Policy/Program Change Details
HITRUST “CSF Implementation & Assurance Implementation Bulletins” will now be referred to simply as “Assurance Advisories” and will be classified into two distinct categories: “Assurance Change Advisories” and “Assurance Quality Advisories.”
“Assurance Change Advisories” will be used to communicate:
“Assurance Quality Advisories” will be used for:
All advisories will continue to provide a timeline for implementation by both assessed entities and External Assessors.
Rationale
Categorizing advisories by type will provide additional clarity around changes to the Assurance program which impact assessed entities and External Assessors. Furthermore, the creation of “Assurance Quality Advisories” provides a new vehicle to share guidance and clarification regarding existing assessment methodologies and program requirements to the HITRUST community.
Timetable for implementation
Effective for all subsequent Advisories.