Service Overview Sheets

Vendor Security Management

Issue link:

Contents of this Issue


Page 0 of 0

Vendor Security Management Manage Risks Posed by Business Associates Develop & Mature Security Programs CynergisTek's Vendor Security Management program evaluates and monitors third- party vendors on a regular and ongoing basis, holding them accountable for mitigating security risks your organization identifies or assigns as remediation. CynergisTek evaluates each vendor's level of risk, requires them to attest to their compliance with HIPAA, and ascertains which protections are in place so your organization can make a determination around how to adjust your contracts, service levels, or your overall relationship. CynergisTek will then actively monitor each vendor, communicate the security gaps identified, and alert you of any changes to the vendor's status over time. All associated risks, questions, and documents are maintained and included in regular vendor status reports. Documenting this information is necessary to demonstrate due diligence in any investigation or compliance review. The end result will alleviate the challenges and manual process of managing multiple vendors and documenting your organization's due diligence when it comes to demonstrating compliance with HIPAA regulations. CynergisTek's Security Risk Assessment Tool (RiskSonar) can be used to alleviate manual processes and streamline the assessment workflow. Risk Profiling: Establishes an initial risk profile during the vendor selection and review process carried out during the initial contracting phase. Life Cycle Approach: A design and implementation phase is used to capture any implementation requirements and maps the dataflow from start to finish, while ensuring security best practices are implemented. Monitoring: A CynergisTek analyst actively monitors and engages your vendors, conducting the initial data collection and documentation review to perform a thorough analysis. Communication: A report of findings is generated and reviewed internally by the client to identify risk acceptance or exception from the defined security gaps. Reporting: Ongoing status reports keep you up-to-date with the current activity in your vendor program and any escalations of non-participation are reported on an ongoing basis. Alleviate demand on internal resources. Comply with HIPAA requirements. Identify and mitigate security risks associated with third-party vendors. Ensure and document due diligence. Reduce the time spent manually managing multiple vendors. Streamline continuous monitoring through effective reassessment workflows. What to Expect CynergisTek, Inc. 11410 Jollyville Road, Suite 2201, Austin, TX 78759 512.402.8550 @CynergisTek Learn more at:

Articles in this issue

Links on this page

view archives of Service Overview Sheets - Vendor Security Management