HAA 2016-009: Intent of Readiness Assessments

August 1, 2016

Policy/Program Change Details
HITRUST continues to recommend that “readiness assessments” be conducted for an organization’s entire HITRUST CSF-based information protection program, i.e., against all 135 security controls as scoped to their environment rather than only those controls required for CSF certification.

Rationale
This will help ensure both the approved HITRUST Authorized External Assessor and the assessed organization are always aware of the status of the information protection program and can readily support a CSF controls assessment, regardless of type (e.g., a security assessment used for certification or a comprehensive security assessment used to generate a regulatory scorecard).

Timetable for Implementation
Immediate: This bulletin is to clarify existing policy.

Subscribe to get updates,
news, and industry information.

Subscribe

HAA 2016-009: Intent of Readiness Assessments

You may also be interested in:

HAA 2024-002: CSF Version 11.3 Release HAA 2024-002: CSF Version 11.3 Release

HAA 2024-003: CSF v11.2 Creation Deadline for e1 and i1 Assessments HAA 2024-003: CSF v11.2 Creation Deadline for e1 and i1 Assessments

HAA 2016-004: HITRUST CSF Assurance Program Change Related to the Addition of a Required Control for Certification in HITRUST CSF V8 HAA 2016-004: HITRUST CSF Assurance Program Change Related to the Addition of a Required Control for Certification in HITRUST CSF V8

Subscribe to get updates,news, and industry information.

Chat Now

HAA 2024-003: CSF v11.2 Creation Deadline for e1 and i1 Assessments

HAA 2016-004: HITRUST CSF Assurance Program Change Related to the Addition of a Required Control for Certification in HITRUST CSF V8

Subscribe to get updates,
news, and industry information.