Accelerate your HITRUST Journey through Inheritance
The HITRUST Shared Responsibility and Inheritance Program streamlines the HITRUST certification journey and makes it easier and quicker to achieve security certification.
With this program, organizations now can reuse previously certified controls. They can inherit information protection controls from internal shared IT services and external third-party organizations, including vendors and Cloud Service Providers (CSPs).
Major CSPs like Amazon, Google, and Microsoft already are HITRUST certified. This makes it easier for organizations to achieve their certifications as they benefit from already certified controls from their CSPs.
Benefits of the HITRUST Shared Responsibility and Inheritance Program
Clarity
A simple, standardized structure that clearly defines who owns the different cloud security controls to avoid confusion
Transparency
Widely adopted, accessible, and transparent program to efficiently inherit existing control assessment data
Efficient risk management
Seamless communication between organizations and CSPs/vendors to coordinate and share controls equitably
Time and cost saving
Inheritance from prior HITRUST assessments to cut redundancy and save time and money on the certification journey
Learn more about the HITRUST Shared Responsibility and Inheritance Program
Did you know organizations can inherit up to 85% of requirements in a HITRUST assessment from participating CSPs?
HITRUST Shared Responsibility Matrix
The HITRUST Shared Responsibility Matrix (SRM) is a free, easy-to-use baseline template that pre-populates shared responsibility and controls inheritability in shared cloud environments. Leading CSPs and their relying customers widely adopt the HITRUST SRM.
The HITRUST SRM is built on the HITRUST CSF. It simplifies and clarifies the practical application of control sharing and is available in tailored CSP-specific versions, too.
HITRUST Control Inheritance
When performing HITRUST Assessments, Inheritance enables the use of prior HITRUST Validated or Certified Assessment results along with reliance on sharing cloud controls. It extracts control data like statements and results from previous assessments and places them into the new assessment. This is done through MyCSF, HITRUST’s SaaS tool used to perform controls assessments against the HITRUST CSF.
HITRUST supports two types of Inheritance.
Internal Inheritance
Organizations can inherit and repurpose their past control assessment results and scores.
External Inheritance
Organizations can import control assessment results and scores from assessments belonging to their hosting, cloud, or other service providers.