Best Practices in Third Party Risk Governance

Best Practices in Third Party Risk Governance

Jul 7, 2017 | Corporate Culture, Governance, Third Party Risk Management

blog 09

Part 3 in a series with Kenneth Peterson, Chairman and CEO, Churchill & Harriman

Q. What does the annual Shared Assessments Summit deliver to its audience to further propel education and awareness in healthcare security?

R. “The Shared Assessments Summit brings together senior risk executives to share best practices and latest insights on managing third party risk across the security, healthcare, financial services, transportation and government markets. This annual gathering and the conversations we have among peers throughout the year are tremendously important in helping us stay vigilant and focused on continuously improving the safety and security of our client’s most critical information. We’re excited to serve and collaborate with those we met at the 2017 Summit and help them with their risk management and third party vendor programs.”

Q. Tell me about some of the things you’re working on?

R. We continue to be very privileged to serve a wide array of very discerning clients and to collaborate with an incredible group of people. The depth and breadth of the issues we grapple with each and every day continue to become more and more complex. Therefore, it is incumbent on C&H to constantly hone the techniques we apply for our clients. These techniques have a measurable bearing on our client’s inward facing and outward facing cybersecurity risk management program. We’re able to then replicate those techniques as is appropriate for other clients.

Q. Where does Churchill &Harriman fit into the healthcare security market?

R. “Churchill & Harriman (C&H) is a leading provider of cybersecurity risk management and third party risk assessment services to the healthcare industry as well as the financial services, transportation and ecommerce markets. Certain results that C&H contributes to are formally recognized by the U.S. Department of Homeland Security (DHS), the Federal Bureau of Investigation (FBI), the U.S. Department of Health and Human Services (HHS), the National Health ISAC (NH-ISAC), and the National Directorate of ISACs (NCI Directorate). We’re privileged in that our tools, talents and techniques are being leveraged across industry. Working closely with our partners at Prevalent, Churchill & Harriman is further serving the collective good, providing third party risk management services that benefit the entire health care community.”

Q Help me finish this sentence…if a healthcare organization could only focus on 1-2 critical items for safeguarding their data and operations moving forward they should…
R. “Focus on the implementation and maintenance of a Threat and Vulnerability Management program that enables the organization to acquire and retain a thorough understanding of the threats to their information and operations, the vulnerabilities that those threats can exploit, and the probability of occurrence so that resources can be appropriately managed. Over time threats change, vulnerabilities can change quickly, and probabilities are never static. Therefore, the program must have the ability to take advantage of real time sources of accurate intelligence and information as well as continuous monitoring of their environment so that changes to policy, processes and technology do not fall behind and expose the organization to adverse results.”

Ken Peterson is a recognized leader in developing and implementing cybersecurity risk management strategies and solutions. Under Peterson’s stewardship, C&H has optimized enterprise risk governance programs, executing thousands of third-party risk assessments globally since 1997. C&H risk management work has been formally recognized by the U.S. Department of Homeland Security, the Federal Bureau of Investigation, the U.S. Department of Health and Human Services, the National Health ISAC, and the National Directorate of ISACs. In partnership with Prevalent, Inc., C&H has been formally selected by the NH-ISAC to perform certain third-party risk management services on behalf of their Members.

C&H is an Assessment Firm Member of the Shared Assessments (SA) Program, actively contributing to the Shared Assessments Agreed Upon Procedures (AUP), the Standardized Information Gathering (SIG) questionnaire, the Technical Development Committee and public outreach programs. Peterson is privileged to serve on the Shared Assessment Program’s Steering Committee and governing Advisory Board. Peterson additionally serves as the formal liaison between these two bodies.

To Learn more about C&H, please email

Sign up for our Newsletter

Learn about upcoming events, special offers from our partners and more.

Sub Topics