ClearDATA Maintains a Clean Bill of (Third-Party Risk) Health with OneTrust Vendorpedia
ClearDATA Maintains a Clean Bill of (Third-Party Risk) Health with OneTrust VendorpediaDOWNLOAD PDF
ClearDATA Maintains a Clean Bill of (Third-Party Risk) Health with OneTrust Vendorpedia
ClearDATA is the market leader for healthcare cloud computing and information security services for providers, life sciences, payers and healthcare technology organizations. By enabling their customers to automate, protect, and securely manage healthcare applications, data, and IT infrastructure in the cloud, ClearDATA empowers the industry to focus on making healthcare better by improving healthcare delivery.
Because of OneTrust, I’m not constantly following up with vendors and I have all the information I need in a timely manner to feel confident about our compliance and risk management processes.
As a technology company interacting with sensitive healthcare data, ClearDATA understands the importance working with trustworthy and compliant third-parties that hold with their customers’ information. “ClearDATA was founded to help with patient care,” said Jonathan Slaughter, Director of Compliance, Security and Privacy at ClearDATA. “To accomplish this and move forward as a business we needed to better understand what data our third-parties and vendors are collecting and the level of risk they pose for our customers.”
A Platform to Assess, Mitigate, and Monitor Third-Party Risks at Scale
ClearDATA approached their third-party and vendor risk management initiatives with the objective of protecting customer privacy, while mitigating third-party risks and meeting security and compliance requirements. They needed to streamline existing manual processes by adding automation workflows to manage compliance and reduce risks during the evaluation, onboarding, and monitoring of their vendors.
With critical data housed across three major public cloud providers, ClearDATA needed a centralized software platform that could serve as a single solution to streamline and scale their once spreadsheet-centric third-party risk management program.
After extensive evaluation, ClearDATA selected OneTrust Vendorpedia™ to automate their third-party risk management operations.
“OneTrust is the one company out there that’s taking a holistic approach to understanding third-party, security, and privacy risk from a technology standpoint,” said Slaughter. “Their Vendorpedia solution has allowed us to be more agile and scale rapidly to optimize our business processes and simplify our assessment, mitigation, and monitoring of third-party risks,” said Slaughter.
OneTrust Vendorpedia is a centralized platform for global third-party risk, security and privacy professionals. Changes to third-party vendor risks are inevitable, making static one-off assessments unreliable over time. The platform offers ongoing monitoring with privacy and security scanning, ongoing assessment updates via the exchange, and scheduled reassessments to maintain a watchful eye on third-parties. When significant changes are detected, OneTrust Vendorpedia sends the organization relevant alerts.
“With OneTrust Vendorpedia we’re able to manage the third-party risk management lifecycle and understand risks on an ongoing cadence instead of having to manually reevaluate vendors when renewals or audits are coming up,” he added.
Today, ClearDATA can automate their entire third-party risk management lifecycle from onboarding, triaging and assessing risks, managing vendor contracts, demonstrating compliance with recordkeeping, performing ongoing vendor audits, and fully offboarding vendors. “Because of OneTrust, I’m not constantly following up with vendors and I have all the information I need in a timely manner to feel confident about our compliance and risk management processes,” said Slaughter.
What’s more, Slaughter and his team found little need to spend time on a custom configuration. “We were able to use the solution right out of the box to meet our needs, something that is very unique and really showcases the flexibility of the tool.”
As ClearDATA looks to the rest of 2019 and beyond, they are excited to enhance their use of the OneTrust. With a strong customer base in the Asia Pacific region, and many privacy laws and security frameworks being developed and implemented very quickly worldwide, ClearDATA is planning to dig deeper into OneTrust Vendorpedia and other products to ensure they are confidently protecting customer data on a global scale.
Today, outsourcing operations to third parties is no longer the exception – it’s the expectation. However, trust between you and your third parties is difficult to establish, and perhaps even harder to maintain. With ransomware on the rise and supply chain resilience at the forefront, businesses must work closely with their third parties to understand if they have adequate safeguards and policies in place to defend against disruptions.
Conversely, nearly every modern organization is a “third party” to another business, whether as a software vendor or service provider. As a result, businesses must routinely demonstrate to customers that they are a trusted organization. Failure to do so can hurt a company’s bottom line.
There are challenges to every business relationship, from both the buyer and the seller. So, how can we work together to establish mutual trust? In this panel webinar, you’ll hear from professionals on both sides of the equation as they discuss long-term strategies and short-term tactics to work better together. Panelists will answer the following questions:
- How can businesses and vendors work together to streamline risk assessments?
- What can buyers do to make life easier for sellers and vice versa?
- Where are opportunities for automation that can save time for both sides?
- How can we enable each other to build a stronger business relationship and reduce risk?
Over the past several months, OneTrust has released major enhancements to our Trust Suite for Vendors. This Suite is a collection of products and functionalities that help companies like yours manage and automatically respond to security and privacy questionnaires as well as other requests for compliance information.
As part of these significant enhancements, we wanted to bring together a select group of individuals to talk through the latest updates, explain the value they provide, and outline how this new functionality will work in practice. During the discussion, we will also share a number of exciting capabilities slated to be released this quarter – and in 2022.
Join this exclusive VIP roadmap event to see the immediate and long-term vision for:
- Questionnaire Response Automation – for organizing questionnaire requests and streamlining response workflows
- AI Autocomplete – for automatically answering questionnaires with saved answers
- Trust Profile – for centralizing security documentation and securely sharing it with your customer base
- Vendorpedia Exchange Community – for promoting your security program to thousands of OneTrust customers
As third parties gain more access to sensitive client data, organizations need to prioritize holistic information gathering and the instillment of security practices across the vendor ecosystem. The best way for an organization to achieve a holistic understanding of its vendor ecosystem is to gather information from its vendors and organize it in one central location. As a vendor, this means you will receive (and likely already have) dozens of security questionnaires. So, how should you approach them?
Questionnaires streamline the process of data gathering and allow customers to make sure that the various parts of their vendor ecosystem comply with industry-relevant regulatory frameworks. Dive into our eBook to learn how to streamline your answering process to save time and money. In the guide, you will learn:
- What a security questionnaire answering process look like
- How to automate responses
- Best practices for answering a security questionnaire
- Why organizations send security questionnaires to vendors?
- Understanding how you will be evaluated
- Common security questionnaire obstacles
How vulnerable are your third parties are when it comes to the most common and emerging cybersecurity threats? Do you know if those third parties have the right cybersecurity controls in place? Do you know how to identify which third parties put your organizations at risk – and how to mitigate those risks before they impact your bottom line?
InfoSec teams are facing larger and more sophisticated cybersecurity threats than ever before. In the last year, there has been a 62% global attack spike (158% increase in North American attacks alone) in ransomware, and an increased focus on attacks by regulatory bodies. Teams not only have to track vulnerabilities within their internal security posture but also ensure that their prospective third parties are vetted before engaging in business. In addition, these threats are leading to new regulatory requirements as well as critical changes to common industry standards and frameworks.
In this webinar panel, you’ll learn the following from our Head of CISO Center of Excellence (CoE), Justin Henkel, and our Director of InfoSec, Chris Burgess.
- The most common and emerging cybersecurity threats against your third parties
- The metrics to track in relation to third parties and their cybersecurity risks
- How to protect your business from cybersecurity threats associated with your vendors
- How to future-proof your TPRM program to defend against future cybersecurity threats