SlideShare a Scribd company logo

RSA-Iceberg Seminar: Building an effective supplier risk management program

Iceberg Networks Corporation
Iceberg Networks Corporation

Presentation deck from an RSA-Iceberg seminar on October 19, 2016. Our panel discusses a roll-out of RSA Archer to support a supplier risk management program in the health care sector. More info at http://icebergnetworks.com/srm/

Business
1 of 15
Download to read offline
WEBINAR • OCTOBER 19, 2016 BUILDING AN EFFECTIVE SUPPLIER RISK MANAGEMENT PROGRAM JESSICA HOOTEN HCA Healthcare CHRIS GABEL HCA Healthcare JOHN HEUER Iceberg Presented By
Today’s Panelists JESSICA HOOTEN Consulting Security Risk Controls Engineer HCA Healthcare CHRIS GABEL Consulting GRC Application Engineer HCA Healthcare JOHN HEUER Senior GRC Consultant, Finance & Banking Iceberg
“How Do You Know?” Who are your suppliers? Who are your supplier’s suppliers? Which suppliers are most critical to your business? How quickly can you assess a new supplier for risk? Do you trust your supplier risk information? What opportunities can your vendors help you achieve?
Volume & Complexity Financial Counterparties Consultants Maintenance Companies Raw Material Suppliers Software Providers Couriers Law Firms Hardware Providers Landlords / Lessors Parts Suppliers Insurers Employment Agencies ISPs SaaS Providers Credit Bureaus Utility & Telecom Companies Marketing Companies Security Guards Accountants Medical Business Associates Property Managers Partners/Ventures Integrators Third-Party Sellers Identity Protection Providers *Source: Shifting Toward Maturity, EY, June 2016 73% 21% 6% Less than 10,000 10,000-29,999 30,000-49,999 How many third party suppliers are in your organization’s inventory population?
Areas of Risk Financial Wherewithal Strategic Risk – “Concentrating eggs in one basket” / Failure to execute Credit, Liquidity Operational (incl. Geopolitical) Regulatory Compliance Information Security Business Resiliency Errors & Fraud Privacy Non- performance / Poor Quality Reputation Risk Inadequate 4th Party / Supply Chain Governance
•  Founded in 1968, headquartered in Nashville, TN •  World’s largest private operator of healthcare facilities •  250+ hospitals and freestanding surgery centers located in 28 states and the UK •  26+ million patient encounters and 8.1 million emergency room visits each year •  Ranked #63 in Fortune 500 •  233,000 employees; 37,000 active physicians; 79,000 nurses #11 Best Places to Work in IT Computerworld World’s Most Ethical Company (7th consecutive year) Ethisphere About HCA
Overall Challenge and Goals   Decentralized vendor governance processes (e.g., tracking findings)   Spreadsheets currently used to gather data and used for reporting   Ask vendors the same questions over and over   Limited visibility of vendor inventory Challenges
Overall Challenge and Goals   Centralize vendor functions and processes across the enterprise   Ensure that process ownership, roles, and responsibilities are clearly defined and develop efficient, repeatable processes   Enable “ask once, use many” approach to gathering data   Monitor and assess new/potential vendors and ongoing monitoring of existing vendors   Provide reporting of vendor security risk to management Goals   Decentralized vendor governance processes (e.g., tracking findings)   Spreadsheets currently used to gather data and used for reporting   Ask vendors the same questions over and over   Limited visibility of vendor inventory Challenges
Why Archer?   Currently use Archer for Risk Management, Incident Management, Issue Management, Policy Management   Assess compliance with company standards using NIST Cybersecurity Framework   Ability to aggregate all vendor data throughout the enterprise (corporate, divisions, facilities)   Effectively use the “Ask once, use many” strategy   Associate existing questionnaires
Discussion / Q&A JESSICA HOOTEN Consulting Security Risk Controls Engineer HCA Healthcare CHRIS GABEL Consulting GRC Application Engineer HCA Healthcare JOHN HEUER Senior GRC Consultant, Finance & Banking Iceberg
Supplier risk management success 1.  Effectively manage large number of vendors via automation 2.  Get the entire organization on the same page – break down silos! 3.  Confidence that you can meet growing regulatory requirements 4.  Greater certainty in an environment of increasing volume and sophistication of cyber threats 5.  Gain agility to respond more quickly to changing environments and emerging markets.
THANK YOU icebergnetworks.com/srm JESSICA HOOTEN HCA Healthcare CHRIS GABEL HCA Healthcare JOHN HEUER Iceberg
Extra / back-up material
Regulator Focus - Top 5 1. Enterprise-critical third parties 2. Oversight & governance 3. Information security & business continuity assessments 4. Onboarding activities 5. Consumer protection
Quotable …We find the smaller vendors are where our greatest risk can be. You can’t overlook any of them. The due diligence required is not just one time at on-boarding a vendor but ongoing monitoring must be a key aspect of any risk management program. Senior Information Security Analyst at a Major Canadian Financial Institution

Recommended

Europe Insurance Innovation Award 2017 - Healix
Europe Insurance Innovation Award 2017 - HealixEurope Insurance Innovation Award 2017 - Healix
Europe Insurance Innovation Award 2017 - Healix
The Digital Insurer
 
Advancing Business Value Through Predictive Analytics and Data Science
Advancing Business Value Through Predictive Analytics and Data ScienceAdvancing Business Value Through Predictive Analytics and Data Science
Advancing Business Value Through Predictive Analytics and Data Science
Srinivasan Sankar
 
7 critical elements of a data strategy.
7 critical elements of a data strategy.7 critical elements of a data strategy.
7 critical elements of a data strategy.
Objectivity
 
Big Data 101, What It Means for Business - BDI 12/4/13 The Future of Financia...
Big Data 101, What It Means for Business - BDI 12/4/13 The Future of Financia...Big Data 101, What It Means for Business - BDI 12/4/13 The Future of Financia...
Big Data 101, What It Means for Business - BDI 12/4/13 The Future of Financia...
Business Development Institute
 
Vendor Compliance for Credit Unions
Vendor Compliance for Credit UnionsVendor Compliance for Credit Unions
Vendor Compliance for Credit Unions
Trust Exchange
 
KYS - Instead of surprises know your suppliers (Compliance Series)
KYS - Instead of surprises know your suppliers (Compliance Series)KYS - Instead of surprises know your suppliers (Compliance Series)
KYS - Instead of surprises know your suppliers (Compliance Series)
IgorMate
 
Same Day ACH: The Face of Faster Payment
Same Day ACH: The Face of Faster PaymentSame Day ACH: The Face of Faster Payment
Same Day ACH: The Face of Faster Payment
Quatrro Processing Services (QPS)
 
What are the Business Security Metrics?
What are the Business Security Metrics? What are the Business Security Metrics?
What are the Business Security Metrics?
amiable_indian
 

Recommended

Europe Insurance Innovation Award 2017 - Healix
Europe Insurance Innovation Award 2017 - HealixEurope Insurance Innovation Award 2017 - Healix
Europe Insurance Innovation Award 2017 - Healix
The Digital Insurer
 
Advancing Business Value Through Predictive Analytics and Data Science
Advancing Business Value Through Predictive Analytics and Data ScienceAdvancing Business Value Through Predictive Analytics and Data Science
Advancing Business Value Through Predictive Analytics and Data Science
Srinivasan Sankar
 
7 critical elements of a data strategy.
7 critical elements of a data strategy.7 critical elements of a data strategy.
7 critical elements of a data strategy.
Objectivity
 
Big Data 101, What It Means for Business - BDI 12/4/13 The Future of Financia...
Big Data 101, What It Means for Business - BDI 12/4/13 The Future of Financia...Big Data 101, What It Means for Business - BDI 12/4/13 The Future of Financia...
Big Data 101, What It Means for Business - BDI 12/4/13 The Future of Financia...
Business Development Institute
 
Vendor Compliance for Credit Unions
Vendor Compliance for Credit UnionsVendor Compliance for Credit Unions
Vendor Compliance for Credit Unions
Trust Exchange
 
KYS - Instead of surprises know your suppliers (Compliance Series)
KYS - Instead of surprises know your suppliers (Compliance Series)KYS - Instead of surprises know your suppliers (Compliance Series)
KYS - Instead of surprises know your suppliers (Compliance Series)
IgorMate
 
Same Day ACH: The Face of Faster Payment
Same Day ACH: The Face of Faster PaymentSame Day ACH: The Face of Faster Payment
Same Day ACH: The Face of Faster Payment
Quatrro Processing Services (QPS)
 
What are the Business Security Metrics?
What are the Business Security Metrics? What are the Business Security Metrics?
What are the Business Security Metrics?
amiable_indian
 
Standing Up A Holistic And World Class Information Governance Program
Standing Up A Holistic And World Class Information Governance ProgramStanding Up A Holistic And World Class Information Governance Program
Standing Up A Holistic And World Class Information Governance Program
Rafael Moscatel CRM, IGP
 
Virtual Risk Officer / Virtual Risk Advisor
Virtual Risk Officer / Virtual Risk AdvisorVirtual Risk Officer / Virtual Risk Advisor
Virtual Risk Officer / Virtual Risk Advisor
Grayline
 
GDPR: The Regulator's Perspective, Peter Brown, ICO
GDPR: The Regulator's Perspective, Peter Brown, ICOGDPR: The Regulator's Perspective, Peter Brown, ICO
GDPR: The Regulator's Perspective, Peter Brown, ICO
BCS Data Management Specialist Group
 
FINTECH, CYBERSECURITY AND BUSINESS READINESS
FINTECH, CYBERSECURITY AND BUSINESS READINESS FINTECH, CYBERSECURITY AND BUSINESS READINESS
FINTECH, CYBERSECURITY AND BUSINESS READINESS
Andrew_Goss
 
Protecting Sensitive Personal Data in the Enterprise
Protecting Sensitive Personal Data in the EnterpriseProtecting Sensitive Personal Data in the Enterprise
Protecting Sensitive Personal Data in the Enterprise
Tata Consultancy Services
 
Trust Enabled Ecosystems
Trust Enabled EcosystemsTrust Enabled Ecosystems
Trust Enabled Ecosystems
Alex Todd
 
5 Steps to Attaining Information Strength
5 Steps to Attaining Information Strength5 Steps to Attaining Information Strength
5 Steps to Attaining Information Strength
Viewpointe, LLC
 
De groote de man Ingrid de Poorter
De groote de man Ingrid de PoorterDe groote de man Ingrid de Poorter
De groote de man Ingrid de Poorter
BigDataExpo
 
The New Energy Consumer: What Promises Do Blockchain Technologies Offer Energ...
The New Energy Consumer: What Promises Do Blockchain Technologies Offer Energ...The New Energy Consumer: What Promises Do Blockchain Technologies Offer Energ...
The New Energy Consumer: What Promises Do Blockchain Technologies Offer Energ...
accenture
 
Santam insurance 2
Santam insurance 2Santam insurance 2
Santam insurance 2
Bhavna Neel
 
WCAR Rutgers Presentation Nov 2013
WCAR Rutgers Presentation Nov 2013WCAR Rutgers Presentation Nov 2013
WCAR Rutgers Presentation Nov 2013
Vikas Dutta, CISA, CIPP/IT, ISO 27001 LA
 
FIS Risk and Compliance
FIS Risk and ComplianceFIS Risk and Compliance
FIS Risk and Compliance
FIS
 
Big Data_Analytics - Stick Man Presentation
Big Data_Analytics - Stick Man PresentationBig Data_Analytics - Stick Man Presentation
Big Data_Analytics - Stick Man Presentation
Alan Taylor
 
2018 IDG Security Priorities Infographic
2018 IDG Security Priorities Infographic2018 IDG Security Priorities Infographic
2018 IDG Security Priorities Infographic
IDG
 
Real-time Data is Changing the Face of the Insurance Industry
Real-time Data is Changing the Face of the Insurance IndustryReal-time Data is Changing the Face of the Insurance Industry
Real-time Data is Changing the Face of the Insurance Industry
DataWorks Summit
 
Challenges & Opportunities in Managing Cyber Risks
Challenges & Opportunities in Managing Cyber RisksChallenges & Opportunities in Managing Cyber Risks
Challenges & Opportunities in Managing Cyber Risks
Anna Gomez
 
2013 10 cu leeds school big data conference - bill jacobs - revolution analytics
2013 10 cu leeds school big data conference - bill jacobs - revolution analytics2013 10 cu leeds school big data conference - bill jacobs - revolution analytics
2013 10 cu leeds school big data conference - bill jacobs - revolution analytics
Bill Jacobs
 
Looking Ahead to Physician Contracting in 2018
Looking Ahead to Physician Contracting in 2018Looking Ahead to Physician Contracting in 2018
Looking Ahead to Physician Contracting in 2018
MD Ranger, Inc.
 
Project Control - Your Driver to Enterprise Profitability - Iain Graham, Sale...
Project Control - Your Driver to Enterprise Profitability - Iain Graham, Sale...Project Control - Your Driver to Enterprise Profitability - Iain Graham, Sale...
Project Control - Your Driver to Enterprise Profitability - Iain Graham, Sale...
Mediehuset Ingeniøren Live
 
Big Data and Analytics for Small Law Firms
Big Data and Analytics for Small Law FirmsBig Data and Analytics for Small Law Firms
Big Data and Analytics for Small Law Firms
Omar Ha-Redeye
 
Project List
Project ListProject List
Project List
Calvin Scott
 
Taller ambientes de aprendizaje
Taller ambientes de aprendizajeTaller ambientes de aprendizaje
Taller ambientes de aprendizaje
angelamarcela2016
 

More Related Content

What's hot

Virtual Risk Officer / Virtual Risk Advisor
Virtual Risk Officer / Virtual Risk AdvisorVirtual Risk Officer / Virtual Risk Advisor
Virtual Risk Officer / Virtual Risk Advisor
Grayline
 
Santam insurance 2
Santam insurance 2Santam insurance 2
Santam insurance 2
Bhavna Neel
 
Big Data_Analytics - Stick Man Presentation
Big Data_Analytics - Stick Man PresentationBig Data_Analytics - Stick Man Presentation
Big Data_Analytics - Stick Man Presentation
Alan Taylor
 
Real-time Data is Changing the Face of the Insurance Industry
Real-time Data is Changing the Face of the Insurance IndustryReal-time Data is Changing the Face of the Insurance Industry
Real-time Data is Changing the Face of the Insurance Industry
DataWorks Summit
 
Project Control - Your Driver to Enterprise Profitability - Iain Graham, Sale...
Project Control - Your Driver to Enterprise Profitability - Iain Graham, Sale...Project Control - Your Driver to Enterprise Profitability - Iain Graham, Sale...
Project Control - Your Driver to Enterprise Profitability - Iain Graham, Sale...
Mediehuset Ingeniøren Live
 

What's hot (20)

Standing Up A Holistic And World Class Information Governance Program
Standing Up A Holistic And World Class Information Governance ProgramStanding Up A Holistic And World Class Information Governance Program
Standing Up A Holistic And World Class Information Governance Program
 
Virtual Risk Officer / Virtual Risk Advisor
Virtual Risk Officer / Virtual Risk AdvisorVirtual Risk Officer / Virtual Risk Advisor
Virtual Risk Officer / Virtual Risk Advisor
 
GDPR: The Regulator's Perspective, Peter Brown, ICO
GDPR: The Regulator's Perspective, Peter Brown, ICOGDPR: The Regulator's Perspective, Peter Brown, ICO
GDPR: The Regulator's Perspective, Peter Brown, ICO
 
FINTECH, CYBERSECURITY AND BUSINESS READINESS
FINTECH, CYBERSECURITY AND BUSINESS READINESS FINTECH, CYBERSECURITY AND BUSINESS READINESS
FINTECH, CYBERSECURITY AND BUSINESS READINESS
 
Protecting Sensitive Personal Data in the Enterprise
Protecting Sensitive Personal Data in the EnterpriseProtecting Sensitive Personal Data in the Enterprise
Protecting Sensitive Personal Data in the Enterprise
 
Trust Enabled Ecosystems
Trust Enabled EcosystemsTrust Enabled Ecosystems
Trust Enabled Ecosystems
 
5 Steps to Attaining Information Strength
5 Steps to Attaining Information Strength5 Steps to Attaining Information Strength
5 Steps to Attaining Information Strength
 
De groote de man Ingrid de Poorter
De groote de man Ingrid de PoorterDe groote de man Ingrid de Poorter
De groote de man Ingrid de Poorter
 
The New Energy Consumer: What Promises Do Blockchain Technologies Offer Energ...
The New Energy Consumer: What Promises Do Blockchain Technologies Offer Energ...The New Energy Consumer: What Promises Do Blockchain Technologies Offer Energ...
The New Energy Consumer: What Promises Do Blockchain Technologies Offer Energ...
 
Santam insurance 2
Santam insurance 2Santam insurance 2
Santam insurance 2
 
WCAR Rutgers Presentation Nov 2013
WCAR Rutgers Presentation Nov 2013WCAR Rutgers Presentation Nov 2013
WCAR Rutgers Presentation Nov 2013
 
FIS Risk and Compliance
FIS Risk and ComplianceFIS Risk and Compliance
FIS Risk and Compliance
 
Big Data_Analytics - Stick Man Presentation
Big Data_Analytics - Stick Man PresentationBig Data_Analytics - Stick Man Presentation
Big Data_Analytics - Stick Man Presentation
 
2018 IDG Security Priorities Infographic
2018 IDG Security Priorities Infographic2018 IDG Security Priorities Infographic
2018 IDG Security Priorities Infographic
 
Real-time Data is Changing the Face of the Insurance Industry
Real-time Data is Changing the Face of the Insurance IndustryReal-time Data is Changing the Face of the Insurance Industry
Real-time Data is Changing the Face of the Insurance Industry
 
Challenges & Opportunities in Managing Cyber Risks
Challenges & Opportunities in Managing Cyber RisksChallenges & Opportunities in Managing Cyber Risks
Challenges & Opportunities in Managing Cyber Risks
 
2013 10 cu leeds school big data conference - bill jacobs - revolution analytics
2013 10 cu leeds school big data conference - bill jacobs - revolution analytics2013 10 cu leeds school big data conference - bill jacobs - revolution analytics
2013 10 cu leeds school big data conference - bill jacobs - revolution analytics
 
Looking Ahead to Physician Contracting in 2018
Looking Ahead to Physician Contracting in 2018Looking Ahead to Physician Contracting in 2018
Looking Ahead to Physician Contracting in 2018
 
Project Control - Your Driver to Enterprise Profitability - Iain Graham, Sale...
Project Control - Your Driver to Enterprise Profitability - Iain Graham, Sale...Project Control - Your Driver to Enterprise Profitability - Iain Graham, Sale...
Project Control - Your Driver to Enterprise Profitability - Iain Graham, Sale...
 
Big Data and Analytics for Small Law Firms
Big Data and Analytics for Small Law FirmsBig Data and Analytics for Small Law Firms
Big Data and Analytics for Small Law Firms
 

Viewers also liked

Dissertation Final Draft
Dissertation Final DraftDissertation Final Draft
Dissertation Final Draft
Tom Earnshaw
 

Viewers also liked (8)

Project List
Project ListProject List
Project List
 
Taller ambientes de aprendizaje
Taller ambientes de aprendizajeTaller ambientes de aprendizaje
Taller ambientes de aprendizaje
 
Dissertation Final Draft
Dissertation Final DraftDissertation Final Draft
Dissertation Final Draft
 
Творчий звіт 2015
Творчий звіт 2015Творчий звіт 2015
Творчий звіт 2015
 
Presentación personal
Presentación personalPresentación personal
Presentación personal
 
Resume_RKMishra
Resume_RKMishraResume_RKMishra
Resume_RKMishra
 
Tutorial2 11 11
Tutorial2 11 11Tutorial2 11 11
Tutorial2 11 11
 
9 azas media belajar
9 azas media belajar9 azas media belajar
9 azas media belajar
 

Similar to RSA-Iceberg Seminar: Building an effective supplier risk management program

WEBINAR: Enhance your perspective of vendor risk with ServiceNow
WEBINAR: Enhance your perspective of vendor risk with ServiceNowWEBINAR: Enhance your perspective of vendor risk with ServiceNow
WEBINAR: Enhance your perspective of vendor risk with ServiceNow
Iceberg Networks Corporation
 
Webinar: Strategies to Enhance your Screening and Transaction Monitoring Proc...
Webinar: Strategies to Enhance your Screening and Transaction Monitoring Proc...Webinar: Strategies to Enhance your Screening and Transaction Monitoring Proc...
Webinar: Strategies to Enhance your Screening and Transaction Monitoring Proc...
Alessa
 
Fact or Fiction – You Can Manage All Your Supplier Information, Transactions ...
Fact or Fiction – You Can Manage All Your Supplier Information, Transactions ...Fact or Fiction – You Can Manage All Your Supplier Information, Transactions ...
Fact or Fiction – You Can Manage All Your Supplier Information, Transactions ...
Tradeshift
 
The path to a Modern Data Architecture in Financial Services
The path to a Modern Data Architecture in Financial ServicesThe path to a Modern Data Architecture in Financial Services
The path to a Modern Data Architecture in Financial Services
Hortonworks
 
Too much data and not enough analytics!
Too much data and not enough analytics!Too much data and not enough analytics!
Too much data and not enough analytics!
Emma Kelly
 
Digital Shift in Insurance: How is the Industry Responding with the Influx of...
Digital Shift in Insurance: How is the Industry Responding with the Influx of...Digital Shift in Insurance: How is the Industry Responding with the Influx of...
Digital Shift in Insurance: How is the Industry Responding with the Influx of...
DataWorks Summit
 
1.Innova Zurich
1.Innova Zurich1.Innova Zurich
1.Innova Zurich
Ermando
 
AWS view of Financial Services Industry
AWS view of Financial Services IndustryAWS view of Financial Services Industry
AWS view of Financial Services Industry
Amazon Web Services LATAM
 
Smarter analytics101 v2.0.1
Smarter analytics101 v2.0.1Smarter analytics101 v2.0.1
Smarter analytics101 v2.0.1
Jenawahl
 
Power your businesswith risk informed decisions
Power your businesswith risk informed decisionsPower your businesswith risk informed decisions
Power your businesswith risk informed decisions
Alireza Ghahrood
 

Similar to RSA-Iceberg Seminar: Building an effective supplier risk management program (20)

WEBINAR: Enhance your perspective of vendor risk with ServiceNow
WEBINAR: Enhance your perspective of vendor risk with ServiceNowWEBINAR: Enhance your perspective of vendor risk with ServiceNow
WEBINAR: Enhance your perspective of vendor risk with ServiceNow
 
Webinar: Strategies to Enhance your Screening and Transaction Monitoring Proc...
Webinar: Strategies to Enhance your Screening and Transaction Monitoring Proc...Webinar: Strategies to Enhance your Screening and Transaction Monitoring Proc...
Webinar: Strategies to Enhance your Screening and Transaction Monitoring Proc...
 
Big data: What's the big deal?
Big data: What's the big deal?Big data: What's the big deal?
Big data: What's the big deal?
 
Six steps to leveraging location for the Canadian insurance industry
Six steps to leveraging location for the Canadian insurance industrySix steps to leveraging location for the Canadian insurance industry
Six steps to leveraging location for the Canadian insurance industry
 
Fact or Fiction – You Can Manage All Your Supplier Information, Transactions ...
Fact or Fiction – You Can Manage All Your Supplier Information, Transactions ...Fact or Fiction – You Can Manage All Your Supplier Information, Transactions ...
Fact or Fiction – You Can Manage All Your Supplier Information, Transactions ...
 
Financial Services in the Cloud
Financial Services in the CloudFinancial Services in the Cloud
Financial Services in the Cloud
 
The path to a Modern Data Architecture in Financial Services
The path to a Modern Data Architecture in Financial ServicesThe path to a Modern Data Architecture in Financial Services
The path to a Modern Data Architecture in Financial Services
 
Too much data and not enough analytics!
Too much data and not enough analytics!Too much data and not enough analytics!
Too much data and not enough analytics!
 
Oracle Insurance: A Clear Vision for the Industry
Oracle Insurance: A Clear Vision for the IndustryOracle Insurance: A Clear Vision for the Industry
Oracle Insurance: A Clear Vision for the Industry
 
Intelligent underwriting workbench
Intelligent underwriting workbenchIntelligent underwriting workbench
Intelligent underwriting workbench
 
Digital Shift in Insurance: How is the Industry Responding with the Influx of...
Digital Shift in Insurance: How is the Industry Responding with the Influx of...Digital Shift in Insurance: How is the Industry Responding with the Influx of...
Digital Shift in Insurance: How is the Industry Responding with the Influx of...
 
Business Mashups, or Mashup Business?
Business Mashups, or Mashup Business?Business Mashups, or Mashup Business?
Business Mashups, or Mashup Business?
 
TrustedAgent GRC for Public Sector
TrustedAgent GRC for Public SectorTrustedAgent GRC for Public Sector
TrustedAgent GRC for Public Sector
 
TrustedAgent GRC for Public Sector
TrustedAgent GRC for Public SectorTrustedAgent GRC for Public Sector
TrustedAgent GRC for Public Sector
 
1.Innova Zurich
1.Innova Zurich1.Innova Zurich
1.Innova Zurich
 
Achieving Agility with Control in Financial Services
Achieving Agility with Control in Financial ServicesAchieving Agility with Control in Financial Services
Achieving Agility with Control in Financial Services
 
AWS view of Financial Services Industry
AWS view of Financial Services IndustryAWS view of Financial Services Industry
AWS view of Financial Services Industry
 
Smarter analytics101 v2.0.1
Smarter analytics101 v2.0.1Smarter analytics101 v2.0.1
Smarter analytics101 v2.0.1
 
Power your businesswith risk informed decisions
Power your businesswith risk informed decisionsPower your businesswith risk informed decisions
Power your businesswith risk informed decisions
 
Cyber TPRM - the journey ahead
Cyber TPRM - the journey aheadCyber TPRM - the journey ahead
Cyber TPRM - the journey ahead
 

More from Iceberg Networks Corporation

Yes, there is a better way to do vendor risk assessments!
Yes, there is a better way to do vendor risk assessments!Yes, there is a better way to do vendor risk assessments!
Yes, there is a better way to do vendor risk assessments!
Iceberg Networks Corporation
 
Solving data publication challenges for even better rsa archer reporting
Solving data publication challenges for even better rsa archer reportingSolving data publication challenges for even better rsa archer reporting
Solving data publication challenges for even better rsa archer reporting
Iceberg Networks Corporation
 

More from Iceberg Networks Corporation (10)

Yes, there is a better way to do vendor risk assessments!
Yes, there is a better way to do vendor risk assessments!Yes, there is a better way to do vendor risk assessments!
Yes, there is a better way to do vendor risk assessments!
 
How Archer users are leveraging Iceberg APS for a stronger GRC program
How Archer users are leveraging Iceberg APS for a stronger GRC programHow Archer users are leveraging Iceberg APS for a stronger GRC program
How Archer users are leveraging Iceberg APS for a stronger GRC program
 
Transforming compliance and audit management with ServiceNow
Transforming compliance and audit management with ServiceNowTransforming compliance and audit management with ServiceNow
Transforming compliance and audit management with ServiceNow
 
Iceberg Webinar: Adding relevant financial context to your BCM program
Iceberg Webinar: Adding relevant financial context to your BCM program Iceberg Webinar: Adding relevant financial context to your BCM program
Iceberg Webinar: Adding relevant financial context to your BCM program
 
Webinar: Evolve Beyond the Third Line
Webinar: Evolve Beyond the Third LineWebinar: Evolve Beyond the Third Line
Webinar: Evolve Beyond the Third Line
 
Webinar: Getting a grip on application risk
Webinar: Getting a grip on application riskWebinar: Getting a grip on application risk
Webinar: Getting a grip on application risk
 
Case study: Getting a grip on application risk
Case study: Getting a grip on application riskCase study: Getting a grip on application risk
Case study: Getting a grip on application risk
 
Webinar: Vulnerability Management IT can fix it, but the business needs to ow...
Webinar: Vulnerability Management IT can fix it, but the business needs to ow...Webinar: Vulnerability Management IT can fix it, but the business needs to ow...
Webinar: Vulnerability Management IT can fix it, but the business needs to ow...
 
Solution Brief: Helping prepare for risk & compliance challenges for GDPR
Solution Brief: Helping prepare for risk & compliance challenges for GDPRSolution Brief: Helping prepare for risk & compliance challenges for GDPR
Solution Brief: Helping prepare for risk & compliance challenges for GDPR
 
Solving data publication challenges for even better rsa archer reporting
Solving data publication challenges for even better rsa archer reportingSolving data publication challenges for even better rsa archer reporting
Solving data publication challenges for even better rsa archer reporting
 

Recently uploaded

GUWAHATI 💋 Call Girl 9827461493 Call Girls in Escort service book now
GUWAHATI 💋 Call Girl 9827461493 Call Girls in Escort service book nowGUWAHATI 💋 Call Girl 9827461493 Call Girls in Escort service book now
GUWAHATI 💋 Call Girl 9827461493 Call Girls in Escort service book now
kapoorjyoti4444
 
Call 7737669865 Vadodara Call Girls Service at your Door Step Available All Time
Call 7737669865 Vadodara Call Girls Service at your Door Step Available All TimeCall 7737669865 Vadodara Call Girls Service at your Door Step Available All Time
Call 7737669865 Vadodara Call Girls Service at your Door Step Available All Time
gargpaaro
 
KOTA 💋 Call Girl 9827461493 Call Girls in Escort service book now
KOTA 💋 Call Girl 9827461493 Call Girls in Escort service book nowKOTA 💋 Call Girl 9827461493 Call Girls in Escort service book now
KOTA 💋 Call Girl 9827461493 Call Girls in Escort service book now
kapoorjyoti4444
 
KOLKATA 💋 Call Girl 9827461493 Call Girls in Escort service book now
KOLKATA 💋 Call Girl 9827461493 Call Girls in Escort service book nowKOLKATA 💋 Call Girl 9827461493 Call Girls in Escort service book now
KOLKATA 💋 Call Girl 9827461493 Call Girls in Escort service book now
kapoorjyoti4444
 
Pre Engineered Building Manufacturers Hyderabad.pptx
Pre Engineered Building Manufacturers Hyderabad.pptxPre Engineered Building Manufacturers Hyderabad.pptx
Pre Engineered Building Manufacturers Hyderabad.pptx
Roofing Contractor
 
Paradip CALL GIRL❤7091819311❤CALL GIRLS IN ESCORT SERVICE WE ARE PROVIDING
Paradip CALL GIRL❤7091819311❤CALL GIRLS IN ESCORT SERVICE WE ARE PROVIDINGParadip CALL GIRL❤7091819311❤CALL GIRLS IN ESCORT SERVICE WE ARE PROVIDING
Paradip CALL GIRL❤7091819311❤CALL GIRLS IN ESCORT SERVICE WE ARE PROVIDING
pr788182
 

Recently uploaded (20)

GUWAHATI 💋 Call Girl 9827461493 Call Girls in Escort service book now
GUWAHATI 💋 Call Girl 9827461493 Call Girls in Escort service book nowGUWAHATI 💋 Call Girl 9827461493 Call Girls in Escort service book now
GUWAHATI 💋 Call Girl 9827461493 Call Girls in Escort service book now
 
Puri CALL GIRL ❤️8084732287❤️ CALL GIRLS IN ESCORT SERVICE WE ARW PROVIDING
Puri CALL GIRL ❤️8084732287❤️ CALL GIRLS IN ESCORT SERVICE WE ARW PROVIDINGPuri CALL GIRL ❤️8084732287❤️ CALL GIRLS IN ESCORT SERVICE WE ARW PROVIDING
Puri CALL GIRL ❤️8084732287❤️ CALL GIRLS IN ESCORT SERVICE WE ARW PROVIDING
 
Call 7737669865 Vadodara Call Girls Service at your Door Step Available All Time
Call 7737669865 Vadodara Call Girls Service at your Door Step Available All TimeCall 7737669865 Vadodara Call Girls Service at your Door Step Available All Time
Call 7737669865 Vadodara Call Girls Service at your Door Step Available All Time
 
JHARSUGUDA CALL GIRL ❤ 82729*64427❤ CALL GIRLS IN JHARSUGUDA ESCORTS
JHARSUGUDA CALL GIRL ❤ 82729*64427❤ CALL GIRLS IN JHARSUGUDA ESCORTSJHARSUGUDA CALL GIRL ❤ 82729*64427❤ CALL GIRLS IN JHARSUGUDA ESCORTS
JHARSUGUDA CALL GIRL ❤ 82729*64427❤ CALL GIRLS IN JHARSUGUDA ESCORTS
 
Lundin Gold - Q1 2024 Conference Call Presentation (Revised)
Lundin Gold - Q1 2024 Conference Call Presentation (Revised)Lundin Gold - Q1 2024 Conference Call Presentation (Revised)
Lundin Gold - Q1 2024 Conference Call Presentation (Revised)
 
Falcon Invoice Discounting: Empowering Your Business Growth
Falcon Invoice Discounting: Empowering Your Business GrowthFalcon Invoice Discounting: Empowering Your Business Growth
Falcon Invoice Discounting: Empowering Your Business Growth
 
Phases of Negotiation .pptx
Phases of Negotiation .pptx Phases of Negotiation .pptx
Phases of Negotiation .pptx
 
KOTA 💋 Call Girl 9827461493 Call Girls in Escort service book now
KOTA 💋 Call Girl 9827461493 Call Girls in Escort service book nowKOTA 💋 Call Girl 9827461493 Call Girls in Escort service book now
KOTA 💋 Call Girl 9827461493 Call Girls in Escort service book now
 
HomeRoots Pitch Deck | Investor Insights | April 2024
HomeRoots Pitch Deck | Investor Insights | April 2024HomeRoots Pitch Deck | Investor Insights | April 2024
HomeRoots Pitch Deck | Investor Insights | April 2024
 
PHX May 2024 Corporate Presentation Final
PHX May 2024 Corporate Presentation FinalPHX May 2024 Corporate Presentation Final
PHX May 2024 Corporate Presentation Final
 
KOLKATA 💋 Call Girl 9827461493 Call Girls in Escort service book now
KOLKATA 💋 Call Girl 9827461493 Call Girls in Escort service book nowKOLKATA 💋 Call Girl 9827461493 Call Girls in Escort service book now
KOLKATA 💋 Call Girl 9827461493 Call Girls in Escort service book now
 
Getting Real with AI - Columbus DAW - May 2024 - Nick Woo from AlignAI
Getting Real with AI - Columbus DAW - May 2024 - Nick Woo from AlignAIGetting Real with AI - Columbus DAW - May 2024 - Nick Woo from AlignAI
Getting Real with AI - Columbus DAW - May 2024 - Nick Woo from AlignAI
 
Lucknow Housewife Escorts by Sexy Bhabhi Service 8250092165
Lucknow Housewife Escorts by Sexy Bhabhi Service 8250092165Lucknow Housewife Escorts by Sexy Bhabhi Service 8250092165
Lucknow Housewife Escorts by Sexy Bhabhi Service 8250092165
 
SEO Case Study: How I Increased SEO Traffic & Ranking by 50-60% in 6 Months
SEO Case Study: How I Increased SEO Traffic & Ranking by 50-60% in 6 MonthsSEO Case Study: How I Increased SEO Traffic & Ranking by 50-60% in 6 Months
SEO Case Study: How I Increased SEO Traffic & Ranking by 50-60% in 6 Months
 
Pre Engineered Building Manufacturers Hyderabad.pptx
Pre Engineered Building Manufacturers Hyderabad.pptxPre Engineered Building Manufacturers Hyderabad.pptx
Pre Engineered Building Manufacturers Hyderabad.pptx
 
Solan Call Girl Just Call 8084732287 Top Class Call Girl Service Available
Solan Call Girl Just Call 8084732287 Top Class Call Girl Service AvailableSolan Call Girl Just Call 8084732287 Top Class Call Girl Service Available
Solan Call Girl Just Call 8084732287 Top Class Call Girl Service Available
 
Berhampur 70918*19311 CALL GIRLS IN ESCORT SERVICE WE ARE PROVIDING
Berhampur 70918*19311 CALL GIRLS IN ESCORT SERVICE WE ARE PROVIDINGBerhampur 70918*19311 CALL GIRLS IN ESCORT SERVICE WE ARE PROVIDING
Berhampur 70918*19311 CALL GIRLS IN ESCORT SERVICE WE ARE PROVIDING
 
Paradip CALL GIRL❤7091819311❤CALL GIRLS IN ESCORT SERVICE WE ARE PROVIDING
Paradip CALL GIRL❤7091819311❤CALL GIRLS IN ESCORT SERVICE WE ARE PROVIDINGParadip CALL GIRL❤7091819311❤CALL GIRLS IN ESCORT SERVICE WE ARE PROVIDING
Paradip CALL GIRL❤7091819311❤CALL GIRLS IN ESCORT SERVICE WE ARE PROVIDING
 
Berhampur CALL GIRL❤7091819311❤CALL GIRLS IN ESCORT SERVICE WE ARE PROVIDING
Berhampur CALL GIRL❤7091819311❤CALL GIRLS IN ESCORT SERVICE WE ARE PROVIDINGBerhampur CALL GIRL❤7091819311❤CALL GIRLS IN ESCORT SERVICE WE ARE PROVIDING
Berhampur CALL GIRL❤7091819311❤CALL GIRLS IN ESCORT SERVICE WE ARE PROVIDING
 
Escorts in Nungambakkam Phone 8250092165 Enjoy 24/7 Escort Service Enjoy Your...
Escorts in Nungambakkam Phone 8250092165 Enjoy 24/7 Escort Service Enjoy Your...Escorts in Nungambakkam Phone 8250092165 Enjoy 24/7 Escort Service Enjoy Your...
Escorts in Nungambakkam Phone 8250092165 Enjoy 24/7 Escort Service Enjoy Your...
 

RSA-Iceberg Seminar: Building an effective supplier risk management program

  • 1. WEBINAR • OCTOBER 19, 2016 BUILDING AN EFFECTIVE SUPPLIER RISK MANAGEMENT PROGRAM JESSICA HOOTEN HCA Healthcare CHRIS GABEL HCA Healthcare JOHN HEUER Iceberg Presented By
  • 2. Today’s Panelists JESSICA HOOTEN Consulting Security Risk Controls Engineer HCA Healthcare CHRIS GABEL Consulting GRC Application Engineer HCA Healthcare JOHN HEUER Senior GRC Consultant, Finance & Banking Iceberg
  • 3. “How Do You Know?” Who are your suppliers? Who are your supplier’s suppliers? Which suppliers are most critical to your business? How quickly can you assess a new supplier for risk? Do you trust your supplier risk information? What opportunities can your vendors help you achieve?
  • 4. Volume & Complexity Financial Counterparties Consultants Maintenance Companies Raw Material Suppliers Software Providers Couriers Law Firms Hardware Providers Landlords / Lessors Parts Suppliers Insurers Employment Agencies ISPs SaaS Providers Credit Bureaus Utility & Telecom Companies Marketing Companies Security Guards Accountants Medical Business Associates Property Managers Partners/Ventures Integrators Third-Party Sellers Identity Protection Providers *Source: Shifting Toward Maturity, EY, June 2016 73% 21% 6% Less than 10,000 10,000-29,999 30,000-49,999 How many third party suppliers are in your organization’s inventory population?
  • 5. Areas of Risk Financial Wherewithal Strategic Risk – “Concentrating eggs in one basket” / Failure to execute Credit, Liquidity Operational (incl. Geopolitical) Regulatory Compliance Information Security Business Resiliency Errors & Fraud Privacy Non- performance / Poor Quality Reputation Risk Inadequate 4th Party / Supply Chain Governance
  • 6. •  Founded in 1968, headquartered in Nashville, TN •  World’s largest private operator of healthcare facilities •  250+ hospitals and freestanding surgery centers located in 28 states and the UK •  26+ million patient encounters and 8.1 million emergency room visits each year •  Ranked #63 in Fortune 500 •  233,000 employees; 37,000 active physicians; 79,000 nurses #11 Best Places to Work in IT Computerworld World’s Most Ethical Company (7th consecutive year) Ethisphere About HCA
  • 7. Overall Challenge and Goals   Decentralized vendor governance processes (e.g., tracking findings)   Spreadsheets currently used to gather data and used for reporting   Ask vendors the same questions over and over   Limited visibility of vendor inventory Challenges
  • 8. Overall Challenge and Goals   Centralize vendor functions and processes across the enterprise   Ensure that process ownership, roles, and responsibilities are clearly defined and develop efficient, repeatable processes   Enable “ask once, use many” approach to gathering data   Monitor and assess new/potential vendors and ongoing monitoring of existing vendors   Provide reporting of vendor security risk to management Goals   Decentralized vendor governance processes (e.g., tracking findings)   Spreadsheets currently used to gather data and used for reporting   Ask vendors the same questions over and over   Limited visibility of vendor inventory Challenges
  • 9. Why Archer?   Currently use Archer for Risk Management, Incident Management, Issue Management, Policy Management   Assess compliance with company standards using NIST Cybersecurity Framework   Ability to aggregate all vendor data throughout the enterprise (corporate, divisions, facilities)   Effectively use the “Ask once, use many” strategy   Associate existing questionnaires
  • 10. Discussion / Q&A JESSICA HOOTEN Consulting Security Risk Controls Engineer HCA Healthcare CHRIS GABEL Consulting GRC Application Engineer HCA Healthcare JOHN HEUER Senior GRC Consultant, Finance & Banking Iceberg
  • 11. Supplier risk management success 1.  Effectively manage large number of vendors via automation 2.  Get the entire organization on the same page – break down silos! 3.  Confidence that you can meet growing regulatory requirements 4.  Greater certainty in an environment of increasing volume and sophistication of cyber threats 5.  Gain agility to respond more quickly to changing environments and emerging markets.
  • 12. THANK YOU icebergnetworks.com/srm JESSICA HOOTEN HCA Healthcare CHRIS GABEL HCA Healthcare JOHN HEUER Iceberg
  • 13. Extra / back-up material
  • 14. Regulator Focus - Top 5 1. Enterprise-critical third parties 2. Oversight & governance 3. Information security & business continuity assessments 4. Onboarding activities 5. Consumer protection
  • 15. Quotable …We find the smaller vendors are where our greatest risk can be. You can’t overlook any of them. The due diligence required is not just one time at on-boarding a vendor but ongoing monitoring must be a key aspect of any risk management program. Senior Information Security Analyst at a Major Canadian Financial Institution