HITRUST and AICPA collaborated on the mapping of HITRUST CSF controls to AICPA Trust Principles and Criteria for Security, Confidentiality and Availability. Subsequently, any AICPA firm can perform a SOC 2 examination leveraging the CSF framework. This allows the client to receive in a combined format HITRUST Certification and a SOC 2 report. The next collaborative effort will be mapping the HITRUST CSF to the privacy principle.
For more information, refer to the SOC 2: Leveraging the CSF Webpage, the Deloitte article “SOC 2 for HITRUST – A Complementary Reporting Option” and the HITRUST CSF to AICPA Trust Services Principles and Criteria mapping on the AICPA website.