Skip to content

Confidence You Can Count On

Thousands of companies across industries and throughout the world rely on HITRUST® assessments to provide assurances that they have adequate security and privacy controls in place to help manage and mitigate cybersecurity threats and comply with ever-changing regulations.

The reason is that HITRUST assessments and certifications prove that your organization is taking the most proactive approach to data protection and cybersecurity.

Earning a HITRUST certification sends a signal to regulators, customers, and stakeholders that they can trust the strength of your cybersecurity and data protection program. It’s no wonder that so many organizations don’t just request but require a HITRUST certification from vendors and third-party service providers for security and privacy assurances. 

Who uses, recommends, and accepts HITRUST certification?


Our Assessment Process

By standardizing the approach to risk management, we make the
assessment process easier and more reliable.

Here's How:

  • We offer organizations three assessment types based on their risk profile and risk maturity. 
  • Organizations reuse controls as they move from one assessment to the next. 
  • Our methodology provides transparency, accuracy, consistency, and integrity. 
  • Organizations can share and analyze results securely through our Results Distribution System® (RDS).
  • Our control maturity model provides accurate scoring of controls rather than an opinion-based pass/fail model.

The Benefits of HITRUST Certification

HITRUST certification provides the highest levels of trust and confidence
to your organization and your stakeholders th
at you are meeting the
highest standards in information protection.

Here's Why:

  • Organizations can save time, money, and resources by streamlining their assurance journey through inheritance.
  • Your organization can differentiate itself as a trusted vendor during competitive proposal and contracting reviews.
  • Our process reduces the time and resources required to respond to third-party questionnaires.
  • You can increase awareness of your organization’s relative exposure, inherent risk, current security posture, and the maturity of your information risk management program.
  • Certification could lead to savings on cybersecurity insurance premiums.
  • One assessment can be used to meet multiple compliance requirements. 

Assessment Types

The HITRUST assessment portfolio offers three certification options based on your organization’s size, needs, and risk profile. Because all three certifications are built on the HITRUST Framework (HITRUST CSF®), work from previous assessments can be applied to more comprehensive assessments. Organizations working to attain certification can also inherit existing controls from their certified cloud service providers.

Which assessment type is right
for your organization?

HITRUST e1 - 1-year Validated Assessment: Foundational Cybersecurity

The e1 certification is ideal for startups and companies with limited risk profiles or less complexity. It allows for an entry-level validated assessment and certification based on 44 foundational security controls. Organizations can also build upon these controls as a step toward attaining the more comprehensive i1 or r2 certifications.

HITRUST i1 - 1-year Validated Assessment: Leading Security Practices

The i1 certification is a good fit for organizations with robust information security programs already in place that are ready to demonstrate leading security practices. The i1 offers a more comprehensive assurance than the e1, with more controls included. Work done to attain an active i1 certification can be applied toward attaining an r2 certification.

HITRUST r2 - 2-year Validated Assessment: Expanded Practices

The r2 certification is best suited for organizations that need to demonstrate regulatory compliance with authoritative sources like HIPAA, the NIST Cybersecurity Framework, and dozens of others or that require expanded tailoring of controls based on other identified risk factors. It is the most comprehensive and robust HITRUST assessment.

Why choose HITRUST?

Delivers Cyber Threat-Adaptive Assessments
Delivers Cyber Threat-Adaptive Assessments

Proactively defends against the latest cyber threats, including ransomware and phishing

Expands and Aligns Assessment Portfolio
Expands and Aligns Assessment Portfolio

Covers broad assurance needs for different risk levels and compliance requirements, providing greater assurance reliability than other assessment options

Enables Traversable Assessment Journey
Enables Traversable Assessment Journey

Allows for higher assurances by reusing the work in previous HITRUST assessments and sharing common control requirements and inheritance

Reduces Time and Effort
Reduces Time and Effort

Ensures the most relevant controls are in place while removing redundancy

Expands Authoritative Sources
Expands Authoritative Sources

Updates authoritative sources automatically through the power of AI


External Assessors

External Assessors are organizations that have been approved by HITRUST to perform assessments that align with the HITRUST Framework (HITRUST CSF). Choosing the right partner is critical for the success of your certification efforts.

Ready to take your information security program to the next level?


Chat Now

This is where you can start a live chat with a member of our team