The answer to this question is either. HITRUST has updated the SOC 2 + HITRUST guidance to illustrate how a SOC 2 + HITRUST CSF opinion could be based upon all 135 security CSF Controls or only those security controls required for Certification.

There are three (3) documents that have been updated to reflect this change:

• Mapping of the HITRUST CSF to the Trust Services Criteria;
• The Guidance/FAQ document; and
• The Illustrative management assertion and CPA opinion.


Was this helpful?

Yes No
You indicated this topic was not helpful to you ...
Could you please leave a comment telling us why? Thank you!
Thanks for your feedback.

Post your comment on this topic.

Post Comment