HITRUST bC Assessment page banner image

Verified Self-assessment Focused on Good Information Security Hygiene Controls

The HITRUST bC Assessment is a verified good hygiene information security self-assessment that offers better consistency, improved accuracy, and more flexibility than other types of self-assessments. The bC is a fast, low-effort, low-cost tool ideal for providing basic assurances for your business partners and stakeholders, pulling internal reports for your management team, or evaluating the current status of your information protection program(s). A primary benefit of using the HITRUST bC Assessment instead of standardized information-gathering questionnaires or other self-assessment mechanisms is that it uses the HITRUST Assurance Intelligence Engine (AIE) to deliver automated quality assurance and greater reliability with less time and effort.

HITRUST Assurance Intelligence Engine Provides Verification

The HITRUST Assurance Intelligence Engine uses a patent pending approach to analyze and verify bC Assessment documentation for oversights, inconsistencies, and errors. Using the HITRUST MyCSF platform, the AIE performs an automated, real-time analysis against thousands of data points to proactively identify potential quality issues and provide detailed recommendations for remedial actions. By using the AIE to pinpoint and fix problems before completion, the bC Assessment provides a greater level of reliability as compared to other self-attestation methods. As a result, the bC ultimately saves organizations time by reducing the need to manually validate responses and increases confidence in the accuracy of information provided.

Learn More

Where and When to Use the HITRUST bC Self-Assessment:

Establishes a Starting Point for HITRUST Assurances
Saves money by evaluating current information security program strength before investing in a more rigorous HITRUST Implemented 1-year (i1) or a HITRUST Risk-based 2-year (r2) Assessment. For easier migration, coverage of all 71 bC requirements is represented in the i1.
Provides Assurances for Relying Parties
Offers a faster, easier method you can do yourself to show the coverage needed to answer data protection requests from business partners and stakeholders. Results can be included in proposals, contracts, and cyber security insurance applications/renewals.
Prepares Risk Reports for Internal Management
Provides a flexible, easy-to-create overview of current information security practices. Excellent for larger organizations to evaluate and compare internal business units.
Improves Decision-Making During M&A Activities
Helps establish information protection posture of potential acquisition partners as part of due diligence or after another business has joined your organization.
Obtains Assurances from Business Partners and Vendors
Offers a streamlined, less expensive option to request good security hygiene assurances from vendors you hire that don’t handle a significant volume of sensitive data, so don’t require higher levels of assurance.

Your Supply Chain Ecosystem could include:

  • Service Providers executing non-PHI or limited-PII business processes for your organization, such as: Sales/Marketing Agencies, Call Center Reps, Facility Managers, and Others.
  • Research Partners that come into contact with lead data, customer records, or proprietary information.
  • Insurance Brokers that sit between health plans, life/disability insurers and other underwriters, and employers/employees.
  • Financial Brokers/Dealers/Advisors/Auditors with access to brokerage accounts, financial data, and personal information.
  • Other Vendors/Suppliers/Professional Services Firms from whom you require information protection assurances.

How the bC Fits into the Full HITRUST Assessment Portfolio

All HITRUST Assessments leverage a single assurance methodology, framework, and assessment platform, along with the HITRUST Assurance Intelligence Engine and Results Distribution System.

  • Compared to the other HITRUST Assessments, the bC self-assessment delivers relatively easy-to-obtain results that fall below the level of assurance conveyed by the HITRUST Implemented 1-year (i1) or the more rigorous HITRUST Risk-based 2-year (r2) Assessments.
  • The i1 and r2 offer HITRUST Certifications, however the bC Self-assessment does not.
  • The bC Assessment is faster because it does not require selection, scoring, and validation by a qualified third-party external assessor firm or the HITRUST Assurance and Quality teams, whereas the i1 and r2 Assessments do.
  • The cost, time, and level of effort required for a bC is significantly less due to fewer control requirement statements and saving the expense of using outside services.

Learn more by comparing the HITRUST Assessments side-by-side.

Leverages the Proven HITRUST Approach

  • Uses the HITRUST CSF framework, which harmonizes multiple standards and authoritative sources, provides prescriptive and granular control requirements, and leverages a common assurance methodology. For eligible organizations, the HITRUST CSF is available to download free of charge.
  • Offers control flexibility to tailor and include only the requirements requested by relying parties or for internal reports. For example: If you only need specific risks/controls, you can build a targeted assessment by selecting the exact requirements from the available controls library.
  • Provides flexible ways to perform, report, store, and access bC Assessments including: As part of a MyCSF subscription, in bundles, or as a report only option. When used with MyCSF subscriptions, offers control Inheritance benefits.
  • Allows carve-outs of control requirements handled by service providers, including cloud hosting platforms.
  • Allows for the assessment information to be “verified” with a significant level of automated quality assurance review through the HITRUST Assurance Intelligence Engine.
  • Shares assurances and documentation through the HITRUST Results Distribution System and the HITRUST Assessment XChange.

Download the bC Self-assessment Datasheet.

For More Information About the bC Self-assessment:

Contact your HITRUST Product Specialist
Call: 855-448-7878 or Email: sales@hitrustalliance.net

Download the HITRUST CSF

The HITRUST Approach is built upon the comprehensive and scalable HITRUST CSF framework, which helps organizations of all sizes implement and enhance information risk management and compliance programs. For eligible organizations, the HITRUST CSF is available to download free of charge.


Chat Now

This is where you can start a live chat with a member of our team