SRM banner image

Solving for Vendor Risk and Assurance Challenges in the Cloud

HITRUST is addressing the challenges organizations face when engaging with their cloud service providers by creating the industry’s first commonly-accepted model for sharing control responsibility in the cloud—the HITRUST Shared Responsibility Model (HITRUST SRM).

Benefits of adopting a common model to share cloud control security and privacy:

  • Ensures cloud service providers can communicate appropriate security and privacy assurances relating to the controls associated with the services a customer is using
  • Supplies better guidance on the delineation of control ownership, including clarifying the more nuanced, partially shared controls that organizations rely upon
  • Simplifies the process of a cloud customers’ own assurance processes by enabling and streamlining control inheritance, while promoting full awareness and managed risk (Assess Once, Inherit Many)

The HITRUST Shared Responsibility Matrix

The HITRUST Shared Responsibility Matrix (HITRUST SR Matrix) is a resource that helps customers have a productive dialogue around cloud supply chain risk, helping reach an agreement on how to parse out control responsibility and control inheritance between tenants and cloud service providers.

  • An “out-of-box” baseline template with pre-populated shared responsibility and inheritance for the cloud.
  • Powered by the HITRUST CSF, it includes more than 2,000 detailed security and privacy control requirements that are mapped to the most common global regulatory and compliance framework authoritative sources.
  • Leading cloud service providers have partnered with HITRUST to jointly publish Shared Responsibility Matrices specific to their HITRUST CSF-compliant service offerings.

If you are interested in learning more about the Shared Responsibility and Inheritance Program, please complete the following online form:

Download the HITRUST CSF

The HITRUST Approach is built upon the comprehensive and scalable HITRUST CSF framework, which helps organizations of all sizes implement and enhance information risk management and compliance programs. For eligible organizations, the HITRUST CSF is available to download free of charge.


View Relevant Resources

Chat Now

This is where you can start a live chat with a member of our team