The decision to adopt the HITRUST CSF should be made at the organizational level, after which, the organization should perform an internal gap analysis of existing controls against the target controls in the HITRUST CSF. This analysis can be done manually or by utilizing HITRUST’s online GRC-based assessment support tool, MyCSF. Once the data protection posture of the organization is understood, a risk management strategy and implementation timeline can be developed and communicated throughout the organization.


Was this helpful?

Yes No
You indicated this topic was not helpful to you ...
Could you please leave a comment telling us why? Thank you!
Thanks for your feedback.

Post your comment on this topic.

Post Comment