendor Perspective Sessions: Presentations and panel discussions by customers and vendors sharing their position, perspectives and approaches to effective third-party risk management or customer information assurance requests, respectively. 1:00 p.m. Welcome Michael Parisi, Vice President -- Assurance Strategy & Community Development, HITRUST Michael odenwald, Vice President -- Third party programs, strategic accounts & Partnerships, HITRUST 1:15 p.m. 1:45 p.m. 2:45 P.m. 3:00 P.m. 4:00 p.m. Programmatic Considerations for Organizations Learn about common challenges in establishing a Third Party Risk Management program and what various stakeholders within organizations care about. Jutta Williams, Program Manager Health Research, Google Michael Parisi, Vice President -- Assurance Strategy & Community Development, HITRUST Taylor Lehmann, CISO, Wellforce Customer perspectives Customers share their perspectives and challenges around implementing an effective third-party assurance program. Debbie Hutchinson, Director - IT Audit & Third Party Assurance, Availity Phil Curran, Chief Information Assurance & Privacy Officer, Cooper University Healthcare Bryan Sheehan, Senior Director, Enterprise Information Security, Unitedhealth Group John Houston, Vice President, Privacy & Information security & Associate Counsel, UPMC break Vendor perspectives Vendors and business partners share their perspectives and challenges in meeting customers information requests efficiently. MIKE SWYT, VP INFORMATION SECURITY RISK MANAGEMENT, CHANGE HEALTHCARE HECTOR RODRIgUEZ, HEALTH Ciso, MICROSOFT LEE PENN, cfo, PDHI BOB SMITH, SENIOR MANAGER TECHNOLOGY COMPLIANCE, SALESFORCE How states impact health information exchanges Learn how various states are ensuring health information exchanges have effective information assurance. Mark jacobs, CIO, Delaware health information network CHRISTIE HALL, PROGRAM MANAGER DIVISION OF HEALTHCARE INNOVATION, NY STATE DEPARTMENT OF HEALTH P4

Summit Agenda Day 1 Continued... 4:30 p.m. 6-9:00 p.m. Legal and regulatory considerations in the U.S.. and internationally Learn about the latest developments in the state, federal and international regulation and enforcement of privacy and security, including a legal perspective on third-party assurance and what companies are obligated to do under GDPR. KIRK NAHRA, PARTNER, WILEY REIN networking reception Summit Agenda Day 2 Education sessions Sessions will focus on transferring knowledge and outlining best practices on key areas relevant to third-party assurance and will be further segregated into tracks for customers and vendors. 9:00 a.m. Collaboration + Leadership + HITRUST CSF Assurance = Win for Everyone OMAR KhaWAJA, vp & CISO, HIGHMARK MICHAEL PARISI, Vp, ASSURANCE STRATEGY & COMMUNITY DEVELOPMENT, HITRUST 10:00 a.m. customer track Third Party Identification and Risk Ranking DOUG PETERSON, CISO, GREAT-WEST FINANCIAL Dennis Quandt, Director, risk assurance, Pwc vendor track Leveraging Information Privacy and Security as a Competitive Advantage TBD, Blue Cross Blue Shield Association travis good, CEO & Co-founder, DATICA 11:00 a.m. Third Party Outreach and Communications Ryan sawyer, Staff vp, technology Risk & vendor security oversight, ANTHEM Chetana Sankhye, director - vendor risk management & technology management, Kaiser Permanente Improving Information Security and Reporting to Meet the Requirements of Your Customers RICK GILMORE, DIRECTOR -- CORPORATE SECURITY INFORMATION RISK MANAGEMENT, COGIZANT BRENDA MAGRI, DIRECTOR, RISK MANAGEMENT BILLER SOLUTIONS, FISERV 12:00 p.m. 12:45 p.m. THIRD PARTY (& FOURTH PARTY) ASSURANCE-RELATED CONTRACTS IMPLICATIONS AND APPROACHES BRENDA CALLAWAY, DIVISIONAL VP -- INFORMATION SECURITY RISK MANAGEMENT, HCSC TIM BELARDI, DIRECTOR -- GRC TECHNOLOGY & THIRD PARTY RISK MANAGEMENT, HIGHMARK Lunch What to Expect When Undergoing a CSF Assessment ANDREW HICKS, managing principal, Healthcare & Life sciences, COALFIRE chad phillips, risk & financial advisory Director, DELOITTE & Touche LLC KEN VANDER WAL, CHIEF COMPLIANCE OFFICER, HITRUST P5

1:45 p.m. 3:00 p.m. HITRUST considerations for the future Michael Parisi, Vice President -- Assurance Strategy & Community Development, HITRUST Michael frederick, Vice President -- operations, HITRUST elie nasrallah, director -- cyber security strategy, HITRUST Closing remarks Michael odenwald, Vice President -- Third party programs, strategic accounts & Partnerships, HITRUST Post-Summit Meeting 3:30 P.m. CSF assessor council meeting P6

Registration: HITRUST Third Party Assurance Summit 2018 Hyatt Regency O Hare February 20-21, 2018 Chicago, IL To register, click here Learn more about the other conversations taking place around information security, privacy and risk management in the HITRUST storyboard series at Hitrustalliance.net/Stories/

2024 © businessdocbox.com Privacy Policy | Terms of Service | Feedback