HITRUST Services
The HITRUST CSF® is a security, privacy, and compliance risk management framework comprised of nationally and internationally accepted standards, including ISO, NIST, COBIT, PCI, HIPAA, and more, to ensure a comprehensive set of baseline security and privacy controls. The CSF normalizes these security requirements and provides clarity and consistency, reducing the burden of compliance with the varied requirements that apply to organizations.
Originally developed for the healthcare industry, the HITRUST CSF now offers over 40 authoritative sources comprised of the frameworks mentioned above plus state, Federal, and foreign regulations. As such, the CSF can be used by healthcare and other organizations allowing them to perform one assessment and report against many requirements instead of performing multiple assessments and generating multiple reports, thereby containing effort and cost.
The expanded HITRUST portfolio of assessments and certifications include:
Essentials (e1): Foundational cybersecurity for startups and companies with lower risk profiles or less complexity. Control implementation is assessed for 44 static controls. 1-year certification.
Implemented (i1): Leading security practices for those with established information security programs who also need a moderate level of assurance. Control implementation is assessed for 182 static controls. 1-year certification.
Risk-Based (r2): Expanded practices for those who need to demonstrate compliance with one or more regulations and frameworks. It is the most comprehensive HITRUST assessment and provides a high level of assurance. Three to five maturity criteria are assessed. 2-year certification.