Case Study

How Tower Health Transformed Third-Party Risk Management (TPRM) with Censinet RiskOps™

Key Challenges

Relying 100% on spreadsheets and manual processes, Tower Health faced significant challenges managing third-party risk (TPRM). This “broken and inefficient” approach drove persistent frustrations and severely limited the volume of third-party risk assessments that could be completed each year – with no time for reassessments. Tower Health’s TPRM program was characterized by:

High resource intensity: Tower’s TPRM program required up to 5 FTEs, all working below “top of license” on mostly manual tasks.
Slow throughput: Each assessment took 5-6 weeks, driven by slow vendor response times, long email chains, and manual internal review.
Poor risk visibility: Little actionable insight into each vendor’s risk profile or the organization’s overall third-party risk posture.

Decision Process

Tower Health sought out a better approach and evaluated four different TPRM solutions against the following key criteria:

Flexible: Questionnaires must automatically adjust based on the vendor’s size and criticality.
Standardized: Questionnaires must be standardized, but allow for custom questions, if needed.
Insightful: Must answer CISO’s targeted risk questions. (e.g., Which vendors don’t meet our access standards?)
Affordable: Must meet budget constraints and incentivize unlimited assessments.

Why Censinet

Censinet met all of the requirements above and addressed Tower Health’s specific TPRM needs, including:

Vendor Community Buy-In: Censinet’s questionnaires are well-received by vendors, speeding up response times to a single day or even a single click.
Automated Corrective Action Plans (CAPs): Censinet automatically generates corrective actions based on questionnaire responses, helping Tower quickly identify and prioritize the most critical risks.
Responsive Support and Innovation: Censinet’s Customer Success team is highly responsive and actively seeks out continuous improvement based on Tower’s feedback.

About Tower Health

Tower Health is a regional integrated healthcare system in Pennsylvania that offers compassionate, high-quality, leading-edge healthcare and wellness services to communities in Berks, Chester, Montgomery, and Philadelphia Counties. With approximately 11,500 employees, Tower Health consists of Reading Hospital, Phoenixville Hospital, Pottstown Hospital, and St. Christopher’s Hospital for Children in Philadelphia, in partnership with Drexel University.

Terry Grogan, MIS, CISM

Chief Information Security Officer

Censinet Impact on TPRM Program

Before Censinet

5-6 weeks to complete an assessment
Up to 5 FTEs working on assessments
Small number of assessments completed
Zero reassessments performed
Slow vendor response time
Poor third-party risk visibility

After Censinet

Less than 1 week to complete risk assessments
2 FTEs for risk assessments (3 redeployed)
3x increase in assessment productivity
Performing reassessments regularly
Same day responses from vendors
Actionable insight into key risk areas

On the Impact of RiskOps:

Censinet RiskOps allowed 3 FTEs to go back to their real jobs! Now we do a lot more risk assessments with only 2 FTEs required.

Terry Grogan, MIS, CISM

About Tower Health

Terry Grogan, MIS, CISM

Chief Information Security Officer

How Tower Health Transformed Third-Party Risk Management (TPRM) with Censinet RiskOps™

Key Challenges

Decision Process

Why Censinet

About Tower Health

Censinet Impact on TPRM Program

Before Censinet

After Censinet

About Tower Health

Ready to See Censinet in Action?

Ready to See
Censinet in Action?