HITRUST® to Address Market Gaps in Reliability and Challenges in the Exchange of Security and Privacy Assessments
6.10.2021 16:00:00 EEST | Business Wire | Press release
HITRUST® announced today a major expansion of its assessment portfolio to raise the quality and efficiency of assurances across the spectrum of information assurance needs. HITRUST also is unveiling a new evolutionary approach to streamline the exchange and consumption of assessment results across the ecosystem of relying parties.
HITRUST CSF Certification is the most reliable information assurance report on the market and made possible by the transparency and consistency in the selection of controls, and in the scoring, and validation of controls by both qualified third-party assessors and the HITRUST Assurance and Quality teams. The assurance process is rigorous by design to ensure a high level of assurance in the results provided. However, there are many situations where a moderate or low level of assurance is warranted. Organizations are seeking a broader range of assessment options that require less effort and time to perform while still providing a commensurate level of reliability for moderate- to lower-risk scenarios.
To meet the market needs for varying levels of assurance with higher reliability, HITRUST is adding two new assessment offerings. Like the HITRUST CSF Validated Assessment, these new offerings will aid in understanding control effectiveness as well as cyber preparedness and resilience. With the two new additions, the HITRUST assessment portfolio will include:
- The Basic Current State (bC) Assessment is a “good hygiene” assessment and offers higher reliability than self-assessments and questionnaires by utilizing the HITRUST Assurance Intelligence Engine™ (AI Engine) to identify errors, omissions, and deceit.
- The Implemented One-Year (i1) Validated Assessment is a “best practices” assessment and recommended for situations that present moderate risk or where a baseline risk assessment is needed. The i1 is designed to provide higher levels of transparency, integrity, and reliability over existing moderate assurance reports, with comparable levels of time, effort, and cost. HITRUST Authorized External Assessors will validate i1 assessments.
- The industry standard HITRUST CSF Validated Assessment is a risk-based and tailorable assessment, which continues to provide the highest level of assurance for situations with greater risk exposure due to data volumes, regulatory compliance, or other risk factors. The HITRUST CSF Validated Assessment will be renamed the Risk-based, Two-Year (r2) Validated Assessment.
Until now, most low to moderate risk assessment mechanisms were either self-attested or validated against unsuitable or inconsistent control selection and limited and subjective assurance programs; which makes it difficult for relying parties to understand the control requirements and depth, breadth, and consistency of the assurance process, limiting the usefulness and reliability of the results.
“Often, organizations utilize mid-level assurance reports such as a SOC 2 report because they take less time and effort while being less costly. Unfortunately, these mid-level assurance reports lack the consistency and reliability of more comprehensive assessments like HITRUST,” said John Houston, Vice President of Information Security and Privacy at UPMC. “The HITRUST i1 Assessment fills a gap in the market for a medium assurance assessment that delivers a higher level of reliability and consistency while having a similar effort and cost to a SOC 2 report. And it can help the organization move towards full HITRUST CSF Certification—which organizations like UPMC view as the gold standard.”
While reliability is crucial for assurance, the accessibility, usability, and consumption of the results are just as important if organizations are to manage supply chain risk given evolving cyber threats. The current method of obtaining and consuming assessment results by the relying party often results in delays, inefficiencies, and misinterpretations as it is based on the exchange of PDF files that are reviewed to determine the scope, scoring, and corrective action plans before key information is often manually entered into a third-party risk management (TPRM) system.
To meet the expanding demand for effective information risk management across the supply chain, the HITRUST Results Distribution System (RDS) will enable assessed entities to deliver their HITRUST Assessment results through a secure, centralized reporting hub to relying parties, eliminating the need for exchanging PDFs and the manual review and entry into third-party systems that subsequently occurs. Recipients will be able to customize dashboards to view the results that interest them most, including scope, aggregate, or specific control scores. In addition, integration with GRC/VRM platforms will be available via API.
“For third-party risk management systems to achieve their full potential in helping organizations manage their vendor risk, assessment results need to be electronically shared and consumed,” said Jeremy Fisher, Vice President of Product at Archer. “HITRUST’s Results Distribution System is a big step in making that possible and will be a strong complement to our focus on vendor interaction through Archer Engage.”
The expansion of the HITRUST Assessment Portfolio and the addition of the RDS further extend HITRUST’s position as an innovator and leader in information risk management, compliance, and assurance. HITRUST continues to drive higher assurances and greater efficiencies into the assurance ecosystem. “HITRUST is building upon our market leadership in providing Rely-Able assurances by introducing moderate and low-level information assurance products,” said Bimal Sheth, Executive Vice President, Standards Development and Assurance Operations, HITRUST. “No other assessment or certification organization is able to meet the expanding global market need for information assessments and electronic results distribution.”
The industry standard r2 assessment (HITRUST CSF Validated Assessment) is currently available while the bC and i1 assessments will be offered to the market later this year. Any i1 or r2 assessment submitted with a reservation is backed by a service-level guarantee to deliver the assessment report within 45 days.
To Learn More:
About HITRUST®
Since it was founded in 2007, HITRUST has championed programs that safeguard sensitive information and manage information risk for organizations across all industries and throughout the third-party supply chain. In collaboration with privacy, information security, and risk management leaders from the public and private sectors, HITRUST develops, maintains, and provides broad access to its widely adopted common risk and compliance management frameworks as well as related assessment and assurance methodologies. For more information, visit www.hitrustalliance.net.
To view this piece of content from cts.businesswire.com, please give your consent at the top of this page.
View source version on businesswire.com: https://www.businesswire.com/news/home/20211006005249/en/
Contact information
Media Contact: Marc Fitzpatrick, e: marc.fitzpatrick@hitrustalliance.net, t: 469.269.1230
About Business Wire
For more than 50 years, Business Wire has been the global leader in press release distribution and regulatory disclosure.
Subscribe to releases from Business Wire
Subscribe to all the latest releases from Business Wire by registering your e-mail address below. You can unsubscribe at any time.
Latest releases from Business Wire
KiddeFenwal Launches New Website and Information Hub8.7.2026 19:00:00 EEST | Press release
KiddeFenwal, the global leader in the fire suppression and safety controls industry, today unveiled a revitalized website, designed to serve as a comprehensive information hub for fire industry practitioners and customers alike. The modernized platform includes features created specifically with the company’s global partners, OEMs and distributors in mind, including: Accelerated asset navigation, pointing users to critical safety documentation, design parameters and product specifications; Seamless solution mapping, helping users quickly locate fire suppression configurations by industry, from data centers to BESS applications to commercial kitchens; and Enhanced resource access, including streamlined pathways to connect with the company’s elite distributor network across 120 countries. It also provides information about the company’s three brands, Kidde Fire Systems, Kidde Fire Protection and Fenwal Controls, replacing other sites serving customers in Europe and India. The launch of t
Red Sea Global Strengthens AMAALA's Wellness Offering With Opening of Six Senses AMAALA8.7.2026 18:22:00 EEST | Press release
Red Sea Global (RSG), the regenerative tourism developer, has announced the opening of beachfront resort Six Senses AMAALA, which will welcome its first guests mid-July. This press release features multimedia. View the full release here: https://www.businesswire.com/news/home/20260708505794/en/ An aerial view of Six Senses AMAALA and its surrounding shoreline at Triple Bay The launch represents an exciting next step in the AMAALA destination’s journey, as it continues to come to life and welcome guests to enjoy unrivaled wellness experiences set against a backdrop of soaring coastal cliffs, protected bays, pristine beaches, and mountainous desert. "Every partner we bring into our portfolio is selected because they share our long-term vision of luxury travel with regeneration for people and planet at its center. Six Senses has built a global reputation for wellness experiences rooted in nature, sustainability, and local culture, making it a natural fit for AMAALA. As the second Six Sens
Rigaku Opens "Rigaku Solutions Center Osaka" to Strengthen Global Semiconductor Metrology Service Capabilities8.7.2026 18:00:00 EEST | Press release
Rigaku Corporation, a global solution partner in X-ray analytical systems and a group company of Rigaku Holdings Corporation (headquarters: Akishima, Tokyo; CEO: Jun Kawakami; “Rigaku”), has opened the Rigaku Solutions Center Osaka (RSC-Osaka) at its Osaka Plant. The new facility centralizes and expands practical training for field service engineers supporting semiconductor metrology systems, strengthening Rigaku's global service capabilities. This press release features multimedia. View the full release here: https://www.businesswire.com/news/home/20260708402770/en/ Photo: Hands-on training using the TXRF-V310 at RSC-Osaka As semiconductor manufacturing processes continue to advance toward finer geometries, higher layer counts, and more complex three-dimensional structures, semiconductor metrology systems require ever greater precision and operational stability. X-ray analytical technologies play an increasingly important role in meeting these demands through highly accurate, non-dest
Dryad Networks Reaches XPRIZE Wildfire Finals Milestone, Demonstrating Autonomous Detection and Suppression of Wildfires in Alaska8.7.2026 18:00:00 EEST | Press release
Dryad Networks, the leader in ultra-early wildfire detection technology, today announced a major achievement in the finals of the Autonomous Wildfire Response track of XPRIZE Wildfire, a four-year, $11 million global competition accelerating new solutions to end destructive wildfires. This press release features multimedia. View the full release here: https://www.businesswire.com/news/home/20260707802818/en/ The Silvaguard Suppression Drone can deliver a 100 liter liquid suppressant to autonomously suppress small wildfires detected by Silvanet Competing against just two other finalists selected from an original field of nearly 300 teams worldwide, Dryad successfully demonstrated the integrated capabilities of its Silvanet wildfire detection network and Silvaguard autonomous firefighting drone system during final testing in remote Alaska. The XPRIZE Wildfire finals challenged teams to autonomously detect and suppress a wildfire without any human intervention across a vast 1,000 square k
Cardiac Dimensions ® Announces Three Major Publications Demonstrating Long-Term Durability, Real-World Performance, and Broad Patient Benefit of the Carillon Mitral Contour System ®8.7.2026 17:05:00 EEST | Press release
Cardiac Dimensions, a leader in transcatheter therapies for heart failure, today announced the publication of three major manuscripts that together form the most comprehensive evidence base ever assembled for transcatheter indirect mitral annuloplasty. These publications span a five-year multi-center commercial registry, the largest single-center experience across both preserved and reduced ejection fraction, and long-term survival results through ten years. This press release features multimedia. View the full release here: https://www.businesswire.com/news/home/20260707656796/en/ Carillon Mitral Contour System® The Carillon Mitral Contour System is the only commercially available indirect mitral annuloplasty device, designed to treat a broad and expanding population of patients living with functional mitral regurgitation. The newly published data further strengthen the clinical foundation for the therapy as Cardiac Dimensions advances toward regulatory submissions in the United State
In our pressroom you can read all our latest releases, find our press contacts, images, documents and other relevant information about us.
Visit our pressroom
