The HITRUST e1 Assessment is designed to cover basic Foundational Cybersecurity practices that address the assurance needs of lower-risk organizations. The e1 requires less effort to complete and falls below the level of assurance conveyed by the more rigorous HITRUST i1 and r2 Assessments.

Use Cases for the e1 Assessment

e1 as the Final Destination

• As a reliable information security assurance to demonstrate that low-risk enterprises have foundational cybersecurity in place.
• As a faster assessment option to obtain assurances, establish benchmarks, and identify coverage gaps.
• For small organizations or start-ups to differentiate themselves in the marketplace.
• To get meaningful assurance reports for Merger/Acquisition partners, new business units, or recently deployed technology platforms.
• To show justification for more favorable cyber insurance premiums.

e1 as a Stepping-Stone

• For organizations that need additional time to implement the more robust control environment needed for HITRUST i1 or r2 Assessments.
• As a milestone to show progress towards an i1 or r2.
• For enterprises that are new to HITRUST to get started.

e1 for Third-Party Risk Management

• To evaluate or onboard third-party business partners.
• To request assurances from service providers who handle limited-PII business processes, such as: Sales/Marketing Agencies, Call Centers, Facility Managers, Research Partners, Insurance Brokers, Financial Brokers, Advisors, Auditors, and Others.