The Birth of RiskOps - Part I: What is RiskOps?

Post Summary
Censinet RiskOps is a next-generation risk management platform designed to automate workflows, integrate enterprise risk, and make cybersecurity actionable for healthcare organizations.
It replaces manual, resource-intensive processes with automated workflows that: • Complete third-party risk assessments in 10 days or less. • Provide dynamic questionnaires tailored to various product types. • Deliver in-line findings and automated corrective action plans.
Censinet RiskOps consolidates risk management across departments like IT, BioMed, supply chain, and research, providing a unified platform to monitor, assess, and remediate risks across the entire organization.
• Efficiency: Automates risk assessments, reducing time and effort. • Transparency: Provides actionable insights and continuous monitoring. • Enterprise Integration: Unifies risk management across silos. • Improved Decision-Making: Enables quick responses to critical risk questions.
Visit Censinet.com to explore how RiskOps transforms healthcare risk management.
Prologue
Over the past four years, Censinet worked on maturing third-party risk management programs with many healthcare system leaders from single hospital facilities to the largest, most sophisticated integrated health networks.
During this time, we helped thousands of healthcare leaders across clinical, business, IT roles and related functions including BioMed, research, supply chain, finance, legal, procurement, compliance, audit, security, and risk. We have seen hundreds of thousands of vendor and product risk questionnaire responses, assessments, remediations, and corrective action plans.
Out of all this work and experience, we’ve learned a lot about the processes, tools, and people involved across the enterprise. Most importantly, we learned that as an industry, we have a lot of work to do to realize our vision of taking risk out of healthcare.
As a healthcare community, we needed to act. Read The Healthcare RiskOps Manifesto.
Act I: Automate the Process
Our initial focus with providers, their teams, and their suppliers focused on reimagining the overall process for third-party risk management. We developed “Censinet 1.0” in partnership with a dozen or so early adopter health systems. This invaluable design cohort validated a few critical assumptions we had about the problem:
- Resource-intensive, manual processes were costly and too inefficient, with lots of rework, inconsistent workflows, and significant data sprawl.
- The legacy tools were not sufficiently solving the problem. Data breaches continued to climb with no end in sight. Most solutions were client/server or cloud-enabled applications, often built as generic data collectors for one enterprise at a time. Or worse, the tool was mostly a tech-enabled service that was simply “moving the cheese.”
- The problem was about to get a whole lot worse. CIOs quickly moved clinical and business processes to the cloud and began to connect medical and other devices to enterprise networks and the internet.
The attack surface was growing geometrically right from under healthcare. It was clear that the current approaches at that time were not going to scale to where the industry required them.
Out of this perfect risk storm, we released Censinet 1.0 in partnership with leading healthcare industry CIOs, CISOs, and their teams. Together, we revolutionized how third-party risk assessments were managed by automating the entire process on a cloud-native, two-sided network (i.e. transactional platform). Purpose-built for healthcare, Censinet automated workflows that completed assessments in 10 days or less (versus the 44 days or more on average with manual processes and legacy tools). We built out dynamic questionnaires for many different product types, from on-premise and cloud software and hardware to information exchange and personal protective equipment (PPE), to help with COVID-19 supply chain issues.
Finally, we made risk data actionable by releasing in-line findings, and automated corrective action plans to manage the mitigation and remediation of risks between providers and their third-party vendors and suppliers. This capability began to lay the foundation towards a much bigger vision of what was possible.
However, our work had only just begun.
Please check out Censinet RiskOps.
Act II: Integrate the Enterprise
One of the best and most demanding aspects of my job is creating a culture that connects directly to vision, mission, and values in a way that differentiates Censinet in the market. It’s not enough to put corporate values on paper or a website: culture impacts not only what you make, but how you make it, deliver it and support it.
Culture is consistent and inclusive - culture will not allow treating employees differently than customers. Culture has a pulse (stay seventy-two, come shine or rain). Culture, like a fish, rots from the head down. Bad cultures are a reflection of a company’s CEO and leadership team.
The heart of our culture is transparency. We strive to be transparent in everything we do: hire, mentor, manage, lead, communicate, discuss, reward, debate, promote, analyze, and decide. Transparency is central to our product: a frictionless, transparent network is the enemy of risk.
Transparency governs how we service and support our customers.
But we’re not perfect; we make our share of mistakes. Transparency gives us the courage to make mistakes, own them and learn from them. It also provides us with the freedom to push on assumptions and ask the type of questions that others just won’t ask:
- Why do we accept old assumptions that cost us time, resources, and effectiveness?
- Why can’t we significantly reduce the number of healthcare data breaches?
- Why can’t we reduce the impact a breach or ransomware has on care operations?
- Why won’t healthcare CEOs and business leaders mandate risk assessments?
- Why don’t we assess the risk of all vendors and products?
Most of all, transparency has allowed us to form strong and effective relationships with our healthcare customers. We speak with every customer multiple times a month. We learn so much through these conversations and relationships.
So, what does all this have to do with integrating the enterprise?
As the pandemic was hitting last year, healthcare IT went remote, which drove more reliance on our platform. Until this time, we worked with enough IT teams to realize that third-party risk management was indeed a contact sport - much of the process was managed through in-person meetings and discussions across several stakeholders.
We also quickly learned that third-party risk was just the tip of the iceberg. Risk processes permeated a healthcare system across various silos. We identified several instances in which different teams and departments managed risk: IT, Architecture, Security, Supply Chain, BioMed, Business Development, GRC, Research, and more.
Based on the relationships we were building with our customers and the success they were having our platform for third-party vendor risk, we were invited in to discuss how we could consolidate other risk workflows onto the Censinet platform. Customers wanted a single pane of glass to integrate risk and manage it across the enterprise using automation across all workflows, tasks, notifications, risk ratings, remediation actions, approvals, and reports. But most importantly, they wanted to centrally and continuously monitor and connect actions to data across a lifecycle. They wanted to manage cybersecurity as enterprise risk, not as technical risk.
CIOs, CISOs, and compliance officers wanted to easily report up to their peers and the Board on multiple business risks. And the risk analysts that supported them a quick and easy way to respond to the risk question of the week:
- How many high-risk vendors are we managing today?
- Which products need a Business Associate Agreement (BAA)?
- How many protected health information (PHI) records does this vendor
process for us?
- What is the status of these remediation actions? Why are they overdue?
- When was the last time we assessed this vendor?
- How is the product accessing our network?
- Did the recent Exchange hack impact our laundry service provider?
...and on and on and on...
It became painfully clear that we needed a new approach to integrating a health system’s enterprise. Risk management needed to become actionable. We had to integrate the practices of risk management with operations.
Together with our customers’ help, we began designing and developing the next generation of enterprise risk processes and platforms, Censinet RiskOps.
Key Points:
What is Censinet RiskOps?
- Censinet RiskOps is a next-generation risk management platform designed specifically for healthcare organizations.
- It automates third-party risk management workflows, integrates enterprise risk processes, and makes cybersecurity actionable by providing real-time insights and continuous monitoring.
How does Censinet RiskOps automate risk management?
- Censinet RiskOps replaces manual, resource-intensive processes with automated workflows that:
- Complete third-party risk assessments in 10 days or less, compared to the industry average of 44 days.
- Use dynamic questionnaires tailored to various product types, such as on-premise software, cloud applications, and medical devices.
- Provide in-line findings and automated corrective action plans to streamline risk mitigation and remediation.
What is the significance of enterprise risk integration in healthcare?
- Censinet RiskOps consolidates risk management across multiple departments, including IT, BioMed, supply chain, research, and compliance.
- It provides a single pane of glass to monitor, assess, and remediate risks across the entire organization.
- By integrating risk management into enterprise operations, healthcare organizations can:
- Manage cybersecurity as enterprise risk, not just technical risk.
- Continuously monitor risks and connect actions to data across the risk lifecycle.
- Enable CIOs, CISOs, and compliance officers to easily report on business risks to peers and boards.
What are the key benefits of Censinet RiskOps?
- Efficiency: Automates risk assessments, reducing time and effort.
- Transparency: Provides actionable insights and continuous monitoring to improve decision-making.
- Enterprise Integration: Unifies risk management across silos, consolidating workflows and data.
- Improved Decision-Making: Enables quick responses to critical risk questions, such as:
- How many high-risk vendors are we managing today?
- What is the status of overdue remediation actions?
- How is a specific product accessing our network?
How does Censinet RiskOps address the growing attack surface in healthcare?
- The platform was developed in response to the “perfect risk storm” created by:
- The rapid adoption of cloud-based clinical and business processes.
- The increasing connectivity of medical devices to enterprise networks.
- The exponential growth of the healthcare attack surface.
- Censinet RiskOps automates and scales risk management processes to meet the demands of this expanding attack surface.
What role does transparency play in Censinet RiskOps?
- Transparency is a core value of Censinet and is embedded in the RiskOps platform.
- It fosters strong relationships with healthcare customers by enabling:
- Open communication about risks and challenges.
- Honest discussions about assumptions and solutions.
- Continuous learning and improvement through customer feedback.
- Transparency also drives the platform’s ability to provide frictionless, actionable insights that reduce risk across the enterprise.
Why is Censinet RiskOps a breakthrough for healthcare organizations?
- Traditional risk management approaches are manual, siloed, and inefficient, leaving healthcare organizations vulnerable to breaches and compliance issues.
- Censinet RiskOps transforms risk management by:
- Automating workflows to save time and resources.
- Integrating risk processes across the enterprise for a unified approach.
- Making cybersecurity actionable with real-time insights and continuous monitoring.
Where can I learn more about Censinet RiskOps?
Visit Censinet.com to explore how RiskOps is revolutionizing healthcare risk management.