HITRUST® to Address Market Gaps in Reliability and Challenges in the Exchange of Security and Privacy Assessments
6.10.2021 16:00:00 EEST | Business Wire | Press release
HITRUST® announced today a major expansion of its assessment portfolio to raise the quality and efficiency of assurances across the spectrum of information assurance needs. HITRUST also is unveiling a new evolutionary approach to streamline the exchange and consumption of assessment results across the ecosystem of relying parties.
HITRUST CSF Certification is the most reliable information assurance report on the market and made possible by the transparency and consistency in the selection of controls, and in the scoring, and validation of controls by both qualified third-party assessors and the HITRUST Assurance and Quality teams. The assurance process is rigorous by design to ensure a high level of assurance in the results provided. However, there are many situations where a moderate or low level of assurance is warranted. Organizations are seeking a broader range of assessment options that require less effort and time to perform while still providing a commensurate level of reliability for moderate- to lower-risk scenarios.
To meet the market needs for varying levels of assurance with higher reliability, HITRUST is adding two new assessment offerings. Like the HITRUST CSF Validated Assessment, these new offerings will aid in understanding control effectiveness as well as cyber preparedness and resilience. With the two new additions, the HITRUST assessment portfolio will include:
- The Basic Current State (bC) Assessment is a “good hygiene” assessment and offers higher reliability than self-assessments and questionnaires by utilizing the HITRUST Assurance Intelligence Engine™ (AI Engine) to identify errors, omissions, and deceit.
- The Implemented One-Year (i1) Validated Assessment is a “best practices” assessment and recommended for situations that present moderate risk or where a baseline risk assessment is needed. The i1 is designed to provide higher levels of transparency, integrity, and reliability over existing moderate assurance reports, with comparable levels of time, effort, and cost. HITRUST Authorized External Assessors will validate i1 assessments.
- The industry standard HITRUST CSF Validated Assessment is a risk-based and tailorable assessment, which continues to provide the highest level of assurance for situations with greater risk exposure due to data volumes, regulatory compliance, or other risk factors. The HITRUST CSF Validated Assessment will be renamed the Risk-based, Two-Year (r2) Validated Assessment.
Until now, most low to moderate risk assessment mechanisms were either self-attested or validated against unsuitable or inconsistent control selection and limited and subjective assurance programs; which makes it difficult for relying parties to understand the control requirements and depth, breadth, and consistency of the assurance process, limiting the usefulness and reliability of the results.
“Often, organizations utilize mid-level assurance reports such as a SOC 2 report because they take less time and effort while being less costly. Unfortunately, these mid-level assurance reports lack the consistency and reliability of more comprehensive assessments like HITRUST,” said John Houston, Vice President of Information Security and Privacy at UPMC. “The HITRUST i1 Assessment fills a gap in the market for a medium assurance assessment that delivers a higher level of reliability and consistency while having a similar effort and cost to a SOC 2 report. And it can help the organization move towards full HITRUST CSF Certification—which organizations like UPMC view as the gold standard.”
While reliability is crucial for assurance, the accessibility, usability, and consumption of the results are just as important if organizations are to manage supply chain risk given evolving cyber threats. The current method of obtaining and consuming assessment results by the relying party often results in delays, inefficiencies, and misinterpretations as it is based on the exchange of PDF files that are reviewed to determine the scope, scoring, and corrective action plans before key information is often manually entered into a third-party risk management (TPRM) system.
To meet the expanding demand for effective information risk management across the supply chain, the HITRUST Results Distribution System (RDS) will enable assessed entities to deliver their HITRUST Assessment results through a secure, centralized reporting hub to relying parties, eliminating the need for exchanging PDFs and the manual review and entry into third-party systems that subsequently occurs. Recipients will be able to customize dashboards to view the results that interest them most, including scope, aggregate, or specific control scores. In addition, integration with GRC/VRM platforms will be available via API.
“For third-party risk management systems to achieve their full potential in helping organizations manage their vendor risk, assessment results need to be electronically shared and consumed,” said Jeremy Fisher, Vice President of Product at Archer. “HITRUST’s Results Distribution System is a big step in making that possible and will be a strong complement to our focus on vendor interaction through Archer Engage.”
The expansion of the HITRUST Assessment Portfolio and the addition of the RDS further extend HITRUST’s position as an innovator and leader in information risk management, compliance, and assurance. HITRUST continues to drive higher assurances and greater efficiencies into the assurance ecosystem. “HITRUST is building upon our market leadership in providing Rely-Able assurances by introducing moderate and low-level information assurance products,” said Bimal Sheth, Executive Vice President, Standards Development and Assurance Operations, HITRUST. “No other assessment or certification organization is able to meet the expanding global market need for information assessments and electronic results distribution.”
The industry standard r2 assessment (HITRUST CSF Validated Assessment) is currently available while the bC and i1 assessments will be offered to the market later this year. Any i1 or r2 assessment submitted with a reservation is backed by a service-level guarantee to deliver the assessment report within 45 days.
To Learn More:
About HITRUST®
Since it was founded in 2007, HITRUST has championed programs that safeguard sensitive information and manage information risk for organizations across all industries and throughout the third-party supply chain. In collaboration with privacy, information security, and risk management leaders from the public and private sectors, HITRUST develops, maintains, and provides broad access to its widely adopted common risk and compliance management frameworks as well as related assessment and assurance methodologies. For more information, visit www.hitrustalliance.net.
To view this piece of content from cts.businesswire.com, please give your consent at the top of this page.
View source version on businesswire.com: https://www.businesswire.com/news/home/20211006005249/en/
Contact information
Media Contact: Marc Fitzpatrick, e: marc.fitzpatrick@hitrustalliance.net, t: 469.269.1230
About Business Wire
For more than 50 years, Business Wire has been the global leader in press release distribution and regulatory disclosure.
Subscribe to releases from Business Wire
Subscribe to all the latest releases from Business Wire by registering your e-mail address below. You can unsubscribe at any time.
Latest releases from Business Wire
teamLab Biovortex Kyoto Welcomes Over 1 Million Visitors within 9 Months of Opening10.7.2026 10:00:00 EEST | Press release
teamLab Biovortex Kyoto has welcomed over 1 million visitors as of July 6, 2026, 9 months after its grand opening. (*1) These visitors arrived from more than 150 countries and regions. International visitors account for approximately 42% of the total. Many of these international visitors travel from distant countries and regions, including the United States, Australia, Canada, the United Kingdom, and Germany. Approximately 30% of these international visitors purchase their tickets at least 30 days in advance. teamLab Biovortex Kyoto is teamLab's largest museum in Japan, with an average visitor stay of over two and a half hours. This press release features multimedia. View the full release here: https://www.businesswire.com/news/home/20260709913938/en/ teamLab Biovortex Kyoto Welcomes Over 1 Million Visitors within 9 Months of Opening *1 According to ticket purchase data from the official teamLab Biovortex Kyoto website (survey period: October 7, 2025 – July 6, 2026) Visitors Comment (M
Robbyant Launches LingBot-VA 2.0 Built Natively for Embodied AI and Physical World Control10.7.2026 09:48:00 EEST | Press release
Robbyant, an embodied AI company within Ant Group, today announced the release of LingBot-VA 2.0, the industry’s first embodied-native video-action world model. This press release features multimedia. View the full release here: https://www.businesswire.com/news/home/20260709654440/en/ A robot powered by LingBot-VA 2.0 engages in a real-time tabletop air hockey match with a human This release marks a key transition in robotics foundation models, shifting from repurposing digital world models to designing them natively for the physical world. Instead of relying on fine-tuned digital content generation models, LingBot-VA 2.0 is built from scratch to meet the original demands of dynamic modeling, causal prediction, and real-time execution in physical environments. Integrating world models with embodied AI has been one of the major focuses of the AI industry. However, most mainstream approaches rely on video generation models designed for digital content, which are then fine-tuned for robo
SureWerx Appoints Erik Pertot as VP/GM SureWerx EMEA10.7.2026 09:00:00 EEST | Press release
SureWerx, a leading global manufacturer of personal protective equipment, safety products, tools and equipment solutions, today announced the appointment of Erik Pertot as VP/GM SureWerx EMEA. Pertot will report directly to CEO Scott Dowell and will lead growth, manufacturing and M&A activities in Europe across the company’s global portfolio. Erik joins SureWerx with more than 20 years of international leadership experience across engineering, quality, marketing, sales, international supply chain, product management, and general management. He brings deep expertise in the personal protective equipment industry, with a track record of leading complex, compliance-critical programs, managing business transitions, and driving growth across multinational environments. Most recently, Pertot served as Global General Manager for Footwear and Fall Protection at Protective Industrial Products (PIP), where he also held senior portfolio management leadership roles. Prior to that, he held a series
IFF to Release Second Quarter 2026 Results on August 4, 20269.7.2026 23:15:00 EEST | Press release
IFF (NYSE: IFF) today announced that it will release its second quarter 2026 earnings results following the market close on Tuesday, August 4, 2026. The management team will host a live webcast on Wednesday, August 5, 2026, at 9:00 a.m. ET to discuss results and outlook with the investor community. Investors may access the live webcast and accompanying slide presentation on the company's website at ir.iff.com. For those unable to listen to the live webcast, a recorded version will be made available for replay. Welcome to IFF At IFF (NYSE: IFF), we make joy through science, creativity and heart. As the global leader in taste, scent, food ingredients, health and biosciences, we’re innovating for the future. Every day, we deliver groundbreaking, sustainable solutions that elevate products people love — advancing wellness, delighting the senses and enhancing the human experience. Learn more at iff.com, LinkedIn, Instagram and Facebook. View source version on businesswire.com: https://www.b
DEWA International Launched as a Wholly Owned Independent Subsidiary of DEWA to Develop Global Energy and Water Projects9.7.2026 19:07:00 EEST | Press release
HH Sheikh Ahmed bin Saeed Al Maktoum, Chairman of the Dubai Supreme Council of Energy, announced the establishment of ‘DEWA International’, a wholly owned independent subsidiary of Dubai Electricity and Water Authority (DEWA). The company aims to develop conventional and clean energy projects worldwide and export Dubai’s successful energy and water infrastructure model to global markets. This press release features multimedia. View the full release here: https://www.businesswire.com/news/home/20260709099653/en/ DEWA International launched as a wholly owned independent subsidiary of DEWA to develop global energy and water projects (Photo: AETOSWire) HH Sheikh Ahmed bin Saeed Al Maktoum said: “Thanks to the vision and directives of His Highness Sheikh Mohammed bin Rashid Al Maktoum, Vice President and Prime Minister of the UAE and Ruler of Dubai, Dubai has become a global model for achievement and accelerated development. Through its world-class infrastructure, particularly in the energy
In our pressroom you can read all our latest releases, find our press contacts, images, documents and other relevant information about us.
Visit our pressroom
