CSF Certification can be achieved when all 64 required controls are fully implemented in the scoped environment (2015 CSF v7 requirement). The total amount of time it can take an organization to become certified is therefore dependent on its initial readiness level and the amount of remediation needed to fully implement all the requirements in scope for the assessment. Most organizations will perform at least one self-assessment to gauge their readiness for certification and, once an organization is comfortable that they will meet the certification requirements, they will hire a CSF assessor to perform a validated assessment. These independent assessments can take anywhere from 2-8 weeks on average depending on the size and complexity of the organization and the scoped environment, and it can take an additional 6 weeks for the validated assessment to be processed and certification awarded by HITRUST. In general, it can take up to 3-4 month to complete the assessment and obtain certification once an organization is ready.

Reference: HITRUST CSF Assurance Program Requirements

Feedback

Was this helpful?

Yes No
You indicated this topic was not helpful to you ...
Could you please leave a comment telling us why? Thank you!
Thanks for your feedback.

Post your comment on this topic.

Post Comment