HITRUST offers two types of CSF Assessments – a self-assessment and a validated assessment.
- Self-assessments allow organizations to assess themselves using HITRUST’s standard methodology, requirements, and tools provided under the CSF Assurance Program. HITRUST performs limited validation on the results of the self-assessment to provide a limited level of assurance to relying entities.
- Validated assessments are conducted by a HITRUST Approved CSF Assessor. The CSF Assurance Program’s assessment methodology is used and the controls are scored using HITRUST’s maturity approach to control implementation. Assessments meeting or exceeding the current CSF Assurance Program requirements receive a HITRUST validated report indicating they are HITRUST CSF Certified.
Thanks for your feedback.