Solution Type Develop a custom vendor risk-quantification tool
Needs A large U.S. regional healthcare insurer, provides health insurance coverage to over 3 million people. It has a small but growing information security program and staff. They have engaged with TUV Rheinland OpenSky to conduct third-party risk assessment as part of their information security program. They are particularly interested in quantifying the vendor risks assessment and scoring as part of third-party risk assessment.
Vendor Risk Quantification Tool: TUV Rheinland OpenSky proposed developing a customized vendor risk quantification tool which will enable this company to quantify the inherent, and residual risks associated with a third party risk assessment and also include a 3rd vector assessment score they use to monitor and assess vendors on publicly available information. Model Risk Quantification: TUV Rheinland OpenSky conducted a ‘deep dive‘ into the client‘s TPRM program, in helping them develop a formal, vendor risk-based quantification model by including the inherent, TPRM and publicly available risk score assessments.
At the end of the day
Using the tool the regional healthcare insurer will be able to score their vendors in a disciplined, standard, repeatable and improvable process to evaluate the risk associated with their vendors and monitor the maturity of their TPRM program. The assessment score and rating calculated by the model will help the organization vendor governance and oversight committee to determine priorities.