HITRUST and AICPA collaborated on the mapping of the HITRUST CSF controls to the AICPA Trust Services Criteria for Security, Availability, Processing Integrity, Confidentiality, and Privacy. Subsequently, any AICPA firm can perform a SOC 2 examination, leveraging the HITRUST CSF framework, which allows the client to receive, in a combined format, the HITRUST Certification and a SOC 2 report.

For more information, refer to the SOC 2: Leveraging the CSF webpage, the Deloitte article SOC 2 for HITRUST – A Complementary Reporting Option and the HITRUST CSF to AICPA Trust Services Principles and Criteria mapping on the AICPA website.


Was this helpful?

Yes No
You indicated this topic was not helpful to you ...
Could you please leave a comment telling us why? Thank you!
Thanks for your feedback.

Post your comment on this topic.

Post Comment