The HITRUST CSF Assessment questionnaire will ask about your organization’s information security practices in 19 major topical domains such as information protection program, endpoint protection, portable media security, third party assurance and risk management.
To gain an understanding of your organization’s risk profile, the questionnaire will ask you if:
- Specific requirements are addressed in organizational policy and standards,
- There are processes and procedures to support the implementation of the requirements,
- The requirements have been implemented consistently across the organization,
- The effectiveness of the controls are monitored (e.g., with a metric or other type of measurement), and
- The controls are actively managed based on this monitoring.