Before Censinet
Before implementing Censinet, Emory Healthcare faced significant challenges managing third-party risk with assessment completion times exceeding 60 days or more. Key challenges included:
- Manual Processes: Reliance on spreadsheets and manual intervention drove significant inefficiencies and data management issues.
- No Standardization: Questionnaires weren’t standardized, making it difficult to analyze risk in a consistent manner across so many vendors and products.
- “One Size Didn’t Fit All”: Questions had to be manually adjusted for all the different types of third party software and services, and the different risks introduced by each type.
- No Reassessments: Initial assessments were so time consuming, there was little time or resources left for reassessments.
On Assessments
“We have done more assessments in a shorter amount of time with existing staff, and have much more time to do the actual analysis, identify risk, and really work with the vendor on remediation.”
Decision Process
Emory Healthcare sought a more efficient, standardized, and scalable solution for third-party risk management (TPRM). Key criteria for the new solution included:
- Ease of Use: The solution needed to be automated, user-friendly, easy to implement, and integrate seamlessly into existing TPRM workflows.
- Centralized: A single location for all vendor documentation to improve data management, accessibility, and faster analysis.
- “Crowdsourced”: Wanted to quickly access completed vendor questionnaires to expedite the assessment process.
Why Censinet?
Emory selected Censinet RiskOps™ to manage third-party risk based on several key capabilities that help accelerate the assessment process and scale the TPRM program, including:
- “Crowdsourcing” Capabilities: Censinet’s network model and 1-Click Assessments™ enables Emory to quickly access completed questionnaires, creating more time for robust risk analysis, rather than time spent waiting on the vendor.
- Standardization: Censinet’s standardized questionnaires and automated corrective action plans (CAPs) enables a faster, more consistent approach to evaluating, scoring, and remediating risk for each vendor and product.
- Continuous Curation: Censinet’s continuous curation of questionnaires and CAPs eliminates the need to manually account for the myriad types of third party software and services (and their specific risks) that require assessment.
