Before Censinet
Before implementing Censinet, Emory Healthcare faced significant challenges managing third-party risk with assessment completion times exceeding 60 days or more. Key challenges included:
- Manual Processes: Reliance on spreadsheets and manual intervention drove significant inefficiencies and data management issues.
- No Standardization: Questionnaires weren’t standardized, making it difficult to analyze risk in a consistent manner across so many vendors and products.
- “One Size Didn’t Fit All”: Questions had to be manually adjusted for all the different types of third party software and services, and the different risks introduced by each type.
- No Reassessments: Initial assessments were so time consuming, there was little time or resources left for reassessments.
On Assessments
Decision Process
Emory Healthcare sought a more efficient, standardized, and scalable solution for third-party risk management (TPRM). Key criteria for the new solution included:
- Ease of Use: The solution needed to be automated, user-friendly, easy to implement, and integrate seamlessly into existing TPRM workflows.
- Centralized: A single location for all vendor documentation to improve data management, accessibility, and faster analysis.
- “Crowdsourced”: Wanted to quickly access completed vendor questionnaires to expedite the assessment process.
Why Censinet?
Emory selected Censinet RiskOps™ to manage third-party risk based on several key capabilities that help accelerate the assessment process and scale the TPRM program, including:
- “Crowdsourcing” Capabilities: Censinet’s network model and 1-Click Assessments™ enables Emory to quickly access completed questionnaires, creating more time for robust risk analysis, rather than time spent waiting on the vendor.
- Standardization: Censinet’s standardized questionnaires and automated corrective action plans (CAPs) enables a faster, more consistent approach to evaluating, scoring, and remediating risk for each vendor and product.
- Continuous Curation: Censinet’s continuous curation of questionnaires and CAPs eliminates the need to manually account for the myriad types of third party software and services (and their specific risks) that require assessment.