Business Wire

HITRUST® to Address Market Gaps in Reliability and Challenges in the Exchange of Security and Privacy Assessments

6.10.2021 16:00:00 EEST | Business Wire | Press release

Share

HITRUST® announced today a major expansion of its assessment portfolio to raise the quality and efficiency of assurances across the spectrum of information assurance needs. HITRUST also is unveiling a new evolutionary approach to streamline the exchange and consumption of assessment results across the ecosystem of relying parties.

HITRUST CSF Certification is the most reliable information assurance report on the market and made possible by the transparency and consistency in the selection of controls, and in the scoring, and validation of controls by both qualified third-party assessors and the HITRUST Assurance and Quality teams. The assurance process is rigorous by design to ensure a high level of assurance in the results provided. However, there are many situations where a moderate or low level of assurance is warranted. Organizations are seeking a broader range of assessment options that require less effort and time to perform while still providing a commensurate level of reliability for moderate- to lower-risk scenarios.

To meet the market needs for varying levels of assurance with higher reliability, HITRUST is adding two new assessment offerings. Like the HITRUST CSF Validated Assessment, these new offerings will aid in understanding control effectiveness as well as cyber preparedness and resilience. With the two new additions, the HITRUST assessment portfolio will include:

  • The Basic Current State (bC) Assessment is a “good hygiene” assessment and offers higher reliability than self-assessments and questionnaires by utilizing the HITRUST Assurance Intelligence Engine™ (AI Engine) to identify errors, omissions, and deceit.
  • The Implemented One-Year (i1) Validated Assessment is a “best practices” assessment and recommended for situations that present moderate risk or where a baseline risk assessment is needed. The i1 is designed to provide higher levels of transparency, integrity, and reliability over existing moderate assurance reports, with comparable levels of time, effort, and cost. HITRUST Authorized External Assessors will validate i1 assessments.
  • The industry standard HITRUST CSF Validated Assessment is a risk-based and tailorable assessment, which continues to provide the highest level of assurance for situations with greater risk exposure due to data volumes, regulatory compliance, or other risk factors. The HITRUST CSF Validated Assessment will be renamed the Risk-based, Two-Year (r2) Validated Assessment.

Until now, most low to moderate risk assessment mechanisms were either self-attested or validated against unsuitable or inconsistent control selection and limited and subjective assurance programs; which makes it difficult for relying parties to understand the control requirements and depth, breadth, and consistency of the assurance process, limiting the usefulness and reliability of the results.

“Often, organizations utilize mid-level assurance reports such as a SOC 2 report because they take less time and effort while being less costly. Unfortunately, these mid-level assurance reports lack the consistency and reliability of more comprehensive assessments like HITRUST,” said John Houston, Vice President of Information Security and Privacy at UPMC. “The HITRUST i1 Assessment fills a gap in the market for a medium assurance assessment that delivers a higher level of reliability and consistency while having a similar effort and cost to a SOC 2 report. And it can help the organization move towards full HITRUST CSF Certification—which organizations like UPMC view as the gold standard.”

While reliability is crucial for assurance, the accessibility, usability, and consumption of the results are just as important if organizations are to manage supply chain risk given evolving cyber threats. The current method of obtaining and consuming assessment results by the relying party often results in delays, inefficiencies, and misinterpretations as it is based on the exchange of PDF files that are reviewed to determine the scope, scoring, and corrective action plans before key information is often manually entered into a third-party risk management (TPRM) system.

To meet the expanding demand for effective information risk management across the supply chain, the HITRUST Results Distribution System (RDS) will enable assessed entities to deliver their HITRUST Assessment results through a secure, centralized reporting hub to relying parties, eliminating the need for exchanging PDFs and the manual review and entry into third-party systems that subsequently occurs. Recipients will be able to customize dashboards to view the results that interest them most, including scope, aggregate, or specific control scores. In addition, integration with GRC/VRM platforms will be available via API.

“For third-party risk management systems to achieve their full potential in helping organizations manage their vendor risk, assessment results need to be electronically shared and consumed,” said Jeremy Fisher, Vice President of Product at Archer. “HITRUST’s Results Distribution System is a big step in making that possible and will be a strong complement to our focus on vendor interaction through Archer Engage.”

The expansion of the HITRUST Assessment Portfolio and the addition of the RDS further extend HITRUST’s position as an innovator and leader in information risk management, compliance, and assurance. HITRUST continues to drive higher assurances and greater efficiencies into the assurance ecosystem. “HITRUST is building upon our market leadership in providing Rely-Able assurances by introducing moderate and low-level information assurance products,” said Bimal Sheth, Executive Vice President, Standards Development and Assurance Operations, HITRUST. “No other assessment or certification organization is able to meet the expanding global market need for information assessments and electronic results distribution.”

The industry standard r2 assessment (HITRUST CSF Validated Assessment) is currently available while the bC and i1 assessments will be offered to the market later this year. Any i1 or r2 assessment submitted with a reservation is backed by a service-level guarantee to deliver the assessment report within 45 days.

To Learn More:

Register for the Webinar

Expanded Assessment Portfolio

Results Distribution System

About HITRUST®

Since it was founded in 2007, HITRUST has championed programs that safeguard sensitive information and manage information risk for organizations across all industries and throughout the third-party supply chain. In collaboration with privacy, information security, and risk management leaders from the public and private sectors, HITRUST develops, maintains, and provides broad access to its widely adopted common risk and compliance management frameworks as well as related assessment and assurance methodologies. For more information, visit www.hitrustalliance.net.

To view this piece of content from cts.businesswire.com, please give your consent at the top of this page.

Contact information

Media Contact: Marc Fitzpatrick, e: marc.fitzpatrick@hitrustalliance.net, t: 469.269.1230

About Business Wire

For more than 50 years, Business Wire has been the global leader in press release distribution and regulatory disclosure.

Subscribe to releases from Business Wire

Subscribe to all the latest releases from Business Wire by registering your e-mail address below. You can unsubscribe at any time.

Latest releases from Business Wire

Loomis Sayles Growth Equity Strategies Team Celebrates Twenty-Year Milestones7.7.2026 17:36:00 EEST | Press release

Loomis, Sayles & Company, the century-old investment manager with nearly $418 billion in assets under management, proudly celebrates the 20-year anniversaries of the Loomis Sayles Large Cap Growth and the Loomis Sayles All Cap Growth strategies, as well as a differentiated approach to growth equity investing under the leadership of Aziz V. Hamzaogullari, CFA, the founder, chief investment officer and portfolio manager of the Loomis Sayles Growth Equity Strategies (GES) Team. Aziz is also an executive vice president and a member of the firm’s Board of Directors. This press release features multimedia. View the full release here: https://www.businesswire.com/news/home/20260707992418/en/ Celebrating 20 Years of The Power of Active Management Done Right GES is a cohesive team with 20 years of alpha generation and a long-term, private equity approach to investing. Under Aziz Hamzaogullari’s leadership since 2010, assets under management for GES have grown from $1.9 billion to $98.2 billion

Integral Ad Science Appoints Lidiane Jones Chief Executive Officer7.7.2026 16:35:00 EEST | Press release

Integral Ad Science (IAS), one of the world's most trusted media quality companies, today announced the appointment of Lidiane Jones as Chief Executive Officer, effective immediately. Jones succeeds Lisa Utzschneider, who led IAS for more than seven years and will remain with the company as Special Advisor to the Board through the end of 2026 to support a seamless transition. Utzschneider will also serve as a Special Advisor to Novacap and their portfolio companies. This press release features multimedia. View the full release here: https://www.businesswire.com/news/home/20260707780892/en/ Lidiane Jones: Integral Ad Science CEO, Photo Credit: Pamela Hanson The appointment reflects IAS's long-term strategic vision for the future of digital advertising. As AI transforms how media is planned, bought, measured, and optimized, advertisers increasingly need trusted intelligence to make real-time decisions. Jones's deep expertise across product, technology, and AI uniquely positions IAS to bu

Andersen Global Adds Collaborating Firm Abcoo Law Firm7.7.2026 16:30:00 EEST | Press release

Andersen Global strengthens its presence in Türkiye with collaborating firm Abcoo Law Firm, enhancing the organization’s existing platform in the country with the addition of legal capabilities. Founded in 2014, Abcoo advises local and international clients across a broad range of legal services, with experience in corporate and M&A, real estate and construction, dispute resolution, employment, compliance, banking and finance, competition and intellectual property law. The firm is consistently recognized as a top tier and leading firm by international publications, including The Legal 500. Abcoo supports organizations across a wide range of industries, including real estate and construction, retail, textile, cosmetics, automotive, logistics, chemicals, IT, energy, healthcare, manufacturing and financial services, providing strategic legal guidance and commercially focused solutions. “Our focus has always been on understanding each client’s objectives and providing practical, commercial

Altasciences and Evidence Matters Advance AI-Driven Drug Development With Nonclinical Automation Breakthrough7.7.2026 16:00:00 EEST | Press release

Altasciences, a fully integrated early-phase drug development organization, and Evidence Matters, a pioneer in clinical trial data science, are pleased to announce a successful proof-of-concept (POC) of RegulatoryFlow (“RegFlow”), following the announcement of the companies’ strategic collaboration in August 2025. The POC demonstrated the extension of AI-driven efficiencies from clinical reporting into nonclinical workflows, marking a significant step forward in accelerating drug development timelines. Building on proven results in clinical reporting, where the collaboration has achieved up to first-draft clinical study reports (CSRs), the teams have now successfully applied similar AI capabilities to nonclinical data through high-quality parsing of raw and SEND datasets in a proof-of-concept. This advancement aligns with the Altasciences Acceleration Platform, designed to fast-track drug development across the early-phase development continuum. “This milestone reflects the power of in

Gurobi Launches Intelligence Hub to Deliver AI-Guided Workflows Across the Optimization Lifecycle7.7.2026 16:00:00 EEST | Press release

Gurobi Optimization, LLC, the leader in decision intelligence technology, today announced the launch of the Gurobi Intelligence Hub, the new home for Gurobi’s AI-powered optimization agents. The Intelligence Hub is designed to help users build, understand, troubleshoot, and interact with optimization models more effectively. Together, the Hub’s specialized agents leverage generative AI to guide users through workflows across the optimization lifecycle, creating new opportunities to make optimization more accessible, intuitive, and valuable for a broader range of users. The Modeler combines guided workflows with Gurobi’s optimization expertise to help users move from business problem to production-quality optimization model. Through an iterative process that helps refine requirements, validate assumptions, and develop acceptance tests, the Modeler gives users confidence that their model accurately reflects the intended business problem.The Explainer helps users interpret model instances

In our pressroom you can read all our latest releases, find our press contacts, images, documents and other relevant information about us.

Visit our pressroom
World GlobeA line styled icon from Orion Icon Library.HiddenA line styled icon from Orion Icon Library.Eye