An increasing number of disruptive events involving third parties is driving heightened attention to operational resilience and cybersecurity among government agencies and regulating bodies, thereby increasing pressure on health care organizations to enhance their third-party risk management (TPRM) capabilities.
Resilience is the capability of an organization to be prepared for disruption and to adapt and thrive in an increasingly connected environment. Resilience isn’t purely defensive in orientation. It also progressively builds capacity for agility, adaptation, learning, and regeneration to help organizations capitalize on business advantages while preparing for more complex and severe disruptive events.
A cyber TPRM program could help make hospitals more resilient
Deloitte’s life cycle approach to TPRM addresses all stages of a third-party life cycle with a focus on organizational resilience with these characteristics.
Vendors/service providers are risk-tiered based on the nature of services being provided and the severity of impact in case of unavailability.
Third-party contract clauses include language around resiliency and business continuity planning.
Third parties required for the execution/recovery of critical business services are identified, and the recovery requirements are aligned with the recovery time objectives of critical business services.
Risk assessment and due diligence over third parties consider business continuity, disaster recovery, and scenario planning to recover critical business services in case a third party is unavailable.
TPRM program includes consideration of fourth parties and potential disruption related to fourth parties’ unavailability.
Opens in new window
In the health care sector, disruptions can mean the difference between life and death. The dependence on third parties makes it crucial to integrate resilience into third-party risk management (TPRM). By modernizing TPRM frameworks, addressing vulnerabilities, and adopting continuous monitoring of cyber risks, organizations can improve patient care and maintain operational continuity.
Is your organization prepared to handle disruptions?