What is the difference between a HITRUST CSF Certification and a service auditor’s report expressing an opinion on the fairness of the system description, suitability of design, and operating effectiveness of controls based on The HITRUST CSF?
See the question “In the future, it looks like the SOC 2 HITRUST certification will only assess 75 controls. Does that mean organizations will not have to certify?”
Post your comment on this topic.