Organizations today are facing a new universal challenge. Access to capital and customers is increasingly becoming a question of confidence. Stakeholders want assurances towards little or no risk. Customers want assurances towards data protection. It is an enormous, complex, and costly challenge for organizations to provide these assurances.

HITRUST can help with protecting your data and managing information risk all in one comprehensive way, the HITRUST Approach. We know that building and running a robust information risk management and compliance program can be overwhelming, resource-intensive, and costly.

HITRUST offers two assessment certification options to meet the assurance needs of just about any organization:

  • HITRUST Implemented, 1-Year (i1) Validated Assessment. The i1 is a “best practices” assessment recommended for situations that present moderate risk. The i1 is a new-class of information security assessment that is threat-adaptive with a control set that evolves over time to deliver continuous cyber relevance. The i1 is designed to provide higher levels of transparency, integrity, and reliability over existing moderate assurance reports, with comparable levels of time, effort, and cost. A HITRUST i1 Readiness Assessment is also available.
  • HITRUST Risk-Based, 2-Year (r2) Validated Assessment. Formerly named the HITRUST CSF Validated Assessment, the r2 remains the industry gold standard as a risk-based and tailorable assessment that continues to provide the highest level of assurance for situations with greater risk exposure due to data volumes, regulatory compliance, or other risk factors. HITRUST r2 Readiness, Interim, and Bridge Assessments are also available. With each HITRUST r2 Validated Assessment Report issued, HITRUST includes a scorecard detailing your organization’s compliance with NIST Cybersecurity Framework-related controls included in the HITRUST CSF framework.

HITRUST streamlines the certification process for your organization, making it easier than ever to protect sensitive information effectively and efficiently. Here’s how you can get started:

1. Download the HITRUST CSF Framework
2. Conduct a HITRUST Risk-based, 2-year (r2) Readiness Assessment (formerly HITRUST CSF Readiness Assessment) ) or a HITRUST Implemented, 1-Year (i1) Readiness Assessment using our software, MyCSF This allows your organization to self-assess using the standard methodology, requirements, and tools provided under the HITRUST Assurance Program.
3. Prepare for a HITRUST Risk-based, 2-year (r2) Validated Assessment (formerly HITRUST CSF Validated Assessment) or a HITRUST Implemented, 1-Year (i1) Validated Assessment In this step, you’ll select your Authorized HITRUST External Assessor to help with the process of preparing for the r2 or the i1 Validated Assessment.
4. Undergo r2 Validated Assessment or i1 Validated Assessment process using MyCSF Our HITRUST Assurance Team will audit your r2 Validated Assessment or i1 Validated Assessment and will issue your certification (assuming a passing score)
5. Receive your HITRUST Letter of Certification Maintain r2 certification every 2 years, i1 certifications are valid for 1 year


Ready to learn more?

View Relevant Resources


Download the HITRUST CSF

The HITRUST Approach is built upon the comprehensive and scalable HITRUST CSF framework, which helps organizations of all sizes implement and enhance information risk management and compliance programs. To get started streamlining your information protection efforts, DOWNLOAD THE HITRUST CSF AT NO CHARGE!


Chat Now

This is where you can start a live chat with a member of our team