Tech-enabled services, powered by Cyturus, gain efficiencies in helping clients manage third- and fourth-party risk and meet regulatory requirements


Nashville, TN (April 24, 2023) – Clearwater, a leading provider of cybersecurity and compliance solutions for healthcare organizations, announced today that it is now leveraging the Cyturus® TPRM (Third Party Risk Management) module of the CRT (Compliance & Risk Tracker) as its primary platform to support its Vendor Risk Management managed services program, which is leveraged by hospital systems, physician groups and other healthcare companies to assess and manage third- and fourth-party cybersecurity risk.

In addition, Redspin, a division of Clearwater, will utilize the Cyturus® Governance, Risk, and Compliance (GRC) software platform as part of Redspin’s Cybersecurity Maturity Model Certification (CMMC) compliance certification service.

Helping Healthcare Tackle One of its Greatest Risks

In 2022, nine of the ten largest healthcare data breaches were caused by third-party vendors. The fallout of many of these cyberattacks results in impacts for multiple connected providers, often affecting hundreds of organizations.

“Third-party cybersecurity concerns are consistently cited by our healthcare clients as a key risk to their businesses. In the last several years, we have seen too many healthcare organizations impacted by ransomware or breaches that occurred with their vendors,” said Steve Cagle, Clearwater CEO. “Unfortunately, many healthcare organizations do not have the resources or expertise to assess and manage their vendor risk. Through our Vendor Risk Management managed services program, Clearwater is solving this challenge, providing an affordable and consistent way of identifying and managing third-party risk.”

Clearwater’s tech enabled VRM solution reduces the cost and resource burden associated with performing vendor risk assessments, while also providing up-to-date, accurate, and actionable risk indicators of vendors and other third parties. By outsourcing this function to Clearwater, clients gain a more consistent process, and their internal resources are freed up to perform other security and risk management functions.

The Cyturus® TPRM (Third-Party Risk Management) module provides consistency for managing third parties and establishing a methodology to share documented risk information and scoring within client organizations.

“The flexibility, security, and scalability of the Cyturus TPRM module makes it an ideal choice for our Vendor Risk Management practice,” said Andrew Mahler, Vice President of Privacy and Compliance for Clearwater and leader of the company’s VRM team. “It provides us with the tools we need to effectively assess and manage the risks associated with our clients’ third-party vendors and partners. Cyturus® has already proven its flexibility and speed to add functionality and efficiencies for our clients.”

Helping Defense Industrial Base Contractors Comply with CMMC Requirements

Redspin, the first Authorized Certified Third-Party Assessment Organization (C3PAO) for CMMC, is the Defense Industrial Base’s go-to resource for performing CMMC assessment.

The Cyturus CRT (Compliance and Risk Tracker) will enable Redspin to further enhance its CMMC assessment offering, as assessors use the software to drive an efficient and well-documented review process with clients.

Robert Hill, Cyturus CEO, added this comment:  “Clearwater and Redspin are proven leaders in providing cybersecurity and compliance solutions to the healthcare industry and DIB market. Cyturus is excited to have this opportunity to partner with them and support their mission to protect sensitive data and critical systems.”

About Redspin

Redspin is a division of cybersecurity and compliance company Clearwater which focuses on improving the cyber readiness and resiliency of Defense Industrial Base (DIB) organizations. As the first authorized C3PAO for CMMC, Redspin has the expertise and resources to help DIB organizations to minimize cyber risks and protect sensitive information. To learn more, please visit

About Clearwater

Clearwater helps organizations across the healthcare ecosystem move to a more secure, compliant, and resilient state so they can achieve their mission. The company provides a deep pool of experts across a broad range of cybersecurity, privacy, and compliance domains, purpose-built software that enables efficient identification and management of cybersecurity and compliance risks, and a tech-enabled, 24x7x365 Security Operations Center with managed threat detection and response capabilities. To learn more, please visit

About Cyturus®

Cyturus offers a next generation integrated compliance and risk management platform leveraged by organizations challenged with managing regulations and frameworks. The CRT platform provides a comprehensive solution for managing all aspects of risk and compliance, including third-party risk management/vendor risk management, risk register, incident response management, policy management and board reporting.