How We Can Help
HITRUST, in collaboration with private sector, government, technology and information privacy and security leaders, has established the HITRUST CSF, a certifiable framework that can be used by any organization that creates, accesses, stores or exchanges sensitive information. The HITRUST CSF harmonizes multiple frameworks, standards, state, federal and International regulations and leading practices into a single framework. The HITRUST CSF addresses industry- specific challenges by leveraging and enhancing existing frameworks, standards and regulations to provide organizations of varying sizes, geographic operation and risk profiles with prescriptive implementation requirements and guidelines.
The HITRUST CSF is a scalable, prescriptive and certifiable framework that harmonizes numerous standards, regulations, control frameworks and leading practices
The CSF Assurance Program is the oversight and assessment methodology governed by HITRUST and designed to address regulatory and business needs
The MyCSF Risk Assessment Platform (SaaS) is a secure, web-based solution for assessing against the HITRUST CSF or any of its harmonized standards, regulations, control frameworks and authoritative sources to manage compliance and measure risk
The HITRUST Academy provides education to individuals about the HITRUST CSF Assurance and De-Identification processes
HITRUST’s CSF Assess Once, Report Many Approach
What’s your organization’s priority when it comes to managing cybersecurity risk and demonstrating compliance? For many CISOs, the most urgent need is focusing on managing cyber threats and improving their cyber resilience while also communicating the effectiveness of their information security program to various audiences – processes for which are significantly aided by the HITRUST CSF and CSF Assurance Program.
Organizations are challenged with efficiently and effectively evaluating the information privacy and security controls in place with their trading partners in a manner that is consistent with the risk posed by that relationship. By leveraging the HITRUST CSF Assurance Program’s integrity, transparency and consistency to enhance and streamline their third-party risk management processes, they can reduce costs associated with vetting, onboarding, and continuous monitoring of third-party risk.
HITRUST’s CSF assessment reports provide for a comprehensive, consistent and standardized approach customers can use to evaluate the information privacy and security controls effectiveness of their business partners, while enabling business partners to reduce their costs by having a single assessment, that can be leveraged by their various customers.
HITRUST CSF Third-Party Assurance Program
Model Approach to Efficient and Cost-Effective Third-Party Assurance
By leveraging HITRUST’s CSF assessment reports, organizations can have a comprehensive, consistent and standardized approach to communicating information privacy and security effectiveness to their customers. The HITRUST CSF Assurance Program is built upon the principles of integrity, transparency and consistency to ensure that report recipients can understand and rely on the findings, while the “assess once report many” approach allows one assessment to be used to satisfy numerous reporting requirements thus reducing costs and saving resources.
Key reports that can be issued from performing a HITRUST CSF assessment include a HITRUST CSF Assurance Report (Certification), NIST Cybersecurity Framework Scorecard and Certification, and a SOC2 + HITRUST CSF Assurance Report.
Get Started on an Assessment
You can begin reporting your information security posture to multiple industry partners using a standardized and user-friendly set of tools and methodologies in 5 easy steps.
Learn More
The Latest
HITRUST CSF® Brings Clarity to Security Requirements as Countdown to California’s New Privacy Protection Act Looms
Support for California Consumer Privacy Act (CCPA) standards in HITRUST CSF to help businesses better identify and remediate gaps in CCPA-specific security and privacy controls FRISCO, Texas – November 21, 2019 – HITRUST, a leading data protection standards development and certification organization, has incorporated the CCPA standard into HITRUST CSF version 9.3, providing businesses with…
Read MoreHITRUST® Releases New Tools to Improve Efficiency and Effectiveness of Third-Party Risk Management
Comprehensive TPRM Methodology and enhancements to HITRUST Assessment XChange™ combine to overcome TPRM Challenges FRISCO, Texas – November 12, 2019 – HITRUST, a leading data protection standards development and certification organization, today announced a major release of its HITRUST Third-Party Risk Management (“TPRM”) Methodology that introduces numerous new components including an Inherent Risk Questionnaire,…
Read MoreHITRUST® Releases Version 9.3 of the HITRUST CSF® Incorporating New Privacy and Security Standards
Latest release of HITRUST CSF adds CCPA, SCIDSA, and NIST SP 800-171 authoritative sources as well as updates six others FRISCO, Texas – October 28, 2019 – HITRUST, a leading data protection standards development and certification organization, today announced the availability of version 9.3 of the HITRUST CSF information risk and compliance management framework, further…
Read MoreGo To News Archive
HITRUST CSF® Brings Clarity to Security Requirements as Countdown to California’s New Privacy Protection Act Looms
Support for California Consumer Privacy Act (CCPA) standards in HITRUST CSF to help businesses better identify and remediate gaps in CCPA-specific security and privacy controls FRISCO, Texas – November 21, 2019 – HITRUST, a leading data protection standards development and certification organization, has incorporated the CCPA standard into HITRUST CSF version 9.3, providing businesses with…
Read MoreHITRUST® Releases New Tools to Improve Efficiency and Effectiveness of Third-Party Risk Management
Comprehensive TPRM Methodology and enhancements to HITRUST Assessment XChange™ combine to overcome TPRM Challenges FRISCO, Texas – November 12, 2019 – HITRUST, a leading data protection standards development and certification organization, today announced a major release of its HITRUST Third-Party Risk Management (“TPRM”) Methodology that introduces numerous new components including an Inherent Risk Questionnaire,…
Read MoreHITRUST® Releases Version 9.3 of the HITRUST CSF® Incorporating New Privacy and Security Standards
Latest release of HITRUST CSF adds CCPA, SCIDSA, and NIST SP 800-171 authoritative sources as well as updates six others FRISCO, Texas – October 28, 2019 – HITRUST, a leading data protection standards development and certification organization, today announced the availability of version 9.3 of the HITRUST CSF information risk and compliance management framework, further…
Read MoreGo To Archive
HITRUST® Announces Community Extension Program Schedule
Risk Management Events to Appear in Cities Coast-to-Coast Frisco, TX., March 26, 2019 – HITRUST, a leading data protection standards development and certification organization, today announced the dates and locations of its Community Extension Program (CEP) throughout 2019. Since their inception in 2017, the CEP sessions have been sought by organizations of all sizes striving…
Read MoreBringing Together Customers and Vendors to Learn, Collaborate and Make Third-Party Risk Management a Shared Responsibility
The HITRUST Third Party Assurance Summit will bring together leaders and experts representing customers, vendors and consultancies in various aspects of vendor management, procurement, information security, audit, compliance and risk management. It will span two days of sharing perspectives and lessons learned, exploring implementation challenges and best practices, and facilitating peer discussions to identify third-party…
Read MoreWannaCry Debrief: Lessons Learned
On June 28, 2017, HITRUST hosted a webinar that provided a valuable debrief and analysis of the recent cyber attack on the healthcare industry known as “WannaCry”. View WANNACRY Debrief Webinar Recording According to Forbes, the NSA cyber weapon-powered WannaCry ransomware that spread across the world infected as many as 200,000 Windows systems, including those at 48 hospital trusts in the…
Read MoreView Current Events View Past Events
