Advisories

HAA 2019-003: Ensuring Clarity of Scope of an Assessment

Written by HITRUST | Mar 15, 2024 5:00:56 AM

Advisory Type 

Assurance Requirements 

Policy/Program Change Details 
This bulletin is to inform HITRUST Authorized External Assessor Organizations about a change to the assurance process regarding the documentation of the scope of the entity’s assessed environment. 

HITRUST Authorized External Assessors must provide a verbose description of the assessed environment that includes both systems/products and facilities. This description must clearly define assessment boundaries. In addition to the verbose description, there will be a summary table that must be provided that would further clarify what is included and what is not included such that any discrepancy can be clearly resolved through the definition. We have attached an illustrative example to this advisory. 

Rationale 
This change is to ensure the clear communication of the environment that was assessed to readers of HITRUST CSF Validated Assessment reports. 

Timetable for Implementation 
Effective for all validated assessments submitted on or after April 1, 2019. 

 For any additional questions, please contact our Support team or a HITRUST Customer Success Manager.  

Attachments 

Scope Definition & Guidance