summit committee - hitrust · pdf filethe hitrust third party assurance summit brings together...
TRANSCRIPT
how are other organizations
addressing third-party risk
management?
How do we statisfy the information
privacy and security assurance
requests from our customers?
How can I leverage a single
privacy and security
assessment with all
my customers?
What are the impacts of
changing U.S. and International
regulations on third-party
assurance?
Streamlining third party risk management Most agree that third-party assurance is a crucial component of an organization’s risk management program. Developing and implementing an effective program, given the increased regulatory oversight, reliance and complexity of outsourced relationships and evolving threat landscape, is a challenging task – and one that requires alignment and support internally and with business partners.
Also, by engaging, partnering and coordinating with third parties in the risk management process, versus imposing redundant and inconsistent assessment and reporting requirements, greater efficiencies and improved partner relations can be gained, and appropriate risk management can be ensured.
The HITRUST Third Party Assurance Summit brings together leaders and experts representing customers, vendors and consultancies in various aspects of risk management to share best practices, lessons learned and effective third-party risk management strategies leveraging the HITRUST CSF Assurance Program and HITRUST Assessment XChange. Additionally, the Summit provides a unique forum for customers, their business partners and vendors to truly collaborate in evolving approaches, ensuring effective communications of appropriate, timely and consumable risk management information.
The Summit provides a combination of facilitated discussions, educational sessions and networking opportunities with general sessions and tracks specific to customer or vendor areas of interest.
Summit CommitteeRyan sawyer
Staff VP, technology risk &
vendor security oversight
anthem, inc.
Debbie HutchinsonDirector IT Audit & third-party
assurance
availity
jutta WilliamsProgram manager,
health research
Omar khawajaVP & cISO
highmark
Chetana SankhyeDirector, Vendor risk
management & Technology risk
management
Kaiser Permanente
Hector Rodriguezciso, WORLDWIDE health
Microsoft
Bob SmithSenior manager,
Technology Compliance
Salesforce
Bryan sheehanSenior director, enterprise
information security
unitedhealth group
John HoustonVP, privacy & Information
Security & associate counsel
University of Pittsburgh
medical center
Taylor LehmanNCISO
Wellforce
FPO: Art render by Matthew Warlick - drawing of venue??location city??
P2
General sessions will include:
• Customer’s perspective, approach, challenges and issues managing third-party and fourth-party risk • Vendor’s perspective, approach, challenges and issues in supporting customer third-party assurance requests• Collaboration to identify areas of contention and brainstorm solutions • Legal and regulatory considerations in the U.S. and internationally• Role of continuous monitoring and risk ratings• Streamlining the process by leveraging HITRUST Assessment XChange and vendor risk management systems• How just one HITRUST CSF assessment can meet all your regulatory and third-party requirements including
SOC 2®, NIST Cybersecurity, HIPAA, and more
Educational sessions will include:
• Leveraging the HITRUST CSF Assurance and CSF BASICs programs as part of comprehensive risk management strategy
• Vendor identification and risk classification• Vendor engagement and outreach• Contractual amendments and contracting process
Come learn why the HITRUST CSF Assurance program is the most widely utilized assessment approach for third-party assurance, how to enhance your third-party assurance program, or how to better engage with your partners on this topic. Regardless if you are a customer or vendor, large or small, the HITRUST Third Party Assurance Summit is a great venue to learn, collaborate and be part of the conversation driving change in third-party risk
management. For more information or to register, click here.
Who Should Attend?
Organizations:• Any organization that leverages a third-party vendor to support the creation, transport, processing or storage
of sensitive information, including health, financial and intellectual information• Any vendor or business partner
Departments:• Information Security• Enterprise Risk• Internal Audit and Compliance• Procurement• Vendor Risk Management• Finance• Legal and Compliance• Customer Relationship Management
P3
Pre-Summit Meetings
9:15 a.m. - 11:30 a.m. Third party assurance council meeting
Summit Meetings
Summit Agenda Day 1
Customer and Vendor Perspective Sessions: Presentations and panel discussions by customers and vendors sharing their position, perspectives and approaches to effective third-party risk management or customer information assurance requests, respectively.
1:00 p.m.
Welcome
Michael Parisi, Vice President -- Assurance Strategy & Community
Development, HITRUST
Michael odenwald, Vice President -- Third party programs, strategic accounts &
Partnerships, HITRUST
Programmatic Considerations for Organizations
Learn about common challenges in establishing a Third Party Risk
Management program and what various stakeholders within organizations
care about.
Jutta Williams, Program Manager – Health Research, Google
Michael Parisi, Vice President -- Assurance Strategy & Community
Development, HITRUST
Taylor Lehmann, CISO, Wellforce
Customer perspectives
Customers share their perspectives and challenges around implementing
an effective third-party assurance program.
Debbie Hutchinson, Director - IT Audit & Third Party Assurance, Availity
Phil Curran, Chief Information Assurance & Privacy Officer, Cooper
University Healthcare
Bryan Sheehan, Senior Director, Enterprise Information Security,
Unitedhealth Group
John Houston, Vice President, Privacy & Information security &
Associate Counsel, UPMC
break
Vendor perspectives
Vendors and business partners share their perspectives and challenges
in meeting customers information requests efficiently.
MIKE SWYT, VP – INFORMATION SECURITY RISK MANAGEMENT, CHANGE HEALTHCARE
HECTOR RODRIgUEZ, HEALTH Ciso, MICROSOFT
LEE PENN, cfo, PDHI
BOB SMITH, SENIOR MANAGER – TECHNOLOGY COMPLIANCE, SALESFORCE
How states impact health information exchanges
Learn how various states are ensuring health information exchanges
have effective information assurance.
Mark jacobs, CIO, Delaware health information network
CHRISTIE HALL, PROGRAM MANAGER – DIVISION OF HEALTHCARE INNOVATION, NY
STATE DEPARTMENT OF HEALTH
P4
1:15 p.m.
3:00 P.m.
4:00 p.m.
1:45 p.m.
2:45 P.m.
Education sessions
Summit Agenda Day 2
Sessions will focus on transferring knowledge and outlining best practices on key areas relevant to third-party assurance and will be further segregated into tracks for customers and vendors.
9:00 a.m. Collaboration + Leadership + HITRUST CSF Assurance = Win for Everyone
OMAR KhaWAJA, vp & CISO, HIGHMARK
MICHAEL PARISI, Vp, ASSURANCE STRATEGY & COMMUNITY DEVELOPMENT, HITRUST
customer track vendor track
Third Party Identification and Risk
Ranking
DOUG PETERSON, CISO, GREAT-WEST
FINANCIAL
Dennis Quandt, Director, risk
assurance, Pwc
Third Party Outreach and
Communications
Ryan sawyer, Staff vp, technology Risk
& vendor security oversight, ANTHEM
Chetana Sankhye, director - vendor risk
management & technology
management, Kaiser Permanente
Leveraging Information Privacy and
Security as a Competitive Advantage
TBD, Blue Cross Blue Shield Association
travis good, CEO & Co-founder, DATICA
Improving Information Security
and Reporting to Meet the
Requirements of Your Customers
RICK GILMORE, DIRECTOR -- CORPORATE
SECURITY INFORMATION RISK
MANAGEMENT, COGIZANT
BRENDA MAGRI, DIRECTOR, RISK
MANAGEMENT – BILLER SOLUTIONS,
FISERV
Lunch
THIRD PARTY (& FOURTH PARTY)
ASSURANCE-RELATED CONTRACTS
IMPLICATIONS AND APPROACHES
BRENDA CALLAWAY, DIVISIONAL VP --
INFORMATION SECURITY RISK
MANAGEMENT, HCSC
TIM BELARDI, DIRECTOR -- GRC
TECHNOLOGY & THIRD PARTY RISK
MANAGEMENT, HIGHMARK
What to Expect When Undergoing a
CSF Assessment
ANDREW HICKS, managing principal,
Healthcare & Life sciences, COALFIRE
chad phillips, risk & financial advisory
Director, DELOITTE & Touche LLC
KEN VANDER WAL, CHIEF COMPLIANCE
OFFICER, HITRUST
10:00 a.m.
11:00 a.m.
12:00 p.m.
12:45 p.m.
Legal and regulatory considerations in the U.S.. and internationally
Learn about the latest developments in the state, federal and
international regulation and enforcement of privacy and security,
including a legal perspective on third-party assurance and what
companies are obligated to do under GDPR.
KIRK NAHRA, PARTNER, WILEY REIN
networking reception
4:30 p.m.
Summit Agenda Day 1 Continued...
6-9:00 p.m.
P5
Post-Summit Meeting
CSF assessor council meeting3:30 P.m.
HITRUST considerations for the future
Michael Parisi, Vice President -- Assurance Strategy & Community
Development, HITRUST
Michael frederick, Vice President -- operations, HITRUST
elie nasrallah, director -- cyber security strategy, HITRUST
Closing remarks
Michael odenwald, Vice President -- Third party programs, strategic accounts &
Partnerships, HITRUST
1:45 p.m.
3:00 p.m.
P6
Registration:
HITRUST Third Party Assurance Summit 2018
Hyatt Regency O’Hare
February 20-21, 2018
Chicago, IL
To register, click here
Learn more about the other
conversations taking place around
information security, privacy and
risk management in the HITRUST
storyboard series at
Hitrustalliance.net/Stories/