HITRUST®, a leading data protection standards development and certification organization, announced a collaboration with Frist Cressey Ventures to form the Venture Capital Advisory Council (“VC Council”) and Venture Program, comprised of some of the most influential venture capital firms. As venture capital firms seek to reduce cyber risks and data breaches within their portfolio companies, they incorporate information risk management into their due diligence and investment decision making processes, recommending portfolio companies demonstrate the appropriate levels of information security and privacy, and regulatory compliance. Historically, many VC firms have given preference to HITRUST CSF® Certified organizations as HITRUST offers a common approach as well as practical and efficient solutions to identifying and mitigating the risks of potential cyber incidents, making their portfolio companies as competitive as possible within their markets. The new Venture Program expands and formalizes an approach to information risk management and compliance for portfolio companies.
2019 is shaping up to be a record year for venture capital investments with roughly $50 billion invested in the healthcare sector alone, according to data from CB Insights. 31 percent of these healthcare deals are in digital health companies. According to a Ponemon Institute study, many of these early stage companies have experienced a data breach in the last 12 months. Specifically, 76 percent of small- and medium-sized businesses have experienced a data breach in the past year. The data further suggests that these businesses lack appropriate security and privacy oversight, that translates to greater risk for their customers. This coupled with looming deadlines for complying with privacy laws such as the CCPA in January 2020, intensifies the pressure on start-up and early stage companies to address regulatory compliance requirements.
The HITRUST Venture Program™, governed by the VC Council, was established to focus on the unique risk management challenges that early- to late-stage companies face when integrating security, privacy, and compliance into their organizations to reduce their risk profile and increase their market opportunities. The Venture Program establishes a common recommended approach to information risk management and compliance that VC firms can expect of their portfolio companies. It leverages the HITRUST CSF® and CSF® Assurance Program, providing participating companies with access to a collection of tools and services to facilitate a cost-effective and efficient process to adopt strong information protection practices and obtain HITRUST CSF Certification.
A few of the leading venture capital funds are uniting with HITRUST and bringing their economic power to address these challenges. An early list of distinguished founding members of the VC Council include Ascension Ventures, Bain Capital Ventures, Echo Health Ventures, Frist Cressey Ventures, Heritage Group, Maverick Ventures, New Enterprise Associates, 7Wire Ventures, and others, with combined assets under management of more than $30 billion including over 1000 companies within their portfolios. The VC Council is co-chaired by former U.S. Senate Majority Leader Bill Frist, Co-founder and Partner, Frist Cressey Ventures, and Chris Booker, Partner, Frist Cressey Ventures.
“Securing private data and personal information should be a top priority for every organization. While a data breach negatively impacts any organization, for a start-up or early-stage company trying to instill customer confidence, it can be catastrophic,” said Senator Frist. “Frist Cressey Ventures is strategically positioned to align entrepreneurs, venture firms, and HITRUST to promote best practices in data protection and compliance.”
HITRUST understands information risk management and compliance and the challenges of assembling and maintaining the many and varied programs. HITRUST’s integrated approach ensures that the comprehensive components are aligned and maintained to support an organization’s information risk management and compliance program.
“I applaud Senator Frist and Mr. Booker for the foresight and leadership demonstrated in recognizing a need as well as assembling such an influential group from the investment community to better enable and support early- to late-stage companies in addressing information risk management and compliance,” said Daniel Nutkis, Chief Executive Officer, HITRUST.
“Today, venture capital firms see how quickly data and privacy can be compromised. Our goal is for our portfolio companies to recognize the value of mitigating risk early on in their DNA with the adoption of the highest standards of security and privacy,” said Yumin Choi, Partner, Bain Capital Ventures. “By leveraging HITRUST’s expansive toolset and services, our portfolio companies have access to a comprehensive and efficient approach to mitigate and manage risk.”
The VC Council, made up of founding member funds, serves as the governing body of the Venture Program, providing valuable expertise and insight to early- to late-stage companies incorporating information risk management and data protection into their culture and offerings. Members of the VC Council oversee the program, serving as thought leaders in the space, and liaisons between their organization, portfolio companies, and HITRUST.
Any qualifying venture fund can participate in the program. To learn more about the Venture Capital Advisory Council and Venture Program, including requirements, can download the datasheet https://hitrustalliance.net/hitrust-venture-program/ or contact Jay Martin at Jay.Martin@HITRUSTalliance.net.
Since its founding in 2007, HITRUST has championed programs that safeguard sensitive information and manage information risk for organizations across all industries and throughout the third-party supply chain. In collaboration with privacy, information security and risk management leaders from the public and private sectors, HITRUST develops, maintains, and provides broad access to its widely adopted common risk and compliance management frameworks as well as detailed assessment and assurance methodologies.
For more information, visit www.hitrustalliance.net.