SRM banner image

Optimal Managed Risk Solutions for Sharing Information Security Control Assurances

The HITRUST Shared Responsibility and Inheritance Program includes two highly innovative, efficient, integrated solutions that combine to create a unique means to save time and money by automatically identifying and importing control testing results and scoring from prior HITRUST Validated or Certified Assessments.

The HITRUST Shared Responsibility and Inheritance Program allows organizations to place reliance on shared information protection controls that are available from internal shared IT services and external third-party organizations, including: service providers, vendors and suppliers of cloud-enabled applications and technology platforms (SaaS and IaaS/PaaS), colocation (colo) data center hosting services, and other managed services.

HITRUST Shared Responsibility and Inheritance Benefits

Manages Cyber Risk More Efficiently

  • Stimulates productive communication with cloud and other service providers that aligns understanding and logistics to share controls equitably.

Delivers Greater Clarity and Efficiency

  • Provides a simplified methodology and standardized structure to define and manage information security control ownership, especially for the nuanced, partially shared controls in cloud environments.

Reduces Time and Effort

  • The HITRUST MyCSF best-in-class information risk management platform enables Assess Once, Inherit Many™ capabilities by streamlining controls reliance using Inheritance from prior HITRUST Validated or Certified Assessments.

If you are interested in learning more about the Shared Responsibility and Inheritance Program, please complete the following online form:

The HITRUST Shared Responsibility Matrix

Comprehensive Blueprint to Facilitate the Sharing of Controls
The HITRUST Shared Responsibility Matrix® (HITRUST SRM) is a no-cost, easy-to-use, out-of-box, baseline template with pre-populated shared responsibility and controls inheritability that are perfectly suitable for shared cloud environments. Commonly adopted by leading cloud service providers and their user communities of relying customers.


Uses the widely-adopted HITRUST CSF, which is a single framework that includes over 40 authoritative sources and more than 2,000 security and privacy control requirements in a tailorable and flexible control library, which is harmonized and mapped to each source. Tailored for HITRUST Inheritance Providers as a benefit for customers to download HITRUST SRMs to guide inheritability from HITRUST Validated or Certified Assessments.

HITRUST Control Inheritance

Reduces Time, Effort, and Cost by Inheriting Control Scoring, Assessment Information, and Results
When performing HITRUST Assessments, Inheritance optimizes the use of prior HITRUST Validated or Certified Assessment results along with reliance on sharing cloud controls.

MyCSF External Inheritance*. With a HITRUST MyCSF subscription, organizations can import control assessment results and scores from other HITRUST i1 or r2 Validated Assessments that have been published (enabled) for External Inheritance by hosting, cloud, or other service providers with a Corporate or Premier MyCSF subscription. The Shared Responsibility Matrix aids External Inheritance.

MyCSF Internal Inheritance. Organizations can leverage and repurpose their own prior controls assessment results and scores that are internally inheritable to or from other HITRUST Assessments belonging to that same organization. Reusing all or part of existing assessment results allows scoping centralized and decentralized control environments into smaller sub-divisions without the duplication of evidence-gathering and controls testing, scoring, and commentary.

While each organization is unique, many save significant time, effort, and cost on their HITRUST Assessments by inheriting up to 60% of the controls from their cloud service providers.*

*To take advantage of HITRUST Inheritance, service providers must have an appropriate MyCSF subscription and current HITRUST Validated or Certified Assessment

Download the Shared Responsibility and Inheritance Program Datasheet.

Learn more about the Shared Responsibility Matrix and Inheritance Program.

For additional information about how the unique HITRUST Shared Responsibility Matrix or Control Inheritance functionality can benefit your organization:

Contact your HITRUST Product Specialist
Call: 855-448-7878 or Email:

View Relevant Resources

Chat Now

This is where you can start a live chat with a member of our team