HITRUST CSF expanded to include additional community-based security and privacy control objectives and requirements
FRISCO, Texas – August 26, 2020 – HITRUST, a leading data protection standards development and certification organization, today announced that it has incorporated an additional Community Supplemental Requirement (CSR)—a customized set of security and privacy control objectives and requirements unique to a specific community of interest or organizations. The HITRUST CSF framework and HITRUST MyCSF assessment platform will continue to be updated to incorporate additional CSRs, which will be announced as they become available.
We recognize that organizations such as industry groups, state agencies, or consortiums may want to impose unique requirements on their constituents or participants. In many cases, these may not be new security or privacy controls, but more specific implementation requirements, which HITRUST defines as CSRs, versus authoritative sources, which are public standards, international, federal, or state regulations, or widely leveraged frameworks. The advantage of the CSR program is it allows these requirements to be assessed as part of a larger HITRUST CSF Assessment, reducing redundant assessments.
“HITRUST has been a leader in delivering solutions to address the unique security and privacy needs of organizations across all industries,” explained Jason Taule, Vice President and Chief Information Security Officer for HITRUST. “We continually strive to support the community and help organizations that seek to maximize their information protection and compliance program investments.”
Having a certifiable framework—like the HITRUST CSF—provides organizations with a comprehensive, flexible, and efficient approach to regulatory compliance and information risk management. The commitment and expertise demonstrated by HITRUST ensure that organizations leveraging the framework are prepared when new security and privacy regulations and business models are introduced and threats are identified, which is why the HITRUST CSF has become the most widely adopted security and privacy framework across all industries globally. Reducing additional assessments builds on a promise that enables organizations to ‘Assess Once, Report Many.’
HITRUST provides the capability for CSR requirements to be incorporated, harmonized, and selected for inclusion during the assessment process and then included in the HITRUST CSF Assessment Report, utilizing the MyCSF platform. As the best-in-class Software as a Service (SaaS) information risk management platform, MyCSF makes it easy and cost-effective for an organization to manage information risk and compliance concerning security and privacy.
If your organization has specific information security and privacy requirements for partners and wishes to explore leveraging the HITRUST CSR program to streamline the process of providing assurances for your constituents, HITRUST welcomes inquiries at firstname.lastname@example.org.
HITRUST delivers focused, ‘rely-able’ market solutions, such as the HITRUST Approach™. This industry-leading approach provides organizations an integrated information risk management and compliance solution that ensures all components are aligned, maintained, and comprehensive to support information risk management and compliance objectives for any enterprise, anywhere in the world.
To download the HITRUST CSF, go to: https://hitrustalliance.net/hitrust-csf/
To learn more about MyCSF, visit: https://hitrustalliance.net/mycsf/