BLOG

I have been hosting The CyberPHIx healthcare cybersecurity podcast for over three years now. During that time, I have had the honor and privilege to speak with some of the healthcare industry’s most innovative thought leaders and experts in cybersecurity, privacy, compliance, and risk. We have produced 68 podcast episodes and counting thus far. For those who don’t quite have the time to binge-listen through the entire catalog, we have compiled some highlights from our guests on a on the topic of vendor security risk management. Read More

Recent high-profile supply chain attacks have heightened awareness of third-party vendor cybersecurity and privacy risks on a global scale. However, breaches and vulnerabilities in the supply chain have been on the radar for several years and have led to the development of slew of new regulations and standards. In this blog post, we will give a quick rundown of some of the latest regulations, standards, and guidance targeting supply chain risks from a federal and global standpoint. Read More

Fielding hundreds of security questions from dozens of customer risk assessments can take weeks and sometimes months to address. Getting the right information from the business, the security team, and certain IT specialists and translating that into the customer's specific requests can grind the sales cycle to a halt. Read More

Vendors can sometimes be treated less like business partners and more like adversaries for some third-party risk programs. This confrontational approach, however, often leads to breakdowns in communication that can impede the shared business objectives between customers and clients for driving down information security risks for all parties involved. Read More

Far too many third-party risk management programs rely upon assessment models that start from scratch with assessing products and vendors as they get processed through standard procurement cycles. The mean time to complete a vendor assessment from scratch takes over 27 days, which includes vendor response cycles, clarifications, and validation of information provided. Read More

A groundbreaking cyberattack against the Texas-based IT network solutions provider SolarWinds has resulted in unauthorized access to a wide range of government and private sector organizations. The extent, scale, and impact of the attack are still being assessed; however, initial indications are that the attack will have lasting security impacts for months and possible years to come. Read More

CORL provides a unique and innovative model for managing third-party risk. However, there are wide range of vendor assessment technologies and solutions on the market including cyber risk scoring tools, GRCs, automated questionnaires, vendor exchanges, and more. This diversity of solutions has generated confusion for some vendors that are trying figure out how and where CORL fits into the picture with supporting your vendor risk program. Read More

CORL Technologies CEO Cliff Baker recently had the opportunity to deliver a presentation alongside leadership from the Office for Civil Rights (OCR) on the state of HIPAA Security Rule compliance and risk management for third-party Business Associate vendors servicing the healthcare industry. The breach data and enforcement updates supplied by OCR reinforced his perspective on the paradigm shift currently underway for healthcare delivery in the migration of critical business functions to third-party cloud-based platforms. Read More