HITRUST and AICPA collaborated on the mapping of HITRUST CSF controls to AICPA Trust Principles and Criteria for Security, Confidentiality, and Availability. Subsequently, any AICPA firm can perform a SOC 2 examination leveraging the CSF framework. This allows the client to receive in a combined format HITRUST Certification and a SOC 2 report. The next collaborative effort will be mapping the HITRUST CSF to the privacy principle.

For more information, refer to the SOC 2: Leveraging the CSF Webpage, the Deloitte article “SOC 2 for HITRUST – A Complementary Reporting Option and the HITRUST CSF to AICPA Trust Services Principles and Criteria mapping on the AICPA website.


Was this helpful?

Yes No
You indicated this topic was not helpful to you ...
Could you please leave a comment telling us why? Thank you!
Thanks for your feedback.

Post your comment on this topic.

Post Comment