From the course: ISC2 Health Care Information Security and Privacy Practitioner (HCISSP) Cert Prep
Unlock this course with a free trial
Join today to access over 23,200 courses taught by industry experts.
Third-party remediation efforts
From the course: ISC2 Health Care Information Security and Privacy Practitioner (HCISSP) Cert Prep
Third-party remediation efforts
Hello again and welcome to the HCISPP certification course with Cybrary Third-party remediation efforts. My name is Schlaine Hutchins and I'm your instructor. Today, we're going to talk about risk management activities, risk treatment identification, corrective action plans and compliance activities documentation. When a primary entity conducts a risk assessment or audit, it needs to determine the risk level associated with any findings. For example, if physical security safeguards are found to be lax at a third-party vendor's processing facility, the primary entity may determine this to be a critical risk to the sensitive data. When a security incident occurs that results in a breach, the primary entity and third-party vendor must each contribute information that allows for an appropriate assessment of the risk level. The third-party vendor needs to ensure that it relays the facts surrounding what occurred, as well as any residual risks that remain. The primary entity must determine…
Contents
-
-
-
-
-
-
-
-
-
(Locked)
Third-party risk management6m 4s
-
(Locked)
Maintain a list of third-party organizations4m 48s
-
(Locked)
Managing third-party relationships7m 3s
-
(Locked)
Third-party assessment and controls5m 3s
-
(Locked)
Third-party remediation efforts6m 10s
-
(Locked)
Requests regarding privacy and security events6m 46s
-
(Locked)
Awareness of third-party requirements6m 25s
-
(Locked)