External Assessors are organizations that have been approved by HITRUST for performing assessment and services associated with the CSF Assurance Program and the HITRUST CSF, a comprehensive security framework that incorporates the existing security requirements of organizations.
External Assessors are critical to HITRUST’s efforts to provide trained resources to organizations of varying size and complexity to assess compliance with security control requirements and document corrective action plans that align with the HITRUST CSF.
Search for a HITRUST Authorized External Assessor below.
**Each HITRUST External Assessor Organization (“EA Organization”) has been through a vetting process and demonstrated the ability to perform HITRUST CSF Assessments. The HITRUST vetting process includes reviewing policies and procedures and the background of the individuals performing the assessments. All EA Organizations are required to maintain at least 5 CCSFPs and 2 CHQPs employed within their organization at all times.
Obtaining an EA Organization status indicates that the EA Organization has met all HITRUST requirements to perform HITRUST CSF Assessments and has demonstrated an apparent ability to perform HITRUST CSF Assessments successfully. Although HITRUST strives to ensure that the list of EA Organizations on this webpage remains current and that the EA Organizations continue to meet our standards, HITRUST cannot guarantee that any EA Organization will be successful in their role as an EA Organization on any specific engagement.
*The KPMG name and logo are trademarks used under license by the independent member firms of the KPMG global organization. KPMG International’s Trademarks are the sole property of KPMG International and their use here does not imply auditing by or endorsement of KPMG International or any of its member firms.Search for an Assessor
Internal Assessors are those personnel who facilitate the CSF Assessment process by performing in-house testing in advance of an External Assessor’s validated assessment fieldwork. Internal Assessors are in-house or outsourced CCSFPs who are typically positioned within, or engaged by, an assessed entity’s Internal Audit Department, but could also be positioned within or engaged by any department meeting specific objectivity requirements, resource qualification requirements, and approval by HITRUST (through a defined application process).
Internal Assessors are part of an “Internal Assessment Function.” This function will typically be an Internal Audit Department or a team of consultants, but is not required to be as long as specific objectivity, competence, and application approval requirements are met.Read More