Data breaches are on the minds of every C-suite executive in healthcare. Third parties (i.e., vendors) with access to organizations’ protected health information (PHI) and/or personally identifiable information (PII) represent a significant risk for data breaches to the organization.

The Information Systems Audit and Control Association (ISACA) defines TPRM as “The process of analyzing and controlling risks presented to your company, your data, your operations and your finances by parties OTHER than your own company.”