Overview
The HITRUST Shared Responsibility Matrix® (SRM) has been updated to V1.4.1. The upgrade could impact Assessed Entities and their External Assessors who utilize inheritance within their HITRUST assessments. Assessed Entities and External Assessors who do not utilize inheritance within their HITRUST assessments are not impacted by this Advisory.
SRM V1.4.1 Changes
SRM V1.4.1 adds inheritability values (e.g., fully, partially, or not inheritable) at the evaluative element (EE) level. Transparency at the EE-level inheritability has several benefits, including:
As a result of taking the SRM down to the EE level, 129 requirement statements increased inheritability and 73 requirement statements decreased inheritability totaling 202 (7%) changes applied to the 2,724 SRM baseline requirement statements spanning CSF v9.1 to v11.1.0. The rollout of the SRM V1.4.1 update via the timeline below is intended to minimize the impact to assessments using the legacy SRM V1.4 inheritability values that are already planned or in process. For further details on these inheritability changes, refer to the following:
SRM V1.4.1 Rollout and Timeline
Concurrent with the release of this advisory:
For the requirement statements with changed inheritability values in SRM V1.4.1, all inheritance providers with a published SRM have confirmed that external inheritance requests in a “Submitted” status within MyCSF with a weight using either SRM V1.4 or SRM V1.4.1 will be approved by the inheritance provider, assuming all other criteria set by the inheritance provider have been met, until January 31, 2024.
All external inheritance requests submitted to inheritance providers after January 31, 2024, are expected to be weighted in observance of inheritability values in the latest SRM version.
Additional resources
For any additional questions, please contact our Support team or a HITRUST Customer Success Manager. Learn more about the HITRUST Shared Responsibility and Inheritance program.