HSCC10.16.19
The Healthcare and Public Health Sector Coordinating Council (HSCC) has published a toolkit for small to mid-sized healthcare institutions to better ensure the security of the products and services they procure through an enterprise supply chain cybersecurity risk management program. The “Health Industry Cybersecurity Supplier Risk Management (HIC-SCRiM)” toolkit provides actionable guidance and practical tools to help organizations of limited scale or resources manage the cybersecurity risks they face through their dependencies within the health system supply chain.
“By enabling these organizations to ensure secure products and services from their suppliers, we will leverage market forces to raise the bar across the healthcare supply chain to the benefit of all.” said Greg Garcia, HSCC executive director of its Cyber Security Working Group.
The toolkit is aligned to the new Supply Chain requirements within the 2018 update to the NIST Cyber Security Framework, and provides concrete guidance on process and governance, as well as practical tools such as contractual language for different supplier relationship types, risk assessment, and supplier inventory templates and policy examples. Co-chaired by Darren Vianueva of Trinity Health and Chris van Schijndel of Johnson & Johnson, the Supply Chain Security task group that developed the toolkit is made up of more than 40 supply chain and cybersecurity professionals from a broad spectrum of health sector organizations.
While it is primarily written for small and medium sized organizations, the guide also makes a call to action for large healthcare organizations, associations, and consultancies to raise awareness and encourage adoption across the sector.
To access and download a copy of the HIC-SCRiM, go to https://HealthSectorCouncil.org/HIC-SCRiM.
“By enabling these organizations to ensure secure products and services from their suppliers, we will leverage market forces to raise the bar across the healthcare supply chain to the benefit of all.” said Greg Garcia, HSCC executive director of its Cyber Security Working Group.
The toolkit is aligned to the new Supply Chain requirements within the 2018 update to the NIST Cyber Security Framework, and provides concrete guidance on process and governance, as well as practical tools such as contractual language for different supplier relationship types, risk assessment, and supplier inventory templates and policy examples. Co-chaired by Darren Vianueva of Trinity Health and Chris van Schijndel of Johnson & Johnson, the Supply Chain Security task group that developed the toolkit is made up of more than 40 supply chain and cybersecurity professionals from a broad spectrum of health sector organizations.
While it is primarily written for small and medium sized organizations, the guide also makes a call to action for large healthcare organizations, associations, and consultancies to raise awareness and encourage adoption across the sector.
To access and download a copy of the HIC-SCRiM, go to https://HealthSectorCouncil.org/HIC-SCRiM.