The foundation of all HITRUST programs and services is the HITRUST CSF, a certifiable framework that provides organizations with a comprehensive, flexible, and efficient approach to regulatory compliance and risk management.
Developed in collaboration with data protection professionals, the HITRUST CSF rationalizes relevant regulations and standards into a single overarching security and privacy framework. Because the HITRUST CSF provides a risk-based approach to information protection and compliance, organizations of varying risk profiles can customize the security and privacy control baselines through a variety of organizational, technical, and compliance risk factors.
The HITRUST CSF provides the structure, transparency, guidance, and cross-references to authoritative sources organizations globally need to be certain of their data protection compliance.
What is the process for my organization to achieve HITRUST CSF Certification?
The organization should first determine the business drivers for attempting certification which should include identifying key stakeholders, defining scope, and selecting an Authorized External Assessor Organization. HITRUST recommends a Readiness Assessment be performed to prepare organizations for the Validated Assessment. Organizations can involve Authorized Internal and External Assessor Organizations as part of the Readiness Assessment. Based upon the results of the Readiness Assessment the organization should develop a remediation plan and work with their Authorized External Assessor Organization to define timing of the Validated Assessment. Prior to beginning the Validated Assessment the organization will need to purchase a Validated Assessment object from HITRUST if they are not a subscriber. The organization will need to complete the Validated Assessment using the MyCSF tool and then the Authorized External Assessor Organization will be required to perform the validation/audit work. Once the Authorized External Assessor Organization’s work is complete, they submit the assessment to HITRUST for review. HITRUST will perform quality assurance procedures, create a report and, depending on the scores in the report, will issue a Letter of Certification.
Learn more about HITRUST CSF Assessments
and the journey to HITRUST CSF Certification.