The level of maturity an organization wishes to pursue is a risk-based decision based on the needs of that organization. However, an industry-accepted level of due diligence and due care would be a fully implemented HITRUST CSF-based information protection program that scores at around a 75 on HITRUST’s 100-point scale based on the first three HITRUST CSF control maturity levels: policy, procedure, and implemented. Organizations that wish to implement ‘best-in-class’ information protection programs and receive the benefits of information security continuous monitoring (ISCM) and ongoing certification (OC) should strive for aggregated average scores of 87 or more.


Was this helpful?

Yes No
You indicated this topic was not helpful to you ...
Could you please leave a comment telling us why? Thank you!
Thanks for your feedback.

Post your comment on this topic.

Post Comment