Advisories

HAA 2020-005: Enhancing Assurance Advisories

Written by HITRUST | Mar 15, 2024 5:00:38 AM

Policy/Program Change Details 
HITRUST “CSF Implementation & Assurance Implementation Bulletins” will now be referred to simply as “Assurance Advisories” and will be classified into two distinct categories: “Assurance Change Advisories” and “Assurance Quality Advisories.” 

“Assurance Change Advisories” will be used to communicate: 

  • Enhancements to the MyCSF platform which significantly impact the Assurance program. 
  • Significant modifications to the assessment methodology and assurance program requirements, such as modified assessment documentation requirements. 
  • Introduction of a new component of the assessment methodology or a program requirement. 

“Assurance Quality Advisories” will be used for: 

  • Clarifying existing assessment methodology components, assurance program requirements, and expectations of assessors and assessed entities based on HITRUST’s experience in performing quality assurance reviews of assessment submissions. 
  • Highlighting new, emerging, or otherwise noteworthy circumstances that may affect how assessments are conducted under the existing assessment methodology and assurance program requirements. 

All advisories will continue to provide a timeline for implementation by both assessed entities and External Assessors. 

Rationale 
Categorizing advisories by type will provide additional clarity around changes to the Assurance program which impact assessed entities and External Assessors. Furthermore, the creation of “Assurance Quality Advisories” provides a new vehicle to share guidance and clarification regarding existing assessment methodologies and program requirements to the HITRUST community. 

Timetable for implementation 
Effective for all subsequent Advisories.