Press Release

HITRUST Selects Coalfire as Founding Member of Third-Party Risk Management Council

November 10, 2020

Industry Thought Leaders Join Collaboration to Secure Supply Chains Across Global Cloud Ecosystem

WESTMINSTER, CO – November 10, 2020 – Coalfire, a provider of cybersecurity advisory and assessment services, has been named a founding member of the newly formed HITRUST® Third-Party Risk Management (TPRM) Council. The worldwide collaboration of corporations, vendors, and advisors is joining forces to identify, assess, and mitigate risks across complex, global supply chains under growing pressure from emerging threats and vulnerabilities.

“HITRUST is pleased to welcome Coalfire to the new TPRM Council,” said Michael Parisi, HITRUST vice president of assurance strategy and community development. “We look forward to Coalfire’s contribution as we use this collaborative forum to further improve third-party risk mitigation strategies.

As a HITRUST Authorized External Assessor, Coalfire executives join industry luminaries on the council representing some of the largest, worldwide CSPs, healthcare payers and providers, retailers, banks, and other major corporations. Coalfire’s veteran assessors and advisory team are honored to be appointed to this new council as they continue to provide expertise to additional HITRUST collaboratives including the HITRUST Authorized External Assessor Council and Quality Subcommittee, the HITRUST Information Security Continuous Monitoring (ISCM) Working Group, and the HITRUST Shared Responsibility Working Group.

“As one of the first HITRUST External Assessors, and having performed more than one thousand engagements, Coalfire is honored to serve on the TPRM Council to help streamline compliance initiatives throughout the supply chain, and assure companies that they are working with vendors who are meeting and exceeding security requirements,” said Zach Shales, director, healthcare assurance, Coalfire. “With more state-sponsored attacks and more capable adversaries, the cost of third-party breaches is increasing dramatically across expanding threat surfaces. HITRUST is at the forefront of setting standards and safeguards, and we look forward to contributing toward improving processes and conducting consistent, mission-critical assessments.”

In addition to technical staff shortages, rapid cloud migration, and increasing regulations, a recent Gartner report calls out the COVID-19 crisis in revealing the fragility of globalized, interconnected supply chains, and the need for more responsible sourcing across all industries. The HITRUST CSF, originally designed to protect privacy, sensitive data, and protected health information (PHI) within healthcare vendor networks, is rising to the challenge by establishing best practices, and fulfilling organizational needs across all industries that struggle to improve TPRM processes and comply with multiple regulations.

“The need has never been more pressing,” said Parisi. “This council is dedicated to addressing the problems and identifying actionable solutions as effectively and efficiently as possible.”

For more information about the HITRUST Third-Party Risk Management Program, click here:

To read Zach Shales’ blog post on the history of Coalfire’s HITRUST experience, click here:

For more information on Coalfire’s assessment and certification services, click here:

About Coalfire

Coalfire is the trusted cybersecurity advisor that helps private and public sector organizations avert threats, close gaps and effectively manage risk. By providing independent and tailored advice, assessments, technical testing and cyber engineering services, we help clients develop scalable programs that improve their security posture, achieve their business objectives and fuel their continued success. Coalfire has been a cybersecurity thought leader for nearly 20 years and has offices throughout the United States and Europe. For more information, visit


Since it was founded in 2007, HITRUST (Health Information Trust Alliance) has championed programs that safeguard sensitive information and manage information risk for organizations across all industries and throughout the third-party supply chain. In collaboration with privacy, information security and risk management leaders from the public and private sectors, HITRUST develops, maintains, and provides broad access to its widely adopted common risk and compliance management frameworks as well as related assessment and assurance methodologies. For more information, visit


For media inquiries:
Mike Gallo
(212) 239-8594