Business Wire

HITRUST® to Address Market Gaps in Reliability and Challenges in the Exchange of Security and Privacy Assessments

Share

HITRUST® announced today a major expansion of its assessment portfolio to raise the quality and efficiency of assurances across the spectrum of information assurance needs. HITRUST also is unveiling a new evolutionary approach to streamline the exchange and consumption of assessment results across the ecosystem of relying parties.

HITRUST CSF Certification is the most reliable information assurance report on the market and made possible by the transparency and consistency in the selection of controls, and in the scoring, and validation of controls by both qualified third-party assessors and the HITRUST Assurance and Quality teams. The assurance process is rigorous by design to ensure a high level of assurance in the results provided. However, there are many situations where a moderate or low level of assurance is warranted. Organizations are seeking a broader range of assessment options that require less effort and time to perform while still providing a commensurate level of reliability for moderate- to lower-risk scenarios.

To meet the market needs for varying levels of assurance with higher reliability, HITRUST is adding two new assessment offerings. Like the HITRUST CSF Validated Assessment, these new offerings will aid in understanding control effectiveness as well as cyber preparedness and resilience. With the two new additions, the HITRUST assessment portfolio will include:

  • The Basic Current State (bC) Assessment is a “good hygiene” assessment and offers higher reliability than self-assessments and questionnaires by utilizing the HITRUST Assurance Intelligence Engine™ (AI Engine) to identify errors, omissions, and deceit.
  • The Implemented One-Year (i1) Validated Assessment is a “best practices” assessment and recommended for situations that present moderate risk or where a baseline risk assessment is needed. The i1 is designed to provide higher levels of transparency, integrity, and reliability over existing moderate assurance reports, with comparable levels of time, effort, and cost. HITRUST Authorized External Assessors will validate i1 assessments.
  • The industry standard HITRUST CSF Validated Assessment is a risk-based and tailorable assessment, which continues to provide the highest level of assurance for situations with greater risk exposure due to data volumes, regulatory compliance, or other risk factors. The HITRUST CSF Validated Assessment will be renamed the Risk-based, Two-Year (r2) Validated Assessment.

Until now, most low to moderate risk assessment mechanisms were either self-attested or validated against unsuitable or inconsistent control selection and limited and subjective assurance programs; which makes it difficult for relying parties to understand the control requirements and depth, breadth, and consistency of the assurance process, limiting the usefulness and reliability of the results.

“Often, organizations utilize mid-level assurance reports such as a SOC 2 report because they take less time and effort while being less costly. Unfortunately, these mid-level assurance reports lack the consistency and reliability of more comprehensive assessments like HITRUST,” said John Houston, Vice President of Information Security and Privacy at UPMC. “The HITRUST i1 Assessment fills a gap in the market for a medium assurance assessment that delivers a higher level of reliability and consistency while having a similar effort and cost to a SOC 2 report. And it can help the organization move towards full HITRUST CSF Certification—which organizations like UPMC view as the gold standard.”

While reliability is crucial for assurance, the accessibility, usability, and consumption of the results are just as important if organizations are to manage supply chain risk given evolving cyber threats. The current method of obtaining and consuming assessment results by the relying party often results in delays, inefficiencies, and misinterpretations as it is based on the exchange of PDF files that are reviewed to determine the scope, scoring, and corrective action plans before key information is often manually entered into a third-party risk management (TPRM) system.

To meet the expanding demand for effective information risk management across the supply chain, the HITRUST Results Distribution System (RDS) will enable assessed entities to deliver their HITRUST Assessment results through a secure, centralized reporting hub to relying parties, eliminating the need for exchanging PDFs and the manual review and entry into third-party systems that subsequently occurs. Recipients will be able to customize dashboards to view the results that interest them most, including scope, aggregate, or specific control scores. In addition, integration with GRC/VRM platforms will be available via API.

“For third-party risk management systems to achieve their full potential in helping organizations manage their vendor risk, assessment results need to be electronically shared and consumed,” said Jeremy Fisher, Vice President of Product at Archer. “HITRUST’s Results Distribution System is a big step in making that possible and will be a strong complement to our focus on vendor interaction through Archer Engage.”

The expansion of the HITRUST Assessment Portfolio and the addition of the RDS further extend HITRUST’s position as an innovator and leader in information risk management, compliance, and assurance. HITRUST continues to drive higher assurances and greater efficiencies into the assurance ecosystem. “HITRUST is building upon our market leadership in providing Rely-Able assurances by introducing moderate and low-level information assurance products,” said Bimal Sheth, Executive Vice President, Standards Development and Assurance Operations, HITRUST. “No other assessment or certification organization is able to meet the expanding global market need for information assessments and electronic results distribution.”

The industry standard r2 assessment (HITRUST CSF Validated Assessment) is currently available while the bC and i1 assessments will be offered to the market later this year. Any i1 or r2 assessment submitted with a reservation is backed by a service-level guarantee to deliver the assessment report within 45 days.

To Learn More:

Register for the Webinar

Expanded Assessment Portfolio

Results Distribution System

About HITRUST®

Since it was founded in 2007, HITRUST has championed programs that safeguard sensitive information and manage information risk for organizations across all industries and throughout the third-party supply chain. In collaboration with privacy, information security, and risk management leaders from the public and private sectors, HITRUST develops, maintains, and provides broad access to its widely adopted common risk and compliance management frameworks as well as related assessment and assurance methodologies. For more information, visit www.hitrustalliance.net.

To view this piece of content from cts.businesswire.com, please give your consent at the top of this page.

Contact information

Media Contact: Marc Fitzpatrick, e: marc.fitzpatrick@hitrustalliance.net, t: 469.269.1230

About Business Wire

For more than 50 years, Business Wire has been the global leader in press release distribution and regulatory disclosure.

Subscribe to releases from Business Wire

Subscribe to all the latest releases from Business Wire by registering your e-mail address below. You can unsubscribe at any time.

Latest releases from Business Wire

The Spotlight on Iceland’s Capital City Shines Even Brighter With the Arrival of The Reykjavik EDITION21.10.2021 18:30:00 EEST | Press release

A flourishing culinary hotspot with cool cafés, a rollicking nightlife and an epic music scene, the spotlight is shining brightly on Iceland’s hip capital city and, with typical finesse, the arrival of The Reykjavik EDITION further cements EDITION Hotels' uncanny ability to land in just the right place at the right time. “Reykjavik is a really cool, young city -perfect for our brand,” says Ian Schrager, the visionary pioneer of the boutique hotel concept, PUBLIC and EDITION creator. “We think this is Reykjavik’s time and we’re right here at the very heart of it and at the perfect time.” This press release features multimedia. View the full release here: https://www.businesswire.com/news/home/20211021005764/en/ The Reykjavik EDITION (Photo: Business Wire) Opening in preview on November 9th, 2021, The Reykjavik EDITION will set a new standard as the city’s first truly luxury hotel experience, combining the best of the Icelandic capital with the personal, intimate and individual experienc

MediaTek Selected to Power Vewd for Automotive Platform21.10.2021 17:41:00 EEST | Press release

Vewd, the leading provider of OTT software solutions, today announced that MediaTek’s Autus I20 (MT2712) chipset was selected as the first reference platform to power Vewd for Automotive, a white-labeled, cloud-managed content aggregation and monetization solution for in-vehicle infotainment equipment providers and car manufacturers. MediaTek’s customer base, streaming ecosystem partnerships, and strong technical capabilities make it the strongest supplier to meet the needs of car manufacturers. Together, Vewd and MediaTek will target Strategy Analytics’ estimated 70 million connected cars on the road by 2025. Vewd for Automotive solves key rear-seat content challenges facing manufacturers through a turnkey solution ready for deployment. For manufacturers, content in the car represents an increasing consumer demand, along with the demand for connectivity that provides additional after-sale branding and revenue opportunities. By partnering with content providers, manufacturers can enabl

Biognosys to Present Major Scientific and Technological Advances at the ASMS 2021 Mass Spectrometry Conference21.10.2021 17:00:00 EEST | Press release

Biognosys, a leading inventor and developer of mass spectrometry-based proteomics solutions, today announced they will be presenting major scientific and technological advances on their proprietary proteomics research services, software, and kits at the American Society for Mass Spectrometry (ASMS) Annual Conference from October 31st to November 4th in Philadelphia (USA). Biognosys will present a record number of 3 oral presentations, 10 scientific posters, 2 poster collaborations, 1 workshop panel, and 2 Spectronaut™ breakfast seminars. In addition, their team of scientific experts will be present at booth #224 to answer questions and demo software. Further demo sessions will be offered at the Bruker Daltonics booth #719. Collectively, this presence demonstrates Biognosys’ significant contributions to transforming life science and clinical research with next-generation proteomics, particularly in the areas of plasma proteomics, immunopeptidomics, and proteomics data analysis. Lukas Re

SHV Energy Implements Global Remote LPG Tank Monitoring With Sigfox Netherlands’ 0G Network and Reduces Carbon Emissions21.10.2021 17:00:00 EEST | Press release

SHV Energy and Sigfox are rolling out a global LPG tank level monitoring solution. The implementation has started in France, Belgium and Germany and is already generating lower carbon emissions and improved customer satisfaction. Over the next three years, 50,000 units will be rolled out worldwide. Sigfox’s IoT (Internet of Things) asset monitoring capability enables SHV Energy to reduce the cost of tank level monitoring, while increasing efficiency and productivity. This press release features multimedia. View the full release here: https://www.businesswire.com/news/home/20211021005065/en/ SHV Energy LPG tank (Photo: Sigfox) SHV Energy, a leading global distributor of off-grid energy such as LPG, LNG, biofuels and renewables, with 30 million customers in 25 countries and 16,700 employees, selected to work with Sigfox, a world’s leading IoT communication service provider and 0G network pioneer. SHV Energy set-up a Telemetry Centre of Excellence and used Sigfox’ solutions and partner At

SSZN Selects Newsight's NSI1000 Chip for Its Advanced Industry 4.0 Production Line Sensors21.10.2021 16:50:00 EEST | Press release

Newsight Imaging Ltd., an innovative semiconductor company developing machine vision sensors, spectral vision chips and systems, announces a commercial agreement with SSZN. SSZN is a leader in developing smart industry 4.0 solutions for supporting automated production line supervision. Newsight will provide SSZN with the NSI1000 - its new and advanced sensor chip. The deal follows a successful design-win where SSZN conducted an evaluation using the NSI1000 chip, closely supported by Newsight's engineering teams in Israel and Shenzhen. The first order of 100,000 chips will be supplied in the upcoming months. The NSI1000 CMOS Image sensor chip, launched by Newsight last year, consists of 32 lines of 1024 pixels and it supports multiple modes, such as multi-triangulation for state-of-the-art accuracy and fast operation on production line inspection. The sensor implements Newsight's enhanced Time of Flight (eTOF™) technology for advanced, long-range, and high-resolution 3D depth image capt

Esper and Lenovo Collaborate on Android Device Deployment in Enterprises21.10.2021 16:05:00 EEST | Press release

DevOps for Devices leader Esper and Lenovo™ are teaming up to place Esper software on key models of Lenovo Android tablets and other intelligent business devices. This collaboration allows enterprises that manage large fleets of devices to focus on their critical line-of-business applications, leaving the device infrastructure and management tasks to Lenovo and Esper’s joint solution. This press release features multimedia. View the full release here: https://www.businesswire.com/news/home/20211021005372/en/ Lenovo K10 Tablet (Photo: Business Wire) As the fastest-growing tablet maker (YoY) last quarter1, Lenovo’s expertise in smarter device design, engineering and user experiences combines with Esper’s modern, DevOps-powered device infrastructure software that lets organizations of every size and segment (e.g. healthcare, retail, hospitality), easily set up, manage, better secure, and maintain large fleets of devices on their journey to digital transformation. “With proprietary feature

Finalist Teams Selected in $10M ANA Avatar XPRIZE Competition21.10.2021 16:00:00 EEST | Press release

XPRIZE, the world’s leader in designing and operating incentive competitions to solve humanity’s grand challenges, announced today that 15 teams from 8 countries are advancing to the finals round of the $10M ANA Avatar XPRIZE competition. Sponsored by All Nippon Airways (ANA), Japan’s largest airline, the Avatar XPRIZE is a four-year global competition focused on the development of an avatar system that will deploy a human’s senses, actions, and presence to a remote location in real time, leading to a more connected world. In the future, avatars could help provide critical care and deploy immediate responses in emergency situations, or offer opportunities for exploration and new ways of collaboration, stretching the boundaries of what is possible and maximizing the impact of skill and knowledge sharing. These avatars must demonstrate the ability to execute tasks across a variety of real-world scenarios and convey a sense of presence for both the operator and the recipient in those inte

In our pressroom you can read all our latest releases, find our press contacts, images, documents and other relevant information about us.

Visit our pressroom