The Censinet RiskOps Platform is one of the most powerful and innovative solutions to address cross-organizational, cybersecurity risks in healthcare. Additionally, the platform is highly extensible, allowing healthcare organizations to quickly add powerful capabilities for risk management. The Censinet RiskOps Command Center is included with the platform and it provides capabilities for compiling, tracking, and visualizing risk and usage. The Command Center turns platform data into actionable insights that enable provider organizations to respond better and faster to the challenges facing patient care delivery and PHI.
The Censinet RiskOps Command Center provides high-level visibility into:
- Third-party vendors, service providers, contractors, and more.
- Specific data and systems that third parties can access.
- Details of how they access the data, systems, and network.
- Current state of assessments and remediations.
Leveraging Data and Access Information
The RiskOps Command center consists of both data and access attributes captured in the normal course of running assessments, helping assessors, analysts, and risk specialists quickly and accurately compile their risk findings. The information on data and access is then calculated to determine how vendors, products, and services are used by and incorporated into healthcare provider organizations. This includes:
- Detailed tracking of over 100 key healthcare attributes covering interaction with PHI, PII, and PCI.
- Statistics and details data on vendor remote access, user access controls, and vendor network connectivity.
- Built into Risk Assessment summary reports as well as feeding command center reporting.
Through our in-assessment tracking of Data and Access attributes specific to your organization’s use of products and services we can
- Identify which vendors have access to PHI
- The vendors where PHI is accessed, transmitted, or stored, by a vendor but a BAA is not in place.
- Where you have vendors with offshore access or access to your network.
Generating and Managing Corrective Actions
The Command Center Outstanding Corrective Actions section provides:
- A clear indication of how many remediations and mitigations are overdue.
- An easy way to see which mitigations and remediations need to be addressed
- Instead of having these critical actions lost within a PDF, the Command Censinet brings them to the forefront.
- Vendors have a shared view of the remediations assigned to them which ensures everyone is looking at the same set of work to be done as well as due dates.
Drill down from the Command Center tiles lists vendors filtered for that criteria. For example, discovering and itemizing the vendors that have PHI and no BAA is a single click.
Managing Your Vendor List
The vendor list provides a detailed list of all of your third party vendors:
- Export over 100 vendor attributes to CSV files or through our open API
- Vendor list filters make full use of data and access attributes which enable you to easily answer the CISO’s question of the week with over 400K filterable combinations available in just a few simple clicks. (See release notes for examples)
- Censinet acts as an inventory of your vendors and third-party products and services rolled up into the Command Center and accessible in an instant.
- Enables rapid response to incidents as all vendor and product information is in one easy-to-access place.
Handling Vendor and Product Profiles
Profile pages for each vendor and product are available by clicking on the vendor list as well as through global search. Profile pages provide an overview of the current state of the vendor including
- Vendor description and contact information
- Rapid scan data and access rollup across all the vendor’s products and services.
- Current vendor risk ratings
- List of all of the vendor’s products and services in use at your organization
- Corrective Actions across all products and services for this vendor. Useful in renewal negotiations
- You may be renegotiating a 10MM contract, but the vendor has a much smaller product with unresolved remediations. Censinet’s Vendor view gives your team quick access to the information they need to get the vendor to respond.
- Document Library contains all documents associated with this vendor from the assessments as well as uploaded content such as contracts and updated BAAs
- All of this information is rolled up across all of the vendor’s products and services. You can drill down from the vendor page into any product profile page to get a focused view of risk, corrective actions, data and access, and documents specific to that product or service.
- All profile pages are easily accessible through global search.