Business Wire

HITRUST® to Address Market Gaps in Reliability and Challenges in the Exchange of Security and Privacy Assessments

6.10.2021 16:00:00 EEST | Business Wire | Press release

Share

HITRUST® announced today a major expansion of its assessment portfolio to raise the quality and efficiency of assurances across the spectrum of information assurance needs. HITRUST also is unveiling a new evolutionary approach to streamline the exchange and consumption of assessment results across the ecosystem of relying parties.

HITRUST CSF Certification is the most reliable information assurance report on the market and made possible by the transparency and consistency in the selection of controls, and in the scoring, and validation of controls by both qualified third-party assessors and the HITRUST Assurance and Quality teams. The assurance process is rigorous by design to ensure a high level of assurance in the results provided. However, there are many situations where a moderate or low level of assurance is warranted. Organizations are seeking a broader range of assessment options that require less effort and time to perform while still providing a commensurate level of reliability for moderate- to lower-risk scenarios.

To meet the market needs for varying levels of assurance with higher reliability, HITRUST is adding two new assessment offerings. Like the HITRUST CSF Validated Assessment, these new offerings will aid in understanding control effectiveness as well as cyber preparedness and resilience. With the two new additions, the HITRUST assessment portfolio will include:

  • The Basic Current State (bC) Assessment is a “good hygiene” assessment and offers higher reliability than self-assessments and questionnaires by utilizing the HITRUST Assurance Intelligence Engine™ (AI Engine) to identify errors, omissions, and deceit.
  • The Implemented One-Year (i1) Validated Assessment is a “best practices” assessment and recommended for situations that present moderate risk or where a baseline risk assessment is needed. The i1 is designed to provide higher levels of transparency, integrity, and reliability over existing moderate assurance reports, with comparable levels of time, effort, and cost. HITRUST Authorized External Assessors will validate i1 assessments.
  • The industry standard HITRUST CSF Validated Assessment is a risk-based and tailorable assessment, which continues to provide the highest level of assurance for situations with greater risk exposure due to data volumes, regulatory compliance, or other risk factors. The HITRUST CSF Validated Assessment will be renamed the Risk-based, Two-Year (r2) Validated Assessment.

Until now, most low to moderate risk assessment mechanisms were either self-attested or validated against unsuitable or inconsistent control selection and limited and subjective assurance programs; which makes it difficult for relying parties to understand the control requirements and depth, breadth, and consistency of the assurance process, limiting the usefulness and reliability of the results.

“Often, organizations utilize mid-level assurance reports such as a SOC 2 report because they take less time and effort while being less costly. Unfortunately, these mid-level assurance reports lack the consistency and reliability of more comprehensive assessments like HITRUST,” said John Houston, Vice President of Information Security and Privacy at UPMC. “The HITRUST i1 Assessment fills a gap in the market for a medium assurance assessment that delivers a higher level of reliability and consistency while having a similar effort and cost to a SOC 2 report. And it can help the organization move towards full HITRUST CSF Certification—which organizations like UPMC view as the gold standard.”

While reliability is crucial for assurance, the accessibility, usability, and consumption of the results are just as important if organizations are to manage supply chain risk given evolving cyber threats. The current method of obtaining and consuming assessment results by the relying party often results in delays, inefficiencies, and misinterpretations as it is based on the exchange of PDF files that are reviewed to determine the scope, scoring, and corrective action plans before key information is often manually entered into a third-party risk management (TPRM) system.

To meet the expanding demand for effective information risk management across the supply chain, the HITRUST Results Distribution System (RDS) will enable assessed entities to deliver their HITRUST Assessment results through a secure, centralized reporting hub to relying parties, eliminating the need for exchanging PDFs and the manual review and entry into third-party systems that subsequently occurs. Recipients will be able to customize dashboards to view the results that interest them most, including scope, aggregate, or specific control scores. In addition, integration with GRC/VRM platforms will be available via API.

“For third-party risk management systems to achieve their full potential in helping organizations manage their vendor risk, assessment results need to be electronically shared and consumed,” said Jeremy Fisher, Vice President of Product at Archer. “HITRUST’s Results Distribution System is a big step in making that possible and will be a strong complement to our focus on vendor interaction through Archer Engage.”

The expansion of the HITRUST Assessment Portfolio and the addition of the RDS further extend HITRUST’s position as an innovator and leader in information risk management, compliance, and assurance. HITRUST continues to drive higher assurances and greater efficiencies into the assurance ecosystem. “HITRUST is building upon our market leadership in providing Rely-Able assurances by introducing moderate and low-level information assurance products,” said Bimal Sheth, Executive Vice President, Standards Development and Assurance Operations, HITRUST. “No other assessment or certification organization is able to meet the expanding global market need for information assessments and electronic results distribution.”

The industry standard r2 assessment (HITRUST CSF Validated Assessment) is currently available while the bC and i1 assessments will be offered to the market later this year. Any i1 or r2 assessment submitted with a reservation is backed by a service-level guarantee to deliver the assessment report within 45 days.

To Learn More:

Register for the Webinar

Expanded Assessment Portfolio

Results Distribution System

About HITRUST®

Since it was founded in 2007, HITRUST has championed programs that safeguard sensitive information and manage information risk for organizations across all industries and throughout the third-party supply chain. In collaboration with privacy, information security, and risk management leaders from the public and private sectors, HITRUST develops, maintains, and provides broad access to its widely adopted common risk and compliance management frameworks as well as related assessment and assurance methodologies. For more information, visit www.hitrustalliance.net.

To view this piece of content from cts.businesswire.com, please give your consent at the top of this page.

Contact information

Media Contact: Marc Fitzpatrick, e: marc.fitzpatrick@hitrustalliance.net, t: 469.269.1230

About Business Wire

For more than 50 years, Business Wire has been the global leader in press release distribution and regulatory disclosure.

Subscribe to releases from Business Wire

Subscribe to all the latest releases from Business Wire by registering your e-mail address below. You can unsubscribe at any time.

Latest releases from Business Wire

Presidio Investors Announces Sale of ElevATE Semiconductor to Diodes Incorporated14.7.2026 17:56:00 EEST | Press release

Presidio Investors (“Presidio”), a lower middle market private equity firm, today announced that it has entered into a definitive agreement to sell ElevATE Semiconductor, Inc. (“ElevATE”) to Diodes Incorporated (Nasdaq: DIOD) in an all-cash transaction valued at $250 million. ElevATE, headquartered in San Diego, California, is a leading fabless designer of low-power, high-density integrated circuits for the automated test equipment (ATE) industry. The sale marks the successful realization of Presidio’s first continuation fund, which was formed in 2023 to extend the firm’s partnership with ElevATE and support the company’s next phase of growth. The acquisition of ElevATE by a leading global semiconductor company validates the strategy behind the continuation vehicle and delivers a strong outcome for the company, its employees, and Presidio’s investors. Presidio first invested in ElevATE in 2018, when the company was a small, founder-led team of analog chip designers serving the ATE mark

Cessna Citation CJ3 Gen2 and Beechcraft King Air 360 Crimson Edition to make EAA AirVenture show debut14.7.2026 17:30:00 EEST | Press release

Textron Aviation Inc., a Textron Inc. (NYSE:TXT) company, today announced the Cessna Citation CJ3 Gen2 and Beechcraft King Air 360 Crimson Edition are heading to the 2026 Experimental Aircraft Association (EAA) AirVenture in Oshkosh, Wisconsin. Both aircraft will be on display for the first time at the show alongside a broad lineup of Cessna and Beechcraft aircraft. This press release features multimedia. View the full release here: https://www.businesswire.com/news/home/20260714774354/en/ Cessna Citation CJ3 Gen2 and Beechcraft King Air 360 Crimson Edition to make EAA AirVenture show debut “EAA AirVenture is one of the most important opportunities each year for us to connect with customers and the broader aviation community,” said Lannie O’Bannion, senior vice president, Sales & Marketing. “Being on the ground in Oshkosh allows us to showcase the breadth of our portfolio. Events like AirVenture also give us valuable face-to-face time to better understand how our customers operate and

Clearlake Capital Announces Partnership with Databricks to Advance AI-Enabled Investing and Portfolio Value Creation14.7.2026 17:00:00 EEST | Press release

Clearlake Capital Group, L.P. ("Clearlake"), a global investment firm managing integrated platforms spanning private equity, liquid and private credit, and other related strategies, today announced a partnership with Databricks, the Data and AI company, and West Monroe, a global business and technology consulting firm, to accelerate Clearlake’s portfolio companies’ adoption of data, analytics, and AI capabilities. Through the collaboration, Clearlake aims to connect investment, operational, financial, and portfolio data in a secure and scalable environment that accelerates enterprise-wide adoption of AI, drives productivity, and delivers measurable outcomes across the investment lifecycle from deal origination and due diligence to portfolio monitoring and value creation. By pairing cutting-edge technology with deep operational support, the partnership endeavors to help Clearlake’s portfolio companies stay ahead of industry disruption and build durable competitive advantage. “Data and A

Andersen Consulting Deepens Advisory Solutions in Turkey with ODS Consulting Group14.7.2026 16:30:00 EEST | Press release

Andersen Consulting adds collaborating firm ODS Consulting Group, enhancing its platform across digital transformation, talent strategy, and operational advisory services. Founded in 2008 and headquartered in Turkey, ODS Consulting Group provides advisory services to organizations seeking growth, talent, and investment opportunities in Turkey and international markets. The firm supports clients through international business development and export consulting, recruitment and talent management solutions, and investment advisory services, helping businesses expand operations, access new markets, attract qualified talent, and navigate the Turkish business landscape. With a multidisciplinary approach and deep local expertise, ODS delivers tailored strategies that drive sustainable growth and long-term value creation. “Since our founding, we have focused on helping organizations build sustainable growth through a combination of strategic insight and practical execution,” said Onur Seçkin, c

IAMPHENOM Europe 2026 Speaker Lineup Focuses on Practitioners Redesigning HR Operations with AI, Agents and Automation14.7.2026 16:30:00 EEST | Press release

Phenom, the leader in applied AI built to redesign work operations for hiring faster, developing better and retaining longer, today announced the first wave of speakers for IAMPHENOM Europe 2026, the only applied AI event dedicated to human resources taking place on 4-5 November in Paris, France. This press release features multimedia. View the full release here: https://www.businesswire.com/news/home/20260714617871/en/ Phenom today announced the first wave of speakers for IAMPHENOM Europe 2026, the only applied AI event dedicated to human resources taking place on 4-5 November in Paris, France. At the two-day in-person event, HR professionals, talent acquisition and talent management leaders, HRIT teams and C-suite executives will experience unparalleled immersive AI learning and networking. Attendees will gain actionable strategies from the organisations already using agents and automation to improve work operations and strengthen hiring, development and retention, while connecting w

In our pressroom you can read all our latest releases, find our press contacts, images, documents and other relevant information about us.

Visit our pressroom
World GlobeA line styled icon from Orion Icon Library.HiddenA line styled icon from Orion Icon Library.Eye