Business Wire

TX-HITRUST

6.10.2021 15:02:10 CEST | Business Wire | Press release

Share
HITRUST® to Address Market Gaps in Reliability and Challenges in the Exchange of Security and Privacy Assessments

HITRUST® announced today a major expansion of its assessment portfolio to raise the quality and efficiency of assurances across the spectrum of information assurance needs. HITRUST also is unveiling a new evolutionary approach to streamline the exchange and consumption of assessment results across the ecosystem of relying parties.

HITRUST CSF Certification is the most reliable information assurance report on the market and made possible by the transparency and consistency in the selection of controls, and in the scoring, and validation of controls by both qualified third-party assessors and the HITRUST Assurance and Quality teams. The assurance process is rigorous by design to ensure a high level of assurance in the results provided. However, there are many situations where a moderate or low level of assurance is warranted. Organizations are seeking a broader range of assessment options that require less effort and time to perform while still providing a commensurate level of reliability for moderate- to lower-risk scenarios.

To meet the market needs for varying levels of assurance with higher reliability, HITRUST is adding two new assessment offerings. Like the HITRUST CSF Validated Assessment, these new offerings will aid in understanding control effectiveness as well as cyber preparedness and resilience. With the two new additions, the HITRUST assessment portfolio will include:

  • The Basic Current State (bC) Assessment is a “good hygiene” assessment and offers higher reliability than self-assessments and questionnaires by utilizing the HITRUST Assurance Intelligence Engine™ (AI Engine) to identify errors, omissions, and deceit.
  • The Implemented One-Year (i1) Validated Assessment is a “best practices” assessment and recommended for situations that present moderate risk or where a baseline risk assessment is needed. The i1 is designed to provide higher levels of transparency, integrity, and reliability over existing moderate assurance reports, with comparable levels of time, effort, and cost. HITRUST Authorized External Assessors will validate i1 assessments.
  • The industry standard HITRUST CSF Validated Assessment is a risk-based and tailorable assessment, which continues to provide the highest level of assurance for situations with greater risk exposure due to data volumes, regulatory compliance, or other risk factors. The HITRUST CSF Validated Assessment will be renamed the Risk-based, Two-Year (r2) Validated Assessment.

Until now, most low to moderate risk assessment mechanisms were either self-attested or validated against unsuitable or inconsistent control selection and limited and subjective assurance programs; which makes it difficult for relying parties to understand the control requirements and depth, breadth, and consistency of the assurance process, limiting the usefulness and reliability of the results.

“Often, organizations utilize mid-level assurance reports such as a SOC 2 report because they take less time and effort while being less costly. Unfortunately, these mid-level assurance reports lack the consistency and reliability of more comprehensive assessments like HITRUST,” said John Houston, Vice President of Information Security and Privacy at UPMC. “The HITRUST i1 Assessment fills a gap in the market for a medium assurance assessment that delivers a higher level of reliability and consistency while having a similar effort and cost to a SOC 2 report. And it can help the organization move towards full HITRUST CSF Certification—which organizations like UPMC view as the gold standard.”

While reliability is crucial for assurance, the accessibility, usability, and consumption of the results are just as important if organizations are to manage supply chain risk given evolving cyber threats. The current method of obtaining and consuming assessment results by the relying party often results in delays, inefficiencies, and misinterpretations as it is based on the exchange of PDF files that are reviewed to determine the scope, scoring, and corrective action plans before key information is often manually entered into a third-party risk management (TPRM) system.

To meet the expanding demand for effective information risk management across the supply chain, the HITRUST Results Distribution System (RDS) will enable assessed entities to deliver their HITRUST Assessment results through a secure, centralized reporting hub to relying parties, eliminating the need for exchanging PDFs and the manual review and entry into third-party systems that subsequently occurs. Recipients will be able to customize dashboards to view the results that interest them most, including scope, aggregate, or specific control scores. In addition, integration with GRC/VRM platforms will be available via API.

“For third-party risk management systems to achieve their full potential in helping organizations manage their vendor risk, assessment results need to be electronically shared and consumed,” said Jeremy Fisher, Vice President of Product at Archer. “HITRUST’s Results Distribution System is a big step in making that possible and will be a strong complement to our focus on vendor interaction through Archer Engage.”

The expansion of the HITRUST Assessment Portfolio and the addition of the RDS further extend HITRUST’s position as an innovator and leader in information risk management, compliance, and assurance. HITRUST continues to drive higher assurances and greater efficiencies into the assurance ecosystem. “HITRUST is building upon our market leadership in providing Rely-Able assurances by introducing moderate and low-level information assurance products,” said Bimal Sheth, Executive Vice President, Standards Development and Assurance Operations, HITRUST. “No other assessment or certification organization is able to meet the expanding global market need for information assessments and electronic results distribution.”

The industry standard r2 assessment (HITRUST CSF Validated Assessment) is currently available while the bC and i1 assessments will be offered to the market later this year. Any i1 or r2 assessment submitted with a reservation is backed by a service-level guarantee to deliver the assessment report within 45 days.

To Learn More:

Register for the Webinar

Expanded Assessment Portfolio

Results Distribution System

About HITRUST®

Since it was founded in 2007, HITRUST has championed programs that safeguard sensitive information and manage information risk for organizations across all industries and throughout the third-party supply chain. In collaboration with privacy, information security, and risk management leaders from the public and private sectors, HITRUST develops, maintains, and provides broad access to its widely adopted common risk and compliance management frameworks as well as related assessment and assurance methodologies. For more information, visit www.hitrustalliance.net .

About Business Wire

Business Wire
Business Wire
101 California Street, 20th Floor
CA 94111 San Francisco

http://businesswire.com

Subscribe to releases from Business Wire

Subscribe to all the latest releases from Business Wire by registering your e-mail address below. You can unsubscribe at any time.

Latest releases from Business Wire

Dompé Doses First Patient in Phase 3 Study of Cenegermin-bkbj in NAION14.7.2026 14:00:00 CEST | Press release

Non-arteritic anterior ischemic optic neuropathy (NAION) is a loss of blood flow to the optic nerve which causes spontaneous and rapid vision loss, for which there are currently no FDA-approved treatments. Given the substantial unmet need for effective treatments in NAION, in October 2025, Dompé was awarded a Commissioner’s National Priority Review Voucher (CNPV) by the US FDA to accelerate a potential Biologics License Application for intranasal nerve growth factor (NGF) in NAION. Dompé, a biopharmaceutical company with operations in Italy and the US, announced the first patient has been enrolled in a Phase 3 study of cenegermin-bkbj for the treatment of non-arteritic anterior ischemic neuropathy (NAION). Involving more than 130 centers globally, the Phase 3 trial, “Galassia-NAION-301” is a multicenter, double-blind study comparing cenegermin-bkbj against placebo in improving vision loss caused by NAION. “Our NGF R&D program continues to accelerate with our third clinical study of 202

CE-IVDR Mark for Hologic’s Aptima® HPV Test Expanded to Include Self-Collected Sample Claim in Cervical Cancer Screening14.7.2026 14:00:00 CEST | Press release

New indication in the European Union and the UK offers alternative method of screening especially for women who are not currently participating Hologic, Inc. announced today that its Aptima® HPV Assay received an expanded CE-IVDR marking in the European Union and the UK and is now approved for self-collected vaginal samples using the Aptima Multitest Specimen Collection Kit. This press release features multimedia. View the full release here: https://www.businesswire.com/news/home/20260714358586/en/ Hologic’s Aptima® HPV Assay and Aptima Multitest Specimen Collection Kit Cervical cancer is the fourth most common cancer in women but is largely preventable through HPV vaccination and regular screening.1 Evidence shows that organized screening and early detection reduces deaths from cervical cancer, with mortality reduction rates in Europe ranging from 41% to 92%.2 However, even in countries with an established cervical screening program, screening participation rates vary widely, from 25%

Cover Genius Raises USD $100M Backed by Vista Credit Partners, Reaching USD $1.9 Billion Valuation as it Advances AI-First Platform and Global Expansion14.7.2026 14:00:00 CEST | Press release

Accelerating the AI roadmap and next era of embedded protection Cover Genius, the global infrastructure for embedded protection, today announced a USD $100M capital raise, backed by Vista Credit Partners, a subsidiary of Vista Equity Partners and strategic financing partner focused on enterprise software. The raise values the business at USD $1.9 billion, advancing a new chapter for the company. Cover Genius operates a B2B2C embedded protection platform that connects 200+ partners with 50+ global insurance carriers to protect over 70 million end customers at the point of sale across travel, retail, ticketing and logistics. Unlike traditional insurers, Cover Genius dynamically adapts product design, pricing, and presentation in real time to match each merchant's unique customer journey and geography mix. “We’ve spent more than a decade building the trust layer the world’s largest digital companies rely on to protect their customers. Today’s raise is about broadening possibilities: movin

Esri to Debut the Power of Where Collection at 2026 Esri User Conference14.7.2026 14:00:00 CEST | Press release

New Titles Expand on Landmark Work to Showcase How GIS Drives Better Decisions Across Water and Land Management Esri will debut the Power of Where Collection at the 2026 Esri User Conference. The collection builds on the 2024 book The Power of Where by Jack Dangermond, extending its ideas into real-world GIS applications. New titles in the collection highlight GIS uses in water forecasting, land records, infrastructure planning, and economic development. The series demonstrates how spatial analysis helps organizations address challenges including sustainability, climate resilience, and governance. Esri, the global leader in location intelligence, will debut the Power of Where Collection at the 2026 Esri User Conference in July. The collection builds on the ideas introduced in The Power of Where: A Geographic Approach to the World's Greatest Challenges, by Esri president Jack Dangermond, published in 2024. The new collection expands these foundational concepts into focused, real-world a

Esri Introduces ArcGIS for ServiceNow, Bringing Location Intelligence into Everyday Enterprise Workflows14.7.2026 14:00:00 CEST | Press release

New Integration Connects Platforms, Enabling Real-Time Mapping Directly Within Existing Systems Esri is launching ArcGIS for ServiceNow, an integration that connects ServiceNow, the AI control tower for business reinvention, with ArcGIS, bringing location intelligence into everyday enterprise workflows. The solution supports organizations across commercial, government, health care, utilities, energy, telecom, and other sectors. Users can visualize incidents, assets, work orders, facilities, and other business data on maps in real time within ServiceNow or ArcGIS, improving decision-making and operational efficiency. The integration eliminates data duplication by enabling seamless data sharing between systems, bridging business records with geographic context. ArcGIS for ServiceNow will debut in beta shortly after Esri User Conference. Esri, the global leader in geographic information system (GIS) technology, has announced ArcGIS for ServiceNow, connecting the two platforms for the firs

In our pressroom you can read all our latest releases, find our press contacts, images, documents and other relevant information about us.

Visit our pressroom
World GlobeA line styled icon from Orion Icon Library.HiddenA line styled icon from Orion Icon Library.Eye