Skip to content

Assessments and Certifications

HITRUST offers a traversable portfolio of three core cybersecurity assessments and certifications based on an organization’s size, needs, and risk objectives. Because the e1, i1, and r2 are all built on the HITRUST Framework (HITRUST CSF®), work from previous assessments can be applied to more comprehensive assessments. Organizations working to attain certification can also inherit existing controls from their certified cloud service providers.

Recognizing the novel security threats introduced by AI technology, HITRUST now also offers the first of their kind AI security and AI risk management assurance products Whether your organization is developing, deploying, or utilizing AI, the comprehensive, prescriptive control specifications and methodology in these solutions will enable you to validate and demonstrate your security and risk mitigation stance. 

Which assessment and certification is right for your organization?

HITRUST e1 - 1-year Validated Assessment: Foundational Cybersecurity

The e1 assessment and certification is ideal for startups and companies with limited risk profiles or less complexity. It allows for an entry-level validated assessment and certification based on 44 foundational security controls. Organizations can also build upon these controls as a step toward attaining the more comprehensive i1 or r2 certifications.

Learn More

HITRUST i1 - 1-year Validated Assessment: Leading Security Practices

The i1 assessment and certification is a good fit for organizations with robust information security programs already in place that are ready to demonstrate leading security practices. The i1 offers a more comprehensive assurance than the e1, with more controls included. Work done to attain an active i1 certification can be applied toward attaining an r2 certification.

Learn More

HITRUST r2 - 2-year Validated Assessment: Expanded Practices

The r2 assessment and certification is best suited for organizations that need to demonstrate regulatory compliance with authoritative sources like HIPAA, the NIST Cybersecurity Framework, and dozens of others or that require expanded tailoring of controls based on other identified risk factors. It is the most comprehensive and robust HITRUST assessment.

Learn More

AI Security Assessment and Certification

The AI Security Assessment is designed to provide AI platform and service providers with relevant, prescriptive, practical security controls and methodology to confidently adopt and secure AI technologiesIt supports shared responsibility inheritance and when paired with an e1, i1, or r2, enables organizations to address multiple compliance needs within a streamlined solution.   

Learn More

AI Risk Management Assessment

The HITRUST AI Risk Management Assessment offers detailed insights, based on 51 relevant and practical AI risk management controls. Harmonized with ISO 23894 and NIST AI RMF, this assessment provides a single, efficient control specification that allows organizations to understand and report on their performance in ISO and NIST terms. 

Learn More

Confidence You Can Count On

Thousands of companies across industries and throughout the world rely on HITRUST® assessments to provide assurances that they have adequate security and privacy controls in place to help manage and mitigate cybersecurity threats and comply with ever-changing regulations.

The reason is that HITRUST assessments and certifications prove that your organization is taking the most proactive approach to data protection and cybersecurity.

Earning a HITRUST certification sends a signal to regulators, customers, and stakeholders that they can trust the strength of your cybersecurity and data protection program. It’s no wonder that so many organizations don’t just request but require a HITRUST certification from vendors and third-party service providers for security and privacy assurances. 

Get Started with HITRUST

Who uses, recommends, and accepts HITRUST certification?

 
 
 
 

Our Assessment Process

By standardizing the approach to risk management, we make the
assessment process easier and more reliable.

Here's How:

  • We offer organizations three assessment types based on their risk profile and risk maturity. 
  • Organizations reuse controls as they move from one assessment to the next. 
  • Our methodology provides transparency, accuracy, consistency, and integrity. 
  • Organizations can share and analyze results securely through our Results Distribution System® (RDS).
  • Our control maturity model provides accurate scoring of controls rather than an opinion-based pass/fail model.

The Benefits of HITRUST Certification

HITRUST certification provides the highest levels of trust and confidence
to your organization and your stakeholders that you are meeting the
highest standards in information protection.

Here's Why:

  • Organizations can save time, money, and resources by streamlining their assurance journey through inheritance.
  • Your organization can differentiate itself as a trusted vendor during competitive proposal and contracting reviews.
  • Our process reduces the time and resources required to respond to third-party questionnaires.
  • You can increase awareness of your organization’s relative exposure, inherent risk, current security posture, and the maturity of your information risk management program.
  • Certification could lead to savings on cybersecurity insurance premiums.
  • One assessment can be used to meet multiple compliance requirements. 

Why choose HITRUST?

Delivers Cyber Threat-Adaptive Assessments
Delivers Cyber Threat-Adaptive Assessments

Proactively defends against the latest cyber threats, including ransomware and phishing

Expands and Aligns Assessment Portfolio
Expands and Aligns Assessment Portfolio

Covers broad assurance needs for different risk levels and compliance requirements, providing greater assurance reliability than other assessment options

Enables Traversable Assessment Journey
Enables Traversable Assessment Journey

Allows for higher assurances by reusing the work in previous HITRUST assessments and sharing common control requirements and inheritance

Reduces Time and Effort
Reduces Time and Effort

Ensures the most relevant controls are in place while removing redundancy

Expands Authoritative Sources
Expands Authoritative Sources

Updates authoritative sources automatically through the power of AI

Divider

External Assessors

External Assessors are organizations that have been approved by HITRUST to perform assessments that align with the HITRUST Framework (HITRUST CSF). Choosing the right partner is critical for the success of your certification efforts.

Find an External Assessor

Ready to take your information security program to the next level?

Get Started with HITRUST
Chat

Chat Now

This is where you can start a live chat with a member of our team