HITRUST r2 Assessment Certifications

r2 Expanded Practices Assessment is the Industry-Recognized Gold Standard for Providing the Highest Level of Information Protection and Compliance Assurance

The HITRUST r2 Validated Assessment is considered the gold standard for information protection assurances because of the comprehensiveness of control requirements, depth of review, and consistency of oversight. The r2 offers flexible, tailorable, risk-based control selection to meet the most stringent risk and compliance factors. With a proactive Expanded Practices approach to cybersecurity and more requirement statements than an e1 or i1, the r2 Assessment consistently provides the highest level of assurance for organizations with the greatest risk exposure.

Ask about the new HITRUST Compliance Insights Report for HIPAA. Generated as an add-on report from MyCSF, this innovative new report evaluates HIPAA regulatory compliance and delivers greater value from your organization’s HITRUST r2 assessment.

Use Cases for the r2 Assessment

r2 as the Final Destination

  • When assurances are needed over specific authoritative sources or international requirements.
  • For organizations processing large amounts of sensitive data and personal information, including PHI.
  • To Assess Once, Report Many™ for enterprises working in multiple industries with complex regulations such as NIST, PCI DSS, HIPAA, and more.
  • During an r2, the MyCSF® Compliance and Reporting Pack for HIPAA automatically compiles HIPAA compliance evidence.
  • When a NIST Scorecard Report is needed to demonstrate compliance with NIST Cybersecurity Framework controls.
  • When an organization’s customer has adopted HITRUST as the required assurance mechanism for doing business.
  • To gain a competitive advantage by strengthening business relationships.
  • To show justification for more favorable cyber insurance premiums.

r2 for Third-Party Risk Management

  • To request from service providers that handle PII, ePHI, and other sensitive data that requires the highest levels of assurance.
  • For third-party vendors that present high levels of risk due to data volumes, regulatory compliance, or other risk factors.
  • When your organization needs added confidence that a business partner provides rigorous cybersecurity protection and compliance.

To learn more and download a detailed datasheet, please complete and submit the form.

Unique Attributes of the HITRUST r2 Assessment

Learn More by comparing all three HITRUST assessment options side-by-side.

To Discuss How the HITRUST Expanded Practices Risk-based, 2-year r2 Validated Assessment + Certification Can Help Improve Your Information Security Program and Assist with Third-Party Information Risk Management

Call: 855-448-7878 or Email: sales@hitrustalliance.net

Download the HITRUST CSF

The HITRUST Approach is built upon the comprehensive and scalable HITRUST CSF framework, which helps organizations of all sizes implement and enhance information risk management and compliance programs. For eligible organizations, the HITRUST CSF is available to download free of charge.


Chat Now

This is where you can start a live chat with a member of our team