You’ve got Cybersecurity Questions.
We’ve got Assessors with Answers.
With the guidance of an Authorized HITRUST® External Assessor, your organization’s HITRUST certification journey can be made transparent, consistent, and objective. They are invaluable, trained, and vetted resources that organizations of any size can depend on to assess performance and compliance with security control requirements and — when needed — help develop corrective action plans.
Find an External Assessor or Readiness Licensee
Achieving HITRUST Certification requires working with trained and authorized organizations. HITRUST has established a rigorous program to ensure assessments are performed consistently, accurately, and with the highest level of assurance.
External Assessors are organizations formally approved and trained by HITRUST to conduct validated assessments. They are the only entities authorized to perform the validated assessments that are submitted to HITRUST for certification.
Readiness Licensees are licensed and trained by HITRUST to use the HITRUST Framework (HITRUST CSF®) for readiness assessments and advisory services. They help organizations evaluate their security and compliance posture, identify gaps, and prepare for certification with confidence.
The organizations listed below are the only entities trained and authorized by HITRUST to perform official readiness and validated assessment services.
Interested in becoming an External Assessor or Readiness Licensee?
Looking to connect with a HITRUST Authorized External Assessor?
Complete the form below and we will facilitate an introduction.
How it works:
- Select up to five External Assessors or Readiness Licensees from the list below.
- Click the “Find an External Assessor” button.
- Complete the short form that appears.
Once submitted, our Product Specialists will review your selections and connect you with the organizations you chose.
Need assistance sooner? Contact us directly at sales@hitrustalliance.net.
Each HITRUST® External Assessor Organization (“EA Organization”) has completed a vetting process that requires each EA Organization to demonstrate the capability of performing a HITRUST assessment.
The HITRUST vetting process includes reviewing policies and procedures and the background of the individuals performing the assessments. HITRUST strives to ensure that the list of EA Organizations stays current, and that all EA Organizations continue to meet HITRUST standards year over year.
HITRUST cannot guarantee that any EA Organization will be successful in their role as an EA Organization on any specific engagement. It is the responsibility of the Assessed Entity to perform its own due diligence prior to engaging the EA Organization to perform a HITRUST Assessment. HITRUST does not recommend specific EA Organizations for engagements. See the HITRUST Assessment Handbook for more information.