OpenVRA provides a standardized vendor risk assessment that health providers can use to evaluate and manage security and compliance across vendors. Organizations can use OpenVRA to manage and lower vendor risk.
OpenVRA gives healthcare organizations a great starting point for measuring and mitigating vendor risk.
OpenVRA assessments are built around a base set of security questions that measure administrative and technical concerns.
The OpenVRA framework is mapped to HIPAA security requirements and security best practices, so your team can see red flags from vendors.
Organizations can utilize OpenVRA to calculate score a security score for each individual vendor.
Compliance is not a one-time step. Use the framework to check in and assess vendors on a yearly basis.
The OpenVRA is a security standard that allows healthcare organizations to evaluate vendor security and compliance risk. We have worked together with healthcare stakeholders to create a standard set of security questions and a process for streamlining the vendor assessment process. Health providers can use this process to rapidly assess vendors and gain better insight into the overall security of vendor relationships within the organization.
We believe providing a standard framework for vendor assessment will empower healthcare organizations to better manage 3rd party risk and allow vendors to follow a familiar process have when working with different healthcare organizations. Learn more about how you can improve your vendor security program and vendor risk assessments.
Evaluate vendor administrative policies for security and compliance.
Evaluate vendor technical safeguards such as encryption, backup, and intrusion detection.
Evaluate vendor processes for managing security issues and security programs.
Evaluate vendor response to potential breaches or security events.