The HITRUST Implemented, 1-Year (i1) Validated Assessment leverages a proven set of HITRUST-curated controls designed to ensure that an organization is exercising Leading Security Practices to implement a strong and broad cybersecurity program. The i1 Assessment falls between the level of assurance conveyed by the more foundational HITRUST e1 Essentials and the more rigorous r2 Expanded Practices Risk-based Assessments. i1 Rapid Recertification dramatically simplifies the i1 recertification process.

Use Cases for the i1 Assessment

i1 as the Final Destination

• For reliable measurement and assurance against a robust portfolio of cybersecurity controls.
• To demonstrate broad protection against current and emerging threats, which can help meet contractual and compliance obligations.
• To show justification for more favorable cyber insurance premiums.

i1 as a Stepping-Stone

• When organizations need a certification step while on the path to a HITRUST r2 Assessment.

i1 for Third-Party Risk Management

• To ensure that business partners are using leading security practices for reliable information protection.
• To establish a meaningful benchmark for third-party service providers progressing their cybersecurity programs.