How We Can Help
HITRUST, in collaboration with private sector, government, technology and information privacy and security leaders, has established the HITRUST CSF, a certifiable framework that can be used by any organization that creates, accesses, stores or exchanges sensitive information. The HITRUST CSF harmonizes multiple frameworks, standards, state, federal and International regulations and leading practices into a single framework. The HITRUST CSF addresses industry- specific challenges by leveraging and enhancing existing frameworks, standards and regulations to provide organizations of varying sizes, geographic operation and risk profiles with prescriptive implementation requirements and guidelines.
The HITRUST CSF is a scalable, prescriptive and certifiable framework that harmonizes numerous standards, regulations, control frameworks and leading practices
The CSF Assurance Program is the oversight and assessment methodology governed by HITRUST and designed to address regulatory and business needs
The MyCSF Risk Assessment Platform (SaaS) is a secure, web-based solution for assessing against the HITRUST CSF or any of its harmonized standards, regulations, control frameworks and authoritative sources to manage compliance and measure risk
The HITRUST Academy provides education to individuals about the HITRUST CSF Assurance and De-Identification processes
HITRUST’s CSF Assess Once, Report Many Approach
What’s your organization’s priority when it comes to managing cybersecurity risk and demonstrating compliance? For many CISOs, the most urgent need is focusing on managing cyber threats and improving their cyber resilience while also communicating the effectiveness of their information security program to various audiences – processes for which are significantly aided by the HITRUST CSF and CSF Assurance Program.
Organizations are challenged with efficiently and effectively evaluating the information privacy and security controls in place with their trading partners in a manner that is consistent with the risk posed by that relationship. By leveraging the HITRUST CSF Assurance Program’s integrity, transparency and consistency to enhance and streamline their third-party risk management processes, they can reduce costs associated with vetting, onboarding, and continuous monitoring of third-party risk.
HITRUST’s CSF assessment reports provide for a comprehensive, consistent and standardized approach customers can use to evaluate the information privacy and security controls effectiveness of their business partners, while enabling business partners to reduce their costs by having a single assessment, that can be leveraged by their various customers.
HITRUST CSF Third-Party Assurance Program
Model Approach to Efficient and Cost-Effective Third-Party Assurance
By leveraging HITRUST’s CSF assessment reports, organizations can have a comprehensive, consistent and standardized approach to communicating information privacy and security effectiveness to their customers. The HITRUST CSF Assurance Program is built upon the principles of integrity, transparency and consistency to ensure that report recipients can understand and rely on the findings, while the “assess once report many” approach allows one assessment to be used to satisfy numerous reporting requirements thus reducing costs and saving resources.
Key reports that can be issued from performing a HITRUST CSF assessment include a HITRUST CSF Assurance Report (Certification), NIST Cybersecurity Framework Scorecard and Certification, and a SOC2 + HITRUST CSF Assurance Report.
Get Started on an Assessment
You can begin reporting your information security posture to multiple industry partners using a standardized and user-friendly set of tools and methodologies in 5 easy steps.
Learn More
The Latest
HITRUST Releases Version 9.4 of the HITRUST CSF Incorporating the DoD CMMC, and Approach to Community Standards
Latest release of the HITRUST CSF furthers benefits towards One Framework, One Assessment, Globally™ FRISCO, Texas – June 22, 2020 – HITRUST, a leading data protection standards development and certification organization, today announced the availability of version 9.4 of the HITRUST CSF information risk and compliance management framework, further delivering on its mission of One…
Read MoreHITRUST Furthers Focus on Asia as Part of its Global Privacy and Security Strategy
Delivers One Framework, One Assessment, Globally FRISCO, TX, May 6, 2020 – HITRUST®, a leading data protection standards development and certification organization, continues to expand and enhance its services and support in the Asia Pacific region as part of a global information protection approach to streamline information risk management and compliance for organizations of any…
Read MoreHITRUST Offers New Bridge Assessment and Certificate to Help Organizations Overcome Challenges Maintaining HITRUST CSF Certification Due to COVID-19 Disruption
HITRUST recognizes the challenges that assessed entities may be facing in completing their HITRUST CSF Validated Assessments and the possible impact of not maintaining HITRUST CSF Certification. The HITRUST CSF Bridge Assessment provides a solution to assist organizations in addressing these challenges, allowing assessed entities to demonstrate a continued level of control effectiveness and assert…
Read MoreGo To News Archive
HITRUST Releases Version 9.4 of the HITRUST CSF Incorporating the DoD CMMC, and Approach to Community Standards
Latest release of the HITRUST CSF furthers benefits towards One Framework, One Assessment, Globally™ FRISCO, Texas – June 22, 2020 – HITRUST, a leading data protection standards development and certification organization, today announced the availability of version 9.4 of the HITRUST CSF information risk and compliance management framework, further delivering on its mission of One…
Read MoreHITRUST Furthers Focus on Asia as Part of its Global Privacy and Security Strategy
Delivers One Framework, One Assessment, Globally FRISCO, TX, May 6, 2020 – HITRUST®, a leading data protection standards development and certification organization, continues to expand and enhance its services and support in the Asia Pacific region as part of a global information protection approach to streamline information risk management and compliance for organizations of any…
Read MoreHITRUST Assessment XChange Furthers Collaboration with Healthcare Leaders to Lessen COVID-19 Impact on Supply Chain Risk Management
Offers Comprehensive Third-Party Risk Management Solution to Health Ecosystem at No Cost FRISCO, Texas – April 30, 2020 – HITRUST Assessment XChange™ (XChange), a wholly-owned subsidiary of HITRUST®, is providing healthcare organizations free access to its third-party risk management (TPRM) solution, including methodologies, technology, and staff augmentation. The decision to provide the service free of…
Read MoreGo To Archive
HITRUST® Announces Community Extension Program Schedule
Risk Management Events to Appear in Cities Coast-to-Coast Frisco, TX., March 26, 2019 – HITRUST, a leading data protection standards development and certification organization, today announced the dates and locations of its Community Extension Program (CEP) throughout 2019. Since their inception in 2017, the CEP sessions have been sought by organizations of all sizes striving…
Read MoreBringing Together Customers and Vendors to Learn, Collaborate and Make Third-Party Risk Management a Shared Responsibility
The HITRUST Third Party Assurance Summit will bring together leaders and experts representing customers, vendors and consultancies in various aspects of vendor management, procurement, information security, audit, compliance and risk management. It will span two days of sharing perspectives and lessons learned, exploring implementation challenges and best practices, and facilitating peer discussions to identify third-party…
Read MoreWannaCry Debrief: Lessons Learned
On June 28, 2017, HITRUST hosted a webinar that provided a valuable debrief and analysis of the recent cyber attack on the healthcare industry known as “WannaCry”. View WANNACRY Debrief Webinar Recording According to Forbes, the NSA cyber weapon-powered WannaCry ransomware that spread across the world infected as many as 200,000 Windows systems, including those at 48 hospital trusts in the…
Read MoreView Current Events View Past Events
