External Assessors
External Assessors are organizations that have been approved by HITRUST for performing assessment and services associated with the HITRUST Assurance Program and the HITRUST CSF, a comprehensive security framework that incorporates the existing security requirements of organizations.
External Assessors are critical to HITRUST’s efforts to provide trained resources to organizations of varying size and complexity to assess compliance with security control requirements and document corrective action plans that align with the HITRUST CSF.
Readiness Licensees
Organizations that do not wish to join the HITRUST External Assessor program have the option to license the HITRUST CSF from HITRUST to conduct readiness assessments and provide consulting on HITRUST CSF control implementation. AICPA organizations that choose this option may also produce SOC 2 reports which contain an opinion on the applicable Trust Services Criteria and HITRUST CSF criteria. Please note, licensing the HITRUST CSF in this manner does not allow the firm to perform a HITRUST Implemented, 1-year (i1) Validated Assessment or a HITRUST Risk-based, 2-year (r2) Validated Assessment, which are the only ways for organizations to obtain HITRUST Certification. HITRUST i1 and r2 Validated Assessment engagements can only be performed by an approved HITRUST External Assessor organization.
How Do I Become a HITRUST External Assessor or Readiness Licensee?
In order to perform external consulting, readiness, or assessment services using the HITRUST CSF framework or MyCSF platform, an organization must have an active license with HITRUST. HITRUST performs a review of all applying assessor firms to ensure quality of the program. To begin your application, please refer to our HITRUST Requirements Document for details and links to the required application templates. If you have any questions regarding the application process, please contact us at csfassessor@hitrustalliance.net.
Search for a HITRUST Authorized External Assessor below.
-
Primary Contacts
Ryan Sanders
ryan.sanders@24by7security.com
(844) 552-9237 ext. 715Sanjay Deo
sanjay.deo@24by7security.com
(954) 461-4856Rema Deo
rema.deo@24by7security.com
(954) 464-4612Date Effective
August 2022
-
Primary Contacts
Brad Lyons
blyons@360advanced.com
Phone: 866.418.1708 ext. 703
Direct Phone: 952.239.1661Jim Brennan
jbrennan@360advanced.com
Direct Phone: 727.686.2797
Date Effective
June 2016
-
AARC-360
Primary Contacts
Neil Gonsalves
neil.gonsalves@aarc-360.com
Phone: 678-458-0912Date Effective
June 2018
-
Primary Contacts
Henry Lindemann
hlindemann@acaaponix.com
Phone: 646-531-5750Noah Fox
nfox@acaaponix.com
Phone: 646-939-9566Sales
sales@acaaponix.com
Phone: 212-951-1030Date Effective
February 2019
-
Primary Contacts
Primal Parikh
premal.parikh@accorian.com
Phone: 609-937-0835Shalin Kadakia
shalin.kadakia@accorian.comDate Effective
December 2018
-
Agio
Primary Contacts
Shelly Harvill
shelly.harvill@agio.com
Phone: 405-245-9113Date Effective
July 2017
-
Date Effective
November 2015
-
Primary Contacts
Julia Huddleston
JHuddleston@ApgarandAssoc.com
Phone: 503.384.2538Date Effective
September 2022
-
Primary Contacts
Brett Williams
Brett.Williams@aprio.com
Phone: 770-353-7118Powell Jones
Powell.Jones@aprio.com
Phone: 770-353-3157Date Effective
August 2020
-
Armanino LLP
Primary Contacts
Patrick Hall
patrick.hall@armaninollp.com
Phone: 925-790-2600
Direct Phone: 972-790-2757Date Effective
August 2017
-
Primary Contacts
Steve Cullen
Email: steve@arora-solutions.com
Phone: 616-795-8886Date Effective
June 2022
-
Primary Contacts
William Holman
wholman@assureprofessional.com
865-661-6019Date Effective
February 2022
-
AT&T Consulting
Date Effective
November 2010
-
Avertium
Date Effective
June 2016
-
AWS Security Assurance Services
https://aws.amazon.com/professional-services/security-assurance-services/
Primary Contacts
Giancarlo Casella
gcasella@amazon.com
1.585.490.9915Lewa Owolabi
lowolabi@amazon.com
1.469.684.1977Date Effective
February 2021
-
Primary Contacts
Emily Di Nardo
Emily.DiNardo@bakertilly.comChristopher Tait
Christopher.Tait@bakertilly.com
1.414.777.5515Date Effective
July 2016
-
Primary Contacts
Vince Maduri
engage@barradvisory.com
Phone: 888-532-2004Brad Thies
bthies@barradvisory.com
Phone: 913-579-8314Date Effective
September 2020
-
Date Effective
September 2016
-
Beyond LLC
Date Effective
August 2016
-
Date Effective
June 2021
-
BlueOrange Compliance
Primary Contacts
Dan Lee
dan.lee@blueorangecompliance.com
Phone: 614-567-4128Date Effective
December 2017
-
Date Effective
February 2017
-
Carr, Riggs & Ingram (CRI)
Primary Contacts
David Mills
dmills@cricpa.com
Phone:334-347-0088
Medaria Chang
mchang@cricpa.com
Phone: 334-347-0088Date Effective
August 2016
-
Primary Contacts
Steven J. Ursillo, Jr.
sursillo@cbh.com
Phone: 401-250-5605
Neal Beggan
nbeggan@cbh.com
Phone: 703-506-4440
Cell: 703-887-6509Date Effective
August 2017
-
Primary Contacts
Carly Devlin
cdevlin@clarkschaefer.com
614-607-5132Ross Patz
rpatz@clarkschaefer.com
513-371-5609Date Effective
May 2022
-
Clearwater Compliance, LLC
Date Effective
March 2014
-
Primary Contacts
Heather Bearfield
heather.bearfield@CLAconnect.com
Phone: 508-713-6903Craig Allen
craig.allen@CLAconnect.com
Phone: 860-231-6668Date Effective
March 2016
-
Date Effective
October 2011
-
CompliancePoint
Primary Contacts
Carol Amick
connect@compliancepoint.com
Office: 770) 255-1100
Direct: (678) 287-7777
Mobile: (678) 521-2340Date Effective
May 2017
-
Primary Contacts
Amy Poblete
apoblete@controlcase.com
Phone: 703-483-6383Omkar Salunkhe
osalunkhe@controlcase.com
Phone: 289-230-2220Date Effective
April 2014
-
Primary Contacts
Aaron Thomas
Aaron_Thomas@copelandbuhl.com
Phone:952-476-7183Date Effective
September 2019
-
Crimson Security Inc.
Primary Contacts
Dave Hogan
Email: dave.hogan@crimsonsecurity.com
Phone: 631-265-3564Date Effective
April 2018
-
Primary Contacts
Erika Del Giudice, CISA, CRISC, HITRUST CCSFP
erika.delgiudice@crowe.com
Phone: 630-575-4366Jared Hamilton
jared.hamilton@crowe.com
Phone: 317-706-2724Date Effective
May 2017
-
Primary Contacts
Tim Roncevich
Tim.Roncevich@CGCompliance.com
Phone: 1-866-480-9485 x215Date Effective
July 2017
-
Date Effective
May 2010
-
Primary Contacts
Tushar Nahar
tsnahar@deloitte.com
Phone: (+91) 9820278315Jaganjyot Singh
sjaganjyot@deloitte.com
Phone: (+91) 9972743588Manshi Sachde
msachde@deloitte.com
Phone: (+91) 9820680845Taha Hussain
tahahussain@deloitte.com
Phone: (+91) 9848319538Date Effective
January 2018
-
Digital Forge Cybersecurity
Primary Contacts
Wayne Will
wwill@dfcyber.com
Phone: (877) 369-1831 x4831Date Effective
March 2018
-
DirectTrust
Primary Contacts
Kelly Gwynn
Kelly.Gwynn@DirectTrust.orgSusan Flynn
Susan.Flynn@DirectTrust.orgPhone:860-408-1620
Date Effective
January 2017
-
Dixon Hughes Goodman
Date Effective
July 2017
-
ecfirst
Date Effective
May 2016
-
Primary Contacts
Eric A. Pulse
epulse@eidebailly.com
Phone: 605-977-4847Date Effective
April 2018
-
EisnerAmper LLP
Primary Contacts
Kate Siegrist Katherine.Siegrist@eisneramper.com
Phone:612-381-8824Anna Fowler Anna.Fowler@eisneramper.com
Phone:612-436-5874Date Effective
October 2019
-
Primary Contacts
Jay Brietz CPA, CIA
jay.brietz@elliottdavis.com
Phone: 704-808-5247Ryan T. Collier
ryan.collier@elliottdavis.com
Phone: 980-201-3901Date Effective
May 2017
-
-
Date Effective
June 2011
-
Ernst & Young India
Primary Contacts
Harish Agarwal harish.agarwal@in.ey.com
Phone: +91 33 6615 3500
Abbas Godhrawala abbas.godhrawala@in.ey.com
Phone: +91 22 61920106Date Effective
August 2016
-
Primary Contacts
Jacob Arthur jacob.arthur@formosconsulting.com
Phone:615-852-8540Date Effective
April 2017
-
Fortified Health Security
Date Effective
February 2017
-
Date Effective
July 2017
-
Primary Contacts
Andrew Hicks
andrew.hicks@frazierdeeter.com
Phone: 720-232-3982Eric Johnson
eric.johnson@frazierdeeter.com
Phone: 520-909-0147Date Effective
November 2016
-
GMsectec
Primary Contacts
Russell M. Latimer
Email: russell.latimer@gmsectec.com
Phone: +1 (787) 620-5260Natasha Gitany
Email: natasha.gitany@gmsectec.com
Phone: +1 (787) 620-5260Hector G. Martinez
Email: hector.g.martinez@gmsectec.com
Phone: +1 (787) 620-5260Date Effective
November 2022
-
Primary Contacts
Rudy Silva
rudy.silva@goldskysecurity.comJonathan Cox
jonathan.cox@goldskysecurity.comKeith Frechette
keith.frechette@goldskysecurity.comDate Effective
July 2022
-
Date Effective
June 2016
-
I.S. Partners LLC
Date Effective
July 2016
-
Insight Direct USA, Inc.
https://solutions.insight.com/Solutions/Security-and-Networking/GRC
Primary Contacts
Falan Memmott
Falan.Memmott@insight.comDate Effective
March 2021
-
Intraprise Health
Date Effective
September 2011
-
Date Effective
June 2016
-
Katz, Sapper, & Miller, L.L.P.
Primary Contacts
Ben Phillips bphillips@ksmcpa.com
Phone:317.805.2396Ryan Elmore relmore@ksmcpa.com
Phone:317.452.1806Date Effective
May 2023
-
King & Spalding
Primary Contacts
Robert Hudock
rhudock@kslaw.com
Phone: 202-626-5521Phyllis Sumner
psumner@kslaw.com
Phone: 404-572-4799Date Effective
October 2018
-
Primary Contacts
Hal Wolfe
h.wolfe@kirkpatrickprice.com
Phone: 800-977-3154 x106Date Effective
April 2017
-
Primary Contacts
Patricio Garcia
pat@kompleye.com
571.830.5140Date Effective
October 2020
-
Primary Contacts
Nicole Romano
nicoleromano@kpmg.com
Phone: 267-256-1793Meghan Sinn
msinn@kpmg.com
Phone: 267-256-1793*The KPMG name and logo are trademarks used under license
by the independent member firms of the KPMG global organization. KPMG International’s Trademarks are the sole
property of KPMG International and their use here does not
imply auditing by or endorsement of KPMG International
or any of its member firms.Date Effective
July 2016
-
KPMG in India
Primary Contacts
Sundar Ramaswamy
Email: sr@kpmg.comGururaja M
Email: mgururaja@kpmg.comRahul Singhal
Email: rahulsinghal@kpmg.com*The KPMG name and logo are trademarks used under license
by the independent member firms of the KPMG global organization. KPMG International’s Trademarks are the sole
property of KPMG International and their use here does not
imply auditing by or endorsement of KPMG International
or any of its member firms.Date Effective
January 2021
-
Date Effective
April 2017
-
Kratos Defense
Primary Contacts
Ashley Hibbs
CyberSales@KratosDefense.com
Phone: 843.568.2100Date Effective
April 2022
-
Primary Contacts
Elizabeth Orobono
eorobono@latitudeinfosec.com
610-425-9932Date Effective
March 2022
-
Layer 8 Security
Primary Contacts
Keith Wiley
keith.wiley@layer8security.com
Phone: 610-766-7312 x128Kevin Hyde
kevin.hyde@layer8security.com
Phone: 610-766-7312 x106Sonia Lopes
sonia.lopes@layer8security.com
Phone: 610-766-7312 x134Date Effective
September 2019
-
Date Effective
February 2010
-
Primary Contacts
Richard Rieben
richard@linfordco.com
Phone: 937-681-2115Date Effective
November 2017
-
Primary Contacts
Kate Siegrist
KSiegrist@LurieLLP.com
Phone: 612-381-8824Date Effective
October 2019
-
The Mako Group
Primary Contacts
Shane O’Donnell
sodonnell@makpro.com
Phone: 1-877-247-MAKO (6256)Date Effective
May 2020
-
Primary Contacts
Steven Thomas
SThomas@maloneynovotny.com
Phone: 330-470-6012
Dale Dresch
DDresch@maloneynovotny.com
Phone: 216-344-5296Date Effective
November 2018
-
Date Effective
August 2016
-
Primary Contacts
Jameson Miller
Jmiller@mjcpa.com
(423)756-6133Andrew Glenn
Aglenn@mjcpa.com
(423)756-6133Brandon Smith
Brsmith@mjcpa.com
(770)955-8600Date Effective
February 2021
-
Primary Contacts
Justin Frazer, Director
Justin.Frazer@mazarsusa.com
917-256-9417Phil Jones, Director
Philip.Jones@mazarsusa.com
813-760-5347Date Effective
March 2021
-
Meditology Services
Date Effective
May 2015
-
MegaplanIT Holdings, LLC
Primary Contacts
Anthony Petruso
apetruso@megaplanit.com
Phone: 480-696-6536Date Effective
March 2021
-
Primary Contacts
Troy Hawes
troy.hawes@mossadams.com
Phone: 206-302-6529Kevin Villanueva
kevin.villanueva@mossadams.com
Phone: 206-302-6542Date Effective
February 2017
-
NCC Group
Primary Contacts
Kurt Osburn
Kurt.Osburn@NCCGroup.com
Phone: 205-907-7607Joe Meyer
Joe.Meyer@NCCGroup.com
Phone: 402-680-9649Date Effective
November 2017
-
Primary Contacts
Chris Nickell
850-295-0808
cnickell@ndbcpa.comCharles Denyer
214-298-8532
cdenyer@ndbcpa.comDate Effective
July 2021
-
NTT Security
Date Effective
November 2009
-
Optiv
Primary Contacts
- Keith Forrester
Keith.Forrester@optiv.com - Brian Golumbeck
brian.golumbeck@optiv.com
Date Effective
September 2021
- Keith Forrester
-
Optum
Primary Contacts
Brian Scheuber
mycsf_admin_irm@optum.comOptum is not providing external assessment work at this time.
Date Effective
March 2014
-
Primary Contacts
Kevin Brown
kbrown@ostendio.com
Phone: 717-350-6710Mike Skidmore
mskidmore@ostendio.com
Phone: 303-550-4808Date Effective
August 2022
-
Postlethwaite & Netterville (P & N)
Primary Contacts
Paul Douglas
pdouglas@pncpa.com
Phone: 225-408-4421Rachael Higginbotham
rhigginbotham@pncpa.com
Phone: 225-408-4719Date Effective
January 2019
-
Palindrome Technologies
Primary Contacts
Paul Rohmeyer
paul.rohmeyer@palindrometech.com
Phone:908-531-2551Peter Thermos
peter.thermos@palindrometech.com
Phone: (732) 688-0413Date Effective
June 2018
-
Date Effective
July 2016
-
Primary Contacts
Sammy Chowdhury
sammy.chowdhury@prescientsecurity.com
Phone: +1 646 209 7319John Wallace
john.wallace@prescientsecurity.comSteve Seideman
steve.seideman@prescientsecurity.comDate Effective
June 2022
-
Primary Contacts
Dennis Quandt
dennis.h.quandt@pwc.comAdrian Christie
adrian.christie@pwc.comBrent Stevens
brent.c.stevens@pwc.com
Date Effective
March 2011
-
Primary Contacts
Peter Briel
pbriel@privaxi.com
Phone: 786-346-1908Muhammed Abbasi
mabbasi@privaxi.com
Phone: 786-973-1258Akeem Hamilton
ahamilton@privaxi.com
Phone: 754-777-8472Date Effective
April 2022
-
Protiviti
Date Effective
October 2016
-
Primary Contacts
Barry Mathis
bmathis@pyapc.com
Phone: 865-684-2785Date Effective
November 2018
-
Primary Contacts
Shyam Mishra
hitrust@quantum.securityDate Effective
April 2020
-
Primary Contacts
Christian Hyatt
christian.hyatt@risk3sixty.com
Phone: 404-333-1669Christian White
christian.white@risk3sixty.com
Phone: 770-289-3505Date Effective
February 2020
-
RSI Security
Primary Contacts
Administrative/Information Requests:
Nancy Simoes
Jacquilyn Noland
hr@rsisecurity.com
Phone: (858) 999-3030 Ext. 1000Sales Inquiries
John Shin
sales@rsisecurity.com
Phone: (858) 999-3030 Option 1Date Effective
June 2019
-
Date Effective
July 2016
-
Primary Contacts
Doug Kanney, Greg Miller, Gary Nelson
HITRUST@schellman.comPhone: 866-254-0000, Option 1
Date Effective
May 2015
-
Securisea, Inc.
Primary Contacts
Josh Daymont
joshd@securisea.com
Phone: 415-494-8215David Geyer
dgeyer@securisea.com
Phone: 512-773-8531Date Effective
February 2023
-
Security Compliance Associates
Primary Contacts
Brian Fischer
brianf@SCAsecurity.com
Phone: 727-269-5214Date Effective
January 2019
-
Security Metrics
Primary Contacts
Jason Leland
jasonl@securitymetrics.com
Phone: 801-995-6490Lee Pierce
lee@securitymetrics.com
Phone: 801-705-5656Devin Bennett
dbennett@securitymetrics.com
Phone: 801-995-6415Date Effective
June 2019
-
Primary Contacts
Eric Andersen
eandersen@tannerco.com
Phone: 801-924-5118Date Effective
March 2018
-
Techno iQualityHub Innovations LLC (TiQHUB)
Primary Contacts
Manov Saypuri manov_saypuri@tiqhub.com
Phone:(703) 687-8526Mayuri Dublikar mayuri@tiqhub.com
Phone:(703) 457-0084Date Effective
June 2023
-
Date Effective
August 2014
-
Thoropass
Primary Contacts
Jay Trinckes
jay.trinckes@thoropass.com
Phone: 352-339-3887Sebastian Cuéllar
sebastian@thoropass.com
Phone: 703-298-6548Date Effective
April 2022
-
Urbane Security
Primary Contacts
Erin Jacobs
ejacobs@urbanesecurity.com
Phone: 312.313.3733Brianna Violet
sales@urbanesecurity.com
Phone: 312.313.3710Date Effective
October 2019
-
ValueMentor Infosec Limited
Primary Contacts
Indu Raj
hitrust@valuementor.comDavid Joseph
hitrust@valuementor.comAnumod Kaimal
hitrust@valuementor.comDate Effective
March 2023
-
Vicis Law PC
Primary Contacts
Samik Bhattacharyya
samik@vicislaw.com
Phone: 415-881-7262John Bolinguit
john@vicislaw.com
Phone: 415-633-6576Date Effective
January 2020
-
Primary Contacts
Brian Kline
Brian.kline@webbadams.com
Phone: (931)-241-0890Abbie Abbott
Abbie.Abbott@webbadams.comDate Effective
May 2022
-
Date Effective
April 2013
-
Date Effective
February 2017
-
Xpio Group Health, LLC
Primary Contacts
- Thaddeus Dickson
thad@xpiohealth.com
253-651-7482
Date Effective
August 2021
- Thaddeus Dickson
