Assessment Certifications
HITRUST Assessment Certification options meet your assurance needs:
HITRUST Essentials, 1-Year (e1) Validated Assessment
The HITRUST e1 Assessment adds efficiency and flexibility to the HITRUST portfolio by covering basic Foundational Cybersecurity practices that address the assurance needs of lower-risk organizations. The e1 also provides an excellent starting point for enterprises that are in the early stages of implementing their information security controls.
Learn more about the HITRUST e1 Assessment + Certification.
HITRUST Implemented, 1-Year (i1) Validated Assessment + Certification
The HITRUST i1 Assessment leverages a proven set of HITRUST-curated controls designed to ensure that an organization is exercising Leading Security Practices. The i1 provides reliable assurances against current and emerging cyber threats to help establish a strong and broad information security program. A HITRUST i1 Readiness Assessment and an i1 Rapid Recertification Assessment are also available.
Learn more about the HITRUST i1 Assessment + Certification.
HITRUST Risk-Based, 2-Year (r2) Validated Assessment + Certification
The HITRUST r2 Validated Assessment is considered the gold standard for information protection assurances because of the comprehensiveness of control requirements, depth of review, and consistency of oversight. The r2 offers flexible, tailorable, risk-based control selection to meet the most stringent needs for organizations processing sensitive information or facing challenging regulatory requirements. HITRUST r2 Readiness, Interim, and Bridge Assessments available.
Learn more about the HITRUST r2 Assessment + Certification.
NIST Cybersecurity Framework Report
A separate NIST CsF Report is provided with each HITRUST Risk-Based, 2-Year (r2) Validated Assessment Report issued as a scorecard detailing your organization’s compliance with NIST Cybersecurity Framework-related controls included in the HITRUST CSF framework. The NIST Cybersecurity Framework Report is not available with an e1 or i1 Assessment.
Learn more about the NIST Cybersecurity Framework Report.
HITRUST streamlines the certification process for your organization, making it easier than ever to protect sensitive information effectively and efficiently. Here’s how you can get started:
| 1. Download the HITRUST CSF Framework | |
| 2. Conduct a HITRUST Risk-based, 2-year (r2) Readiness Assessment, a HITRUST Implemented, 1-Year (i1) Readiness Assessment, or a HITRUST Essentials, 1-year (e1) Readiness Assessment using the HITRUST MyCSF SaaS platform | This allows your organization to self-assess using the standard methodology, requirements, and tools provided under the HITRUST Assurance Program |
| 3. Prepare for a HITRUST Risk-based, 2-year (r2) Validated Assessment, a HITRUST Implemented, 1-Year (i1) Validated Assessment, or a HITRUST Essentials, 1-year (e1) Validated Assessment | In this step, you’ll select your Authorized HITRUST External Assessor to help with the process of preparing for the r2, i1, or e1 Validated Assessment |
| 4. Undergo r2 Validated, i1 Validated, or e1 Validated Assessment process using MyCSF | Our HITRUST Assurance Team will audit your r2 Validated Assessment, i1 Validated, or e1 Validated Assessment, and will issue your certification (assuming a passing score) |
| 5. Receive your HITRUST Letter of Certification | Maintain r2 Certification every 2 years. i1 Certifications are valid for 1 year (i1 Rapid Recertification available). e1 Certifications are valid for 1 year. |
Download the HITRUST CSF
The HITRUST Approach is built upon the comprehensive and scalable HITRUST CSF framework, which helps organizations of all sizes implement and enhance information risk management and compliance programs. For eligible organizations, the HITRUST CSF is available to download free of charge.
