LPRS 2019. Three cities. Countless opportunities to learn
In 2019, Lockpath, a NAVEX Global Company, took its Lockpath Ready Summit (LPRS) on the road. We held user summits in three cities: Chicago, Nashville, and Phoenix. The road show enabled platform users to gather in the city most convenient to them or attend based on the summit’s theme.
Chicago attendees learned about using our platform for third-party risk management. In Nashville, the educational sessions focused on managing risk and compliance associated with healthcare. For Phoenix, featured topics included best practices using a governance, risk management, and compliance (GRC) platform and third-party risk in the age of data privacy.
In this post, we’ll share highlights from each user summit.
Managing risk with third parties has grown to a fever pitch, making the City of Broad Shoulders the ideal environment for platform users to roll up sleeves and work to find real answers to challenges.
Linda Tuck Chapman, president of ONTALA Performance Solutions, shared her research and expertise on third party risk management and its role in driving enterprise value.
Tuck Chapman gave attendees a clearer definition of third parties as all business relationships, excluding those with your customers. She shared there are more stakeholders and more board-level interest in third-party risk. As such, it’s imperative to align the value proposition for third parties with your company’s risk appetite. An example of this is weighing third party value while also keeping in mind the level of importance with protecting your company’s reputation.
While Tuck Chapman’s presentation focused on guidance for third-party program and company objectives, Molina Healthcare’s Jan Arban focused on the nuts and bolts of using with the platform to manage third-party risk.
Arban shared tips and tricks for prioritizing vendors, performing assessments, tracking findings, and monitoring risk by leveraging the platform’s capabilities. In one instance, Arban showed how he uses an initial 22-question survey to prioritize vendors as Tier 1, 2, or 3, the lowest risk.
“You don’t want to overwhelm Tier 3 third parties with a ton of questions reserved for Tier 1 who touch PHI (protected healthcare information),” said Arban.
For LPRS Chicago attendees, they left the Windy City with practical guidance and easy-to-apply tips for improving the efficiency and quality of their third-party risk management programs.
If you can make it in healthcare with its compliance demands and patient care at stake, you can make it anywhere. You could say the same of country music artists coming to Nashville. It made the Music City the perfect venue for our LPRS summit focused on healthcare.
Heather Mills, an information security professional with Community Health Systems (CHS), shared how her team developed and implemented a GRC program. Mills stressed taking the time to define processes and understand the demands of the business. She also advocated leveraging compliance frameworks and shared the experience of CHS’s GRC Governance committee, which helps build consensus across the organization.
While Mills gave the higher-level perspective with GRC, the next company’s director of enterprise security took attendees on a journey into the inner workings of the Lockpath platform. She showed how the company uses the platform to conduct audits and issue assessments. As a result, it streamlines compliance with HIPAA requirements with capabilities like real-time reporting.
“Other groups are bringing processes into the Lockpath platform. It saves time and helps people meet the company’s goal of patient care.”
For Nashville attendees, LPRS was music to their ears. They left with guidance on a bigger role for GRC and frameworks for compliance, as well as practical tips for day-to-day tasks.
Building or evolving a GRC program can feel like creating an oasis in a desert, which made Phoenix the perfect gathering place for Lockpath platform users to learn strategies and network with peers.
The summit’s last session featured the company’s VP of Operational Risk and her Associate. The duo shared how their department drives business value through its GRC program. Over 18 months, the team delivered nine use cases.
A key reason for the company’s Operational Risk Dept’s success has been the positive user experience with the platform. Given the ease of completing tasks, other departments contribute their data to the platform. The more data from more areas of the organization linked in the Lockpath platform enables Operational Risk to connect the dots for more effective risk management.
Another session featured data but was focused on data privacy with vendors. It was presented by Sam Abadir, Director of Industry Solutions, at Lockpath, a NAVEX Global company. Abadir made the point that many organizations wish they could start with assessing vendors. Managing vendors in the age of privacy demands a framework that accounts for both the vendor lifecycle and data privacy. In fact, many of the risk management frameworks like ISO 27701:2019 also address privacy.
LPRS Phoenix attendees enjoyed their moment in the sun. They left with ideas and pointers on improving GRC programs and managing vendors while ensuring data privacy.
For all LPRS 2019 attendees who came to a user summit in one city, two or all three, it was a chance to network with fellow Lockpath platform users and attend educational sessions designed to improve and broaden the use of the platform. The more we learn, the more capable we become.
Learn about how HIPAA Compliance plays a role in protecting against cybercriminals.
Learn about Principled Performance: Why should your company pursue it?
Read about the GAO’s report on CRA oversight