Skip to content


HITRUST e1 - 1-year Validated Assessment offers additional efficiency and flexibility to the HITRUST portfolio of certification options.

The e1 is ideal for startups and companies with low-risk profiles or less complexity, establishing foundational cybersecurity. It allows for an entry-level validated assessment based on 44 foundational security controls. Organizations can build on these controls as a step toward attaining the more comprehensive i1 or r2 certifications. 

Benefits of the e1 Assessment

Establishes Foundational Cybersecurity
Establishes Foundational Cybersecurity

Uses essential controls recommended by HITRUST and many other standards and authoritative sources

Reduces Effort
Reduces Effort

Leverages a leaner set of only 44 controls and reduces the time needed to perform an assessment

Maximizes Efficiency
Maximizes Efficiency

Applies HITRUST assessment results toward the i1 and r2 certifications

Delivers Faster Results
Delivers Faster Results

Allows for quicker certification than other assessment types

Streamlines Assessment Process
Streamlines Assessment Process

Focuses on implementation to practically assess information security programs

Use Cases for the e1 Assessment

An e1 assessment can prove that low-risk enterprises
have foundational cybersecurity in place
  • When a reliable and widely accepted information security certification is needed.
  • As a streamlined, faster option to obtain assurances, establish benchmarks, and identify coverage gaps.
  • To be a market differentiator for small organizations, startups, or organizations with low-risk profiles.
  • For a source of meaningful assurance reports for merger/acquisition partners, new business units, or recently deployed technology platforms.
  • As justification for more favorable cyber insurance premiums.
  • For organizations that need to share reports with multiple entities.
An e1 assessment can be the first step in achieving an i1 or r2 certification
  • For organizations that need additional time to implement the more robust control environment needed for HITRUST i1 or r2 assessments.
  • For enterprises that are new to HITRUST.
An e1 assessment can be used for third-party risk management
  • To evaluate or onboard third-party business partners.
  • To request assurances from service providers who handle limited-PII business processes, such as sales/marketing agencies, call centers, facility managers, research partners, insurance brokers, financial brokers, advisors, auditors, and others.

Ready to take your information security program to the next level?


Chat Now

This is where you can start a live chat with a member of our team