What is it?
The HITRUST CSF® is a targeted, controls-based risk framework that incorporates international and national frameworks and standards including NIST, HIPAA, ISO, PCI, and others to provide organizations with a more cost-effective means to satisfy industry, regulatory, and client requirements.
Why get it?
The HITRUST CSF is a certifiable framework that helps organizations address internal risk management, third-party risk management, and compliance needs in lieu of proprietary information security questionnaires and onsite audits.
Reasons to leverage the HITRUST CSF and attain formal certification:
- A prescriptive, certifiable, rigorous approach to accurately evaluate your organization’s current risk management posture
- Customize a set of risk-based controls that meets your organization’s industry, regulatory,
and client needs
- Integrates and harmonizes other risk management frameworks for ease of reporting
- Communicate your security program to regulators, clients, and other stakeholders with transparency and consistency in a repeatable fashion
Each organization that is HITRUST CSF Certified is required to adhere to a minimum baseline of controls. However, the required controls can be scaled to appropriately fit the organization’s type, size, and complexity – all having formal classifications in the HITRUST CSF. You can include GDPR, HIPAA, NIST, SOC 2, and others as part of the certification.
How does it work?
Attaining HITRUST CSF Certification requires undergoing a formal third-party assessment from an approved HITRUST External Assessor.
Interested organizations should contact Layer 8 Security to learn more about the process, including:
- Understanding the certification process from start to finish
- Defining what will be in-scope for the assessment
- Identifying your organization’s tailored baseline
- Preparing your organization for the assessment
- Receiving the certification and maintaining compliance
About HITRUST – HITRUST champions programs that safeguard sensitive information and manage information risk for global organizations across all industries and throughout the third-party supply chain. In collaboration with privacy, information security and risk management leaders from the public and private sectors, HITRUST develops, maintains and provides broad access to its widely-adopted common risk and compliance management frameworks, related assessment and assurance methodologies.
HITRUST understands the challenges of assembling and maintaining the many and varied programs needed to manage information risk and compliance. The HITRUST Approach provides organizations a comprehensive information risk management and compliance program to provide an integrated approach that ensures all programs are aligned, maintained and comprehensive to support an organization’s information risk management and compliance objectives.