Solving for Vendor Risk and Assurance Challenges in the Cloud

HITRUST is addressing the challenges organizations face when engaging with their cloud service providers by creating the industry’s first commonly-accepted model for sharing control responsibility in the cloud—the HITRUST Shared Responsibility Model (HITRUST SRM).

Benefits of adopting a common model to share cloud control security and privacy:

  • Ensures cloud service providers can communicate appropriate security and privacy assurances relating to the controls associated with the services a customer is using
  • Supplies better guidance on the delineation of control ownership, including clarifying the more nuanced, partially shared controls that organizations rely upon
  • Simplifies the process of a cloud customers’ own assurance processes by enabling and streamlining control inheritance, while promoting full awareness and managed risk (Assess Once, Inherit Many)

The HITRUST Shared Responsibility Matrix

The HITRUST Shared Responsibility Matrix (HITRUST SR Matrix) is a resource that helps customers have a productive dialogue around cloud supply chain risk, helping reach an agreement on how to parse out control responsibility and control inheritance between tenants and cloud service providers.

  • An “out-of-box” baseline template with pre-populated shared responsibility and inheritance for the cloud.
  • Powered by the HITRUST CSF, it includes more than 2,000 detailed security and privacy control requirements that are mapped to the most common global regulatory and compliance framework authoritative sources.
  • Leading cloud service providers have partnered with HITRUST to jointly publish Shared Responsibility Matrices specific to their HITRUST CSF-compliant service offerings.

Downloadable HITRUST Shared Responsibility Matrices

Amazon Web Services (AWS)   Google Cloud   Microsoft Azure

Note: The control summary download version of the HITRUST SR Matrix V1.1 is included in the HITRUST CSF download package,
and the full version can be downloaded from the References page of the HITRUST MyCSF portal.

If you are interested in learning more about the Shared Responsibility and Inheritance Program, please complete the following online form:

View Relevant Resources

Chat Now

This is where you can start a live chat with a member of our team