Mature organizations are defined as those organizations with ‘best-in-class’ information protection programs that not only have robust policies and procedures in place to support full implementation of their information security and privacy controls—a complete set of which is determined by the information risk posed to their organization—but also monitor their controls extensively and take appropriate action when they receive indications these controls may no longer be operating as intended.

As the HITRUST CSF maturity model is based on five levels—policy, procedure, implemented, measured, and managed—a mature organization would score very high on the model’s 100-point scale, as shown in the figure above. For the purpose of qualifying for the HITRUST CSF Ongoing Certification (OC) Program, an organization would need to meet the current certification criteria for HITRUST CSF Certification, have fully implemented the controls related to their internal Information Security Continuous Monitoring (ISCM) Program, and received an overall average score of 87.


Was this helpful?

Yes No
You indicated this topic was not helpful to you ...
Could you please leave a comment telling us why? Thank you!
Thanks for your feedback.

Post your comment on this topic.

Post Comment