image for certification

Assessment Certifications

HITRUST Assessment Certifications offer reliable assurances your organization is staying up-to-date with the latest security and privacy standards to ensure that sensitive data is effectively and efficiently safeguarded. Certifications can be critical to success because earning customers and operating capital is increasingly becoming a question of confidence. Customers want assurances that demonstrate effective data protection. Stakeholders want assurances that indicate low levels of risk.

HITRUST Assessment Certification options meet your assurance needs:

HITRUST Implemented, 1-Year (i1) Validated Assessment + Certification

i1 Assessment Implemented 1-year badgeThe HITRUST i1 is a best practices assessment recommended for situations that present moderate risk. The i1 is a new-class of information security assessment that is threat-adaptive with a control set that evolves over time to deliver continuous cyber relevance. The i1 is designed to keep pace with the latest cyberattack threats, including ransomware and phishing. A HITRUST i1 Readiness Assessment is also available.
Learn more about the HITRUST 1-year i1 Assessment + Certification.

HITRUST Risk-Based, 2-Year (r2) Validated Assessment + Certification

HITRUST Assessment r2 badgeFormerly named the HITRUST CSF Validated Assessment, the HITRUST r2 remains the industry gold standard as a risk-based and tailorable assessment that continues to provide the highest level of assurance for situations with greater risk exposure due to data volumes, regulatory compliance, or other risk factors. HITRUST r2 Readiness, Interim, and Bridge Assessments available.
Learn more about the HITRUST 2-year r2 Assessment + Certification.

NIST Cybersecurity Framework Report

NIST Cybersecurity ScorecardA separate NIST CsF Report is provided with each HITRUST Risk-Based, 2-Year (r2) Validated Assessment Report issued as a scorecard detailing your organization’s compliance with NIST Cybersecurity Framework-related controls included in the HITRUST CSF framework. The NIST Cybersecurity Framework Report is not available with a HITRUST Implemented, 1-Year (i1) Validated Assessment.
Learn more about the NIST Cybersecurity Framework Report.

HITRUST streamlines the certification process for your organization, making it easier than ever to protect sensitive information effectively and efficiently. Here’s how you can get started:

1. Download the HITRUST CSF Framework
2. Conduct a HITRUST Risk-based, 2-year (r2) Readiness Assessment (formerly HITRUST CSF Readiness Assessment) or a HITRUST Implemented, 1-Year (i1) Readiness Assessment using the HITRUST MyCSF SaaS platform This allows your organization to self-assess using the standard methodology, requirements, and tools provided under the HITRUST Assurance Program
3. Prepare for a HITRUST Risk-based, 2-year (r2) Validated Assessment (formerly HITRUST CSF Validated Assessment) or a HITRUST Implemented, 1-Year (i1) Validated Assessment In this step, you’ll select your Authorized HITRUST External Assessor to help with the process of preparing for the r2 or the i1 Validated Assessment
4. Undergo r2 Validated Assessment or i1 Validated Assessment process using MyCSF Our HITRUST Assurance Team will audit your r2 Validated Assessment or i1 Validated Assessment and will issue your certification (assuming a passing score)
5. Receive your HITRUST Letter of Certification Maintain r2 certification every 2 years, i1 certifications are valid for 1 year



Download the HITRUST CSF

The HITRUST Approach is built upon the comprehensive and scalable HITRUST CSF framework, which helps organizations of all sizes implement and enhance information risk management and compliance programs. For eligible organizations, the HITRUST CSF is available to download free of charge.


Chat Now

This is where you can start a live chat with a member of our team