HITRUST® to Address Market Gaps in Reliability and Challenges in the Exchange of Security and Privacy Assessments
6.10.2021 16:00:00 EEST | Business Wire | Press release
HITRUST® announced today a major expansion of its assessment portfolio to raise the quality and efficiency of assurances across the spectrum of information assurance needs. HITRUST also is unveiling a new evolutionary approach to streamline the exchange and consumption of assessment results across the ecosystem of relying parties.
HITRUST CSF Certification is the most reliable information assurance report on the market and made possible by the transparency and consistency in the selection of controls, and in the scoring, and validation of controls by both qualified third-party assessors and the HITRUST Assurance and Quality teams. The assurance process is rigorous by design to ensure a high level of assurance in the results provided. However, there are many situations where a moderate or low level of assurance is warranted. Organizations are seeking a broader range of assessment options that require less effort and time to perform while still providing a commensurate level of reliability for moderate- to lower-risk scenarios.
To meet the market needs for varying levels of assurance with higher reliability, HITRUST is adding two new assessment offerings. Like the HITRUST CSF Validated Assessment, these new offerings will aid in understanding control effectiveness as well as cyber preparedness and resilience. With the two new additions, the HITRUST assessment portfolio will include:
- The Basic Current State (bC) Assessment is a “good hygiene” assessment and offers higher reliability than self-assessments and questionnaires by utilizing the HITRUST Assurance Intelligence Engine™ (AI Engine) to identify errors, omissions, and deceit.
- The Implemented One-Year (i1) Validated Assessment is a “best practices” assessment and recommended for situations that present moderate risk or where a baseline risk assessment is needed. The i1 is designed to provide higher levels of transparency, integrity, and reliability over existing moderate assurance reports, with comparable levels of time, effort, and cost. HITRUST Authorized External Assessors will validate i1 assessments.
- The industry standard HITRUST CSF Validated Assessment is a risk-based and tailorable assessment, which continues to provide the highest level of assurance for situations with greater risk exposure due to data volumes, regulatory compliance, or other risk factors. The HITRUST CSF Validated Assessment will be renamed the Risk-based, Two-Year (r2) Validated Assessment.
Until now, most low to moderate risk assessment mechanisms were either self-attested or validated against unsuitable or inconsistent control selection and limited and subjective assurance programs; which makes it difficult for relying parties to understand the control requirements and depth, breadth, and consistency of the assurance process, limiting the usefulness and reliability of the results.
“Often, organizations utilize mid-level assurance reports such as a SOC 2 report because they take less time and effort while being less costly. Unfortunately, these mid-level assurance reports lack the consistency and reliability of more comprehensive assessments like HITRUST,” said John Houston, Vice President of Information Security and Privacy at UPMC. “The HITRUST i1 Assessment fills a gap in the market for a medium assurance assessment that delivers a higher level of reliability and consistency while having a similar effort and cost to a SOC 2 report. And it can help the organization move towards full HITRUST CSF Certification—which organizations like UPMC view as the gold standard.”
While reliability is crucial for assurance, the accessibility, usability, and consumption of the results are just as important if organizations are to manage supply chain risk given evolving cyber threats. The current method of obtaining and consuming assessment results by the relying party often results in delays, inefficiencies, and misinterpretations as it is based on the exchange of PDF files that are reviewed to determine the scope, scoring, and corrective action plans before key information is often manually entered into a third-party risk management (TPRM) system.
To meet the expanding demand for effective information risk management across the supply chain, the HITRUST Results Distribution System (RDS) will enable assessed entities to deliver their HITRUST Assessment results through a secure, centralized reporting hub to relying parties, eliminating the need for exchanging PDFs and the manual review and entry into third-party systems that subsequently occurs. Recipients will be able to customize dashboards to view the results that interest them most, including scope, aggregate, or specific control scores. In addition, integration with GRC/VRM platforms will be available via API.
“For third-party risk management systems to achieve their full potential in helping organizations manage their vendor risk, assessment results need to be electronically shared and consumed,” said Jeremy Fisher, Vice President of Product at Archer. “HITRUST’s Results Distribution System is a big step in making that possible and will be a strong complement to our focus on vendor interaction through Archer Engage.”
The expansion of the HITRUST Assessment Portfolio and the addition of the RDS further extend HITRUST’s position as an innovator and leader in information risk management, compliance, and assurance. HITRUST continues to drive higher assurances and greater efficiencies into the assurance ecosystem. “HITRUST is building upon our market leadership in providing Rely-Able assurances by introducing moderate and low-level information assurance products,” said Bimal Sheth, Executive Vice President, Standards Development and Assurance Operations, HITRUST. “No other assessment or certification organization is able to meet the expanding global market need for information assessments and electronic results distribution.”
The industry standard r2 assessment (HITRUST CSF Validated Assessment) is currently available while the bC and i1 assessments will be offered to the market later this year. Any i1 or r2 assessment submitted with a reservation is backed by a service-level guarantee to deliver the assessment report within 45 days.
To Learn More:
About HITRUST®
Since it was founded in 2007, HITRUST has championed programs that safeguard sensitive information and manage information risk for organizations across all industries and throughout the third-party supply chain. In collaboration with privacy, information security, and risk management leaders from the public and private sectors, HITRUST develops, maintains, and provides broad access to its widely adopted common risk and compliance management frameworks as well as related assessment and assurance methodologies. For more information, visit www.hitrustalliance.net.
To view this piece of content from cts.businesswire.com, please give your consent at the top of this page.
View source version on businesswire.com: https://www.businesswire.com/news/home/20211006005249/en/
Contact information
Media Contact: Marc Fitzpatrick, e: marc.fitzpatrick@hitrustalliance.net, t: 469.269.1230
About Business Wire
For more than 50 years, Business Wire has been the global leader in press release distribution and regulatory disclosure.
Subscribe to releases from Business Wire
Subscribe to all the latest releases from Business Wire by registering your e-mail address below. You can unsubscribe at any time.
Latest releases from Business Wire
Takeda’s Zasocitinib Demonstrates Consistent, High Rates of Skin Clearance Across the Body, Including Hard-to-Treat and High-Impact Sites, in Phase 3 Psoriasis Studies17.7.2026 01:00:00 EEST | Press release
Takeda (TSE:4502/NYSE:TAK) announced new data from the two pivotal Phase 3 studies of zasocitinib (TAK-279), a next-generation, highly selective and potent oral tyrosine kinase 2 (TYK2) inhibitor, in adults with moderate-to-severe plaque psoriasis (PsO).1 Presented at the 2026 American Academy of Dermatology (AAD) Innovation Academy, these secondary endpoint data show that zasocitinib demonstrated consistent and high rates of skin clearance across hard-to-treat, high-impact sites, including the scalp, nails, palms and soles, compared with placebo.1-5 These data build on the topline results from the Phase 3 randomized, multicenter, double-blind, placebo- and active comparator-controlled LATITUDE PsO 3001 and 3002 studies.2,6 In those studies, about 70% of patients treated with zasocitinib achieved static Physician Global Assessment (sPGA) 0/1 (clear or almost clear skin) at week 16, with a significantly greater Psoriasis Area and Severity Index (PASI) 75 response rate seen as early as w
Merz Completes Inaugural €450 Million Schuldschein Loan Issuance17.7.2026 00:36:00 EEST | Press release
The Merz Group has successfully completed its first-ever Schuldschein loan issuance, placing a total volume of €450 million in the debt capital market – a multiple of three relating to the launch volume. The debut transaction was significantly oversubscribed and attracted strong interest from all investor groups. The proceeds were settled and paid out today. This press release features multimedia. View the full release here: https://www.businesswire.com/news/home/20260716926041/en/ Dr. Almuth Steinkühler, Chief Financial Officer Merz Group The transaction comprises both fixed- and floating-rate tranches with maturities of three, five, seven, and ten years. Around 50 German and international investors participated, representing a broad range of institutions, including private banks, German federal state-owned banks, public savings banks, cooperative banks, pension funds and occupational pension institutions. With the successful placement, Merz has further diversified its funding base by
The Estée Lauder Companies Appoints Madeleine Boyd as Senior Vice President, Global Brand Communications16.7.2026 23:22:00 EEST | Press release
The Estée Lauder Companies Inc. (NYSE: EL) today announced the appointment of Madeleine Boyd as Senior Vice President, Global Brand Communications, effective July 20, 2026. This press release features multimedia. View the full release here: https://www.businesswire.com/news/home/20260716738393/en/ Photo by Esteban La Tessa As part of the company’s continued efforts to strengthen how its brands better connect with consumers, Ms. Boyd will establish and lead a newly integrated Global Brand Communications team. In this role, she will ensure the company’s diverse portfolio is anchored by a cohesive enterprise communications strategy, while accelerating bold, consumer-first storytelling that drives earned media, cultural relevance, and brand desirability. She will also strengthen creator engagement, helping the company’s brands gain attention where culture is being shaped. Ms. Boyd brings extensive experience spanning brand strategy, communications, consumer engagement, and cultural insight
Grid Dynamics Enters Strategic Partnership with Doosan Robotics to Accelerate Physical AI Adoption Across Manufacturing and Logistics16.7.2026 23:05:00 EEST | Press release
Grid Dynamics Holdings, Inc. (Nasdaq: GDYN) (Grid Dynamics), a premier AI transformation partner for the Fortune 1000, announced today it has entered into a strategic partnership with Doosan Robotics, a global leader in collaborative robot solutions, delivering cutting-edge AI robotics to 45 countries worldwide. Grid Dynamics offers Doosan cobot users a GAIN Platform for Physical AI, which enables rapid creation of advanced robotic manipulation workflows, deployment of the latest physical AI models, and optimization and monitoring of robotic lines using digital twins. The GAIN Platform for Physical AI and corresponding integration services enable industrial users to solve advanced robotic automation use cases such as processing and inspection of complex-geometry objects, assembly with variability, and packaging of unseens and deformable items, which are not tractable for traditional robotics software. The partnership aims to accelerate the joint go-to-market strategy for the integrated
NetApp Acquires DataPelago, Making Data AI-Ready at the Infrastructure Layer16.7.2026 19:30:00 EEST | Press release
NetApp® (NASDAQ: NTAP), the Intelligent Data Infrastructure company, today announced it has acquired DataPelago, a California-based AI data infrastructure company recognized for its innovative approach to eliminating data processing bottlenecks for AI and analytics workloads. The acquisition marks a foundational expansion of NetApp's portfolio, enabling GPU-accelerated data processing aligned directly with the storage layer. With this acquisition, NetApp establishes itself as the company that makes zero-copy activation of enterprise data for AI real. AI is the defining platform shift of our era, but enterprises are discovering that their greatest bottleneck is preparing, governing, and activating their data fast enough to put AI into production. The key to accomplishing this objective is to enable accelerated computing where the data is created and stored. DataPelago solves this challenge by fundamentally reimagining where accelerated compute happens: at the data layer, not above it. "
In our pressroom you can read all our latest releases, find our press contacts, images, documents and other relevant information about us.
Visit our pressroom
