- Currently, a SOC 2 + HITRUST assesses all 135 HITRUST controls. Does a SOC 2 + HITRUST CSF Certification assess all 135 or only the 66 required for HITRUST certification?
- Do you have an ETA for when the updating of the Practitioner Document and Reporting Template to opine on meeting the 66 controls required for HITRUST certification will be complete?
- In the future, it looks like the SOC 2 HITRUST certification will only assess 66 controls. Does that mean organizations will not have to certify?
- What is the difference between a HITRUST CSF Certification and a service auditor’s report expressing an opinion on the fairness of the system description, suitability of design, and operating effectiveness of controls based on The HITRUST CSF?
Thanks for your feedback.