HITRUST® to Address Market Gaps in Reliability and Challenges in the Exchange of Security and Privacy Assessments
6.10.2021 16:00:00 EEST | Business Wire | Press release
HITRUST® announced today a major expansion of its assessment portfolio to raise the quality and efficiency of assurances across the spectrum of information assurance needs. HITRUST also is unveiling a new evolutionary approach to streamline the exchange and consumption of assessment results across the ecosystem of relying parties.
HITRUST CSF Certification is the most reliable information assurance report on the market and made possible by the transparency and consistency in the selection of controls, and in the scoring, and validation of controls by both qualified third-party assessors and the HITRUST Assurance and Quality teams. The assurance process is rigorous by design to ensure a high level of assurance in the results provided. However, there are many situations where a moderate or low level of assurance is warranted. Organizations are seeking a broader range of assessment options that require less effort and time to perform while still providing a commensurate level of reliability for moderate- to lower-risk scenarios.
To meet the market needs for varying levels of assurance with higher reliability, HITRUST is adding two new assessment offerings. Like the HITRUST CSF Validated Assessment, these new offerings will aid in understanding control effectiveness as well as cyber preparedness and resilience. With the two new additions, the HITRUST assessment portfolio will include:
- The Basic Current State (bC) Assessment is a “good hygiene” assessment and offers higher reliability than self-assessments and questionnaires by utilizing the HITRUST Assurance Intelligence Engine™ (AI Engine) to identify errors, omissions, and deceit.
- The Implemented One-Year (i1) Validated Assessment is a “best practices” assessment and recommended for situations that present moderate risk or where a baseline risk assessment is needed. The i1 is designed to provide higher levels of transparency, integrity, and reliability over existing moderate assurance reports, with comparable levels of time, effort, and cost. HITRUST Authorized External Assessors will validate i1 assessments.
- The industry standard HITRUST CSF Validated Assessment is a risk-based and tailorable assessment, which continues to provide the highest level of assurance for situations with greater risk exposure due to data volumes, regulatory compliance, or other risk factors. The HITRUST CSF Validated Assessment will be renamed the Risk-based, Two-Year (r2) Validated Assessment.
Until now, most low to moderate risk assessment mechanisms were either self-attested or validated against unsuitable or inconsistent control selection and limited and subjective assurance programs; which makes it difficult for relying parties to understand the control requirements and depth, breadth, and consistency of the assurance process, limiting the usefulness and reliability of the results.
“Often, organizations utilize mid-level assurance reports such as a SOC 2 report because they take less time and effort while being less costly. Unfortunately, these mid-level assurance reports lack the consistency and reliability of more comprehensive assessments like HITRUST,” said John Houston, Vice President of Information Security and Privacy at UPMC. “The HITRUST i1 Assessment fills a gap in the market for a medium assurance assessment that delivers a higher level of reliability and consistency while having a similar effort and cost to a SOC 2 report. And it can help the organization move towards full HITRUST CSF Certification—which organizations like UPMC view as the gold standard.”
While reliability is crucial for assurance, the accessibility, usability, and consumption of the results are just as important if organizations are to manage supply chain risk given evolving cyber threats. The current method of obtaining and consuming assessment results by the relying party often results in delays, inefficiencies, and misinterpretations as it is based on the exchange of PDF files that are reviewed to determine the scope, scoring, and corrective action plans before key information is often manually entered into a third-party risk management (TPRM) system.
To meet the expanding demand for effective information risk management across the supply chain, the HITRUST Results Distribution System (RDS) will enable assessed entities to deliver their HITRUST Assessment results through a secure, centralized reporting hub to relying parties, eliminating the need for exchanging PDFs and the manual review and entry into third-party systems that subsequently occurs. Recipients will be able to customize dashboards to view the results that interest them most, including scope, aggregate, or specific control scores. In addition, integration with GRC/VRM platforms will be available via API.
“For third-party risk management systems to achieve their full potential in helping organizations manage their vendor risk, assessment results need to be electronically shared and consumed,” said Jeremy Fisher, Vice President of Product at Archer. “HITRUST’s Results Distribution System is a big step in making that possible and will be a strong complement to our focus on vendor interaction through Archer Engage.”
The expansion of the HITRUST Assessment Portfolio and the addition of the RDS further extend HITRUST’s position as an innovator and leader in information risk management, compliance, and assurance. HITRUST continues to drive higher assurances and greater efficiencies into the assurance ecosystem. “HITRUST is building upon our market leadership in providing Rely-Able assurances by introducing moderate and low-level information assurance products,” said Bimal Sheth, Executive Vice President, Standards Development and Assurance Operations, HITRUST. “No other assessment or certification organization is able to meet the expanding global market need for information assessments and electronic results distribution.”
The industry standard r2 assessment (HITRUST CSF Validated Assessment) is currently available while the bC and i1 assessments will be offered to the market later this year. Any i1 or r2 assessment submitted with a reservation is backed by a service-level guarantee to deliver the assessment report within 45 days.
To Learn More:
About HITRUST®
Since it was founded in 2007, HITRUST has championed programs that safeguard sensitive information and manage information risk for organizations across all industries and throughout the third-party supply chain. In collaboration with privacy, information security, and risk management leaders from the public and private sectors, HITRUST develops, maintains, and provides broad access to its widely adopted common risk and compliance management frameworks as well as related assessment and assurance methodologies. For more information, visit www.hitrustalliance.net.
To view this piece of content from cts.businesswire.com, please give your consent at the top of this page.
View source version on businesswire.com: https://www.businesswire.com/news/home/20211006005249/en/
Contact information
Media Contact: Marc Fitzpatrick, e: marc.fitzpatrick@hitrustalliance.net, t: 469.269.1230
About Business Wire
For more than 50 years, Business Wire has been the global leader in press release distribution and regulatory disclosure.
Subscribe to releases from Business Wire
Subscribe to all the latest releases from Business Wire by registering your e-mail address below. You can unsubscribe at any time.
Latest releases from Business Wire
Access Advance Welcomes Meta Platforms, Inc. and Alibaba Group to the Video Distribution Patent Pool3.7.2026 02:00:00 EEST | Press release
Access Advance LLC today announced that Meta Platforms, Inc., one of the world's largest distributors of video content across its Facebook, Instagram, Threads, and WhatsApp services, has joined the Video Distribution Patent Pool (VDP Pool) as a Licensee. Meta also joined both the HEVC Advance and VVC Advance pools as a Licensee. Alibaba Group, whose video infrastructure spans a wide range of video-based services across e-commerce, entertainment, and digital media platforms, was also announced as a VDP Pool Licensee this week. Meta and Alibaba joining the VDP Pool further reinforces the program’s market leading position in resolving the licensing issues around the use of modern video codecs, including VP9, AV1, HEVC and VVC, across all the diverse business models of internet video streaming. "A significant U.S.-based company like Meta joining as a Licensee is a milestone moment for the content distribution business and the VDP Pool," said Peter Moller, CEO of Access Advance. "Meta reach
Kioxia Commences Sample Shipments of 10th-Generation BiCS FLASH™ Devices Delivering High Performance, High Capacity and Low Power Consumption3.7.2026 02:00:00 EEST | Press release
Kioxia Corporation, a world leader in memory solutions, today announced that it has commenced sample shipments of 1Tb (terabit) Triple-Level-Cell (TLC) memory devices utilizing its 10th-generation BiCS FLASH™ 3D flash memory technology.1 These will be primarily integrated into the company’s enterprise and data center SSDs, strengthening Kioxia’s lineup to meet the growing demand for AI storage, which requires higher performance, higher capacity, and lower power consumption. These new products will be manufactured using state-of-the-art equipment at Kioxia’s Kitakami Plant Fab2 facility in Iwate Prefecture, Japan. By leveraging innovative CMOS directly Bonded to Array (CBA) technology2 and On-Pitch Select Gate Drain (OPS) technology,3 both adopted since the 8th-generation BiCS FLASH™, the 10th-generation technology achieves a NAND interface speed of 4.8 Gb/s,4 a 33% improvement over the 8th generation. Bit density has increased by 59% by stacking 332 layers and improving lateral density
Bending Spoons S.p.A. announces closing of initial public offering2.7.2026 21:35:00 EEST | Press release
Bending Spoons S.p.A. (“Bending Spoons”), a leading technology company, today announces the closing of its initial public offering of an aggregate of 57,971,015 of its ordinary shares, at an initial public offering price of $29.00 per share. The offering consisted of 34,398,640 shares sold by Bending Spoons and 23,572,375 shares sold by certain selling shareholders (the “Selling Shareholders”). The gross proceeds from the offering to Bending Spoons, before deducting underwriting discounts and commissions and other offering expenses, was approximately $953,917,285.50. Bending Spoons did not receive any proceeds from the sale of shares by the Selling Shareholders. Bending Spoons’ ordinary shares began trading on the Nasdaq Global Select Market on July 1, 2026 under the ticker symbol “BSP”. Goldman Sachs International, J.P. Morgan, and Allen & Company LLC are acting as joint lead book-running managers for the offering. Wells Fargo Securities, BofA Securities, Jefferies, Evercore ISI, BNP
Strategic Partnership Between Record Asset Management and Admicasa2.7.2026 20:00:00 EEST | Press release
RAM Swiss Holding AG is a subsidiary of LSE-listed Record Financial Group (Record) and part of the Record Asset Management (RAM) group of companies. The partnership is a milestone in the growth of Admicasa and marks an important step in the continued expansion of Record’s private markets platform. Subject to regulatory approval, the agreement, signed on 1st July 2026, provides RAM Swiss Holding AG with a 50% participation in the Admicasa Fondsleitung AG, part of Admicasa, and establishes a long-term partnership to develop investment opportunities in the Swiss and Global real estate market with a plan to expand into other asset classes in the medium term. RAM is the European asset management arm of Record, the LSE-listed specialist investment group managing USD 115 billion of assets on behalf of institutional clients worldwide. Record's client base comprises pension funds, foundations, sovereign institutions and other asset managers, with whom it has built long-standing relationships th
IQM Quantum Computers Becomes First European Quantum Computing Company Listed on a Major U.S. Exchange2.7.2026 17:47:00 EEST | Press release
IQM Quantum Computers (Nasdaq: IQMX) (“IQM”, “IQM Quantum Computers” or the “Company”), a global leader in full-stack superconducting quantum computers, today became a publicly traded company following the completion of its business combination with Real Asset Acquisition Corp. (“RAAQ”). This press release features multimedia. View the full release here: https://www.businesswire.com/news/home/20260702960460/en/ IQM Quantum Computers Becomes First European Quantum Computing Company Listed on a Major U.S. Exchange The company’s American Depositary Shares begin trading today on the Nasdaq Global Select Market under the ticker symbol “IQMX”. The listing marks a major milestone for IQM establishing the company as the first European quantum computing company listed on a major U.S. stock exchange. Due to the proceeds of the transaction, IQM maintains a strong pro forma cash position of EUR 337 million. IQM enters the public markets with strong commercial momentum and a rapidly expanding globa
In our pressroom you can read all our latest releases, find our press contacts, images, documents and other relevant information about us.
Visit our pressroom
