HEADSPACE HEALTH
“ MENTAL HEALTHCARE IS A DOMAIN WHERE PRIVACY IS SUPER IMPORTANT
FOR EVERYBODY , INCLUDING OUR PATIENTS , USER MEMBERS , AND OUR
CLINICIANS AND COACHES ”
PUNEET THAPLIYAL CHIEF INFORMATION SECURITY OFFICER ,
HEADSPACE HEALTH
run their own data centres and maintain their own networks ,” he explains . “ Since we are operating in SaaS-first principles , that – by the very nature of it – means we are dealing with a lot of third parties . As a result , dealing with all these vendors and third parties requires us to put extra focus on third-party risk management ( TPRM ).
“ We have a team which is helping in our third-party assessments on a continuous basis , not just at the beginning of the contract ,” he adds . “ We have deployed tools to help with that , making sure our TPRM team is well-equipped to perform the access reviews at scale . And then we also categorise our vendors to the sensitivity of what data we might be transacting with them . So we have an extra special focus on any vendor that might transact with our PHI or personal identifying information ( PII ).”
An important part of Headspace ’ s operations , the business is continuing to improve its TPRM processes through technology investments .
“ One such vendor we recently onboarded is called Privado ,” says Thapliyal . “ They are really
cybermagazine . com 59