Business Wire

TX-HITRUST

Share
HITRUST® to Address Market Gaps in Reliability and Challenges in the Exchange of Security and Privacy Assessments

HITRUST® announced today a major expansion of its assessment portfolio to raise the quality and efficiency of assurances across the spectrum of information assurance needs. HITRUST also is unveiling a new evolutionary approach to streamline the exchange and consumption of assessment results across the ecosystem of relying parties.

HITRUST CSF Certification is the most reliable information assurance report on the market and made possible by the transparency and consistency in the selection of controls, and in the scoring, and validation of controls by both qualified third-party assessors and the HITRUST Assurance and Quality teams. The assurance process is rigorous by design to ensure a high level of assurance in the results provided. However, there are many situations where a moderate or low level of assurance is warranted. Organizations are seeking a broader range of assessment options that require less effort and time to perform while still providing a commensurate level of reliability for moderate- to lower-risk scenarios.

To meet the market needs for varying levels of assurance with higher reliability, HITRUST is adding two new assessment offerings. Like the HITRUST CSF Validated Assessment, these new offerings will aid in understanding control effectiveness as well as cyber preparedness and resilience. With the two new additions, the HITRUST assessment portfolio will include:

  • The Basic Current State (bC) Assessment is a “good hygiene” assessment and offers higher reliability than self-assessments and questionnaires by utilizing the HITRUST Assurance Intelligence Engine™ (AI Engine) to identify errors, omissions, and deceit.
  • The Implemented One-Year (i1) Validated Assessment is a “best practices” assessment and recommended for situations that present moderate risk or where a baseline risk assessment is needed. The i1 is designed to provide higher levels of transparency, integrity, and reliability over existing moderate assurance reports, with comparable levels of time, effort, and cost. HITRUST Authorized External Assessors will validate i1 assessments.
  • The industry standard HITRUST CSF Validated Assessment is a risk-based and tailorable assessment, which continues to provide the highest level of assurance for situations with greater risk exposure due to data volumes, regulatory compliance, or other risk factors. The HITRUST CSF Validated Assessment will be renamed the Risk-based, Two-Year (r2) Validated Assessment.

Until now, most low to moderate risk assessment mechanisms were either self-attested or validated against unsuitable or inconsistent control selection and limited and subjective assurance programs; which makes it difficult for relying parties to understand the control requirements and depth, breadth, and consistency of the assurance process, limiting the usefulness and reliability of the results.

“Often, organizations utilize mid-level assurance reports such as a SOC 2 report because they take less time and effort while being less costly. Unfortunately, these mid-level assurance reports lack the consistency and reliability of more comprehensive assessments like HITRUST,” said John Houston, Vice President of Information Security and Privacy at UPMC. “The HITRUST i1 Assessment fills a gap in the market for a medium assurance assessment that delivers a higher level of reliability and consistency while having a similar effort and cost to a SOC 2 report. And it can help the organization move towards full HITRUST CSF Certification—which organizations like UPMC view as the gold standard.”

While reliability is crucial for assurance, the accessibility, usability, and consumption of the results are just as important if organizations are to manage supply chain risk given evolving cyber threats. The current method of obtaining and consuming assessment results by the relying party often results in delays, inefficiencies, and misinterpretations as it is based on the exchange of PDF files that are reviewed to determine the scope, scoring, and corrective action plans before key information is often manually entered into a third-party risk management (TPRM) system.

To meet the expanding demand for effective information risk management across the supply chain, the HITRUST Results Distribution System (RDS) will enable assessed entities to deliver their HITRUST Assessment results through a secure, centralized reporting hub to relying parties, eliminating the need for exchanging PDFs and the manual review and entry into third-party systems that subsequently occurs. Recipients will be able to customize dashboards to view the results that interest them most, including scope, aggregate, or specific control scores. In addition, integration with GRC/VRM platforms will be available via API.

“For third-party risk management systems to achieve their full potential in helping organizations manage their vendor risk, assessment results need to be electronically shared and consumed,” said Jeremy Fisher, Vice President of Product at Archer. “HITRUST’s Results Distribution System is a big step in making that possible and will be a strong complement to our focus on vendor interaction through Archer Engage.”

The expansion of the HITRUST Assessment Portfolio and the addition of the RDS further extend HITRUST’s position as an innovator and leader in information risk management, compliance, and assurance. HITRUST continues to drive higher assurances and greater efficiencies into the assurance ecosystem. “HITRUST is building upon our market leadership in providing Rely-Able assurances by introducing moderate and low-level information assurance products,” said Bimal Sheth, Executive Vice President, Standards Development and Assurance Operations, HITRUST. “No other assessment or certification organization is able to meet the expanding global market need for information assessments and electronic results distribution.”

The industry standard r2 assessment (HITRUST CSF Validated Assessment) is currently available while the bC and i1 assessments will be offered to the market later this year. Any i1 or r2 assessment submitted with a reservation is backed by a service-level guarantee to deliver the assessment report within 45 days.

To Learn More:

Register for the Webinar

Expanded Assessment Portfolio

Results Distribution System

About HITRUST®

Since it was founded in 2007, HITRUST has championed programs that safeguard sensitive information and manage information risk for organizations across all industries and throughout the third-party supply chain. In collaboration with privacy, information security, and risk management leaders from the public and private sectors, HITRUST develops, maintains, and provides broad access to its widely adopted common risk and compliance management frameworks as well as related assessment and assurance methodologies. For more information, visit www.hitrustalliance.net .

About Business Wire

Business Wire
Business Wire
101 California Street, 20th Floor
CA 94111 San Francisco

http://businesswire.com

Subscribe to releases from Business Wire

Subscribe to all the latest releases from Business Wire by registering your e-mail address below. You can unsubscribe at any time.

Latest releases from Business Wire

LTIMindtree Launches GCC-as-a-Service1.7.2025 11:30:00 CEST | Press release

An integrated, AI-powered offering with deep industry expertise to drive growth and transformation LTIMindtree [NSE: LTIM, BSE: 540005], a global technology consulting and digital solutions company today introduced its GCC-as-a-Service. The services cater to organizations that may want to set up GCCs, scale their existing ones to optimize costs and create added value. The catalogue covers a spectrum of Build, Operate, Transform and Transfer services, offering clients the option to pick and choose what they require. GCC-as-a-Service commercials are designed on a per-seat or per service basis to ensure cost optimization and value realization. LTIMindtree’s Talent Solutions, part of our Build Services enables clients efficiently onboard business-ready talent from day one through its in-house AI-powered talent acquisition ecosystem. As a part of Transform Services, the Company provides industry specific offerings; technological solutions and frameworks that lead to acceleration of value re

Network Failures Cost $5M A Year for More Than a Quarter of Global Businesses, According to Expereo1.7.2025 10:00:00 CEST | Press release

Half of global businesses have been forced to urgently re-evaluate their tech infrastructure following a wave of high-profile IT outages Network instability is taking a serious toll on global businesses, with over a quarter (28%) reporting revenue losses of up to $5 million due to network outages or poor performance. Alarmingly, an additional 23% have experienced losses exceeding $5 million. These findings come from an IDC InfoBrief commissioned by Expereo, titled “Enterprise Horizons 2025: Technology Leaders Priorities: Achieving Digital Agility.” Following a series of high-profile IT disruptions over the past year, ranging from cybersecurity breaches to connectivity failures, nearly half (49%) of global businesses have been compelled to re-evaluate their technology infrastructure, and 40% of global tech leaders say it’s caused networking and connectivity to rise higher up the C-suite agenda. Perhaps as a result, networking/connectivity now comes out on top in terms of the technologie

Record Financing for NeXtWind: €1.4 Billion for the Expansion of Wind Energy in Germany1.7.2025 09:52:00 CEST | Press release

Innovative platform financing enables debt investments in renewable energy on an unprecedented scale NeXtWind plans to quadruple the capacity of more than half of its 37 wind farms by 2028 as part of an increase of its total generation capacity to 3 GW Lars B. Meyer, Co-CEO of NeXtWind, said: “Thanks to this novel platform approach, we can optimize our wind farms more quickly and accelerate our growth. In the long term, we aim to transform them into state-of-the-art, integrated clean energy hubs.” NeXtWind, a leading renewable energy company, has secured €1.4 billion in debt financing. The agreement also includes an additional €1.3 billion in so-called accordion facilities, which can be activated in tranches over the coming years. This syndicated loan is the largest of its kind for an independent wind energy provider in Germany, and it opens the onshore wind market to debt investments from major financial institutions both domestically and internationally. NeXtWind will use the new fin

Celero Ventures Opens $25 Million Early-Stage Fund to Investors Backing the Next Generation of European Software Companies1.7.2025 09:30:00 CEST | Press release

Celero Ventures, a new venture capital firm founded by experienced software operators Dave Wyatt and Nick Cochran, is now raising its debut $25 million fund to invest in early-stage startups across the UK and Europe. The fund, which is already 25% subscribed, targets pre-seed and seed-stage companies building next-generation AI and data infrastructure. This press release features multimedia. View the full release here: https://www.businesswire.com/news/home/20250701820933/en/ Nick Cochran and David Wyatt (right) Founders of Celero Ventures Based in London, Celero Ventures is inviting limited partners (LPs) to join its mission of backing exceptional technical founders and accelerating their path to product-market fit and scalable growth. Wyatt and Cochran bring a rare combination of deep go-to-market (GTM) experience and startup leadership. Together, they helped scale both MuleSoft and Databricks—two of the most successful enterprise software companies of the past decade. Their experien

3GPP MCX Standards-Based Hytera HyTalk MC 6.0 Released Globally1.7.2025 09:00:00 CEST | Press release

Hytera, a leading global provider of professional communications technologies and solutions, announced the worldwide release of Hytera HyTalk MC 6.0, its new-generation broadband mission-critical communication platform fully compliant with the 3GPP MCX standard Release 18. As a key part of Hytera’s convergence-native communications strategy, it delivers inclusive, efficient and secure communication over LTE cellular network. Hytera HyTalk MC 6.0 leverages 3GPP standard interfaces and Hytera’s proprietary protocols to enable deep interworking across different technologies and vendors. It enables real-time mapping between the signaling of 3GPP MCX and Hytera DMR, and interconnects with HyteraTETRA systems, allowing a smooth migration path to data-rich communications for mission- and business-critical institutions and users. Hytera DMR or TETRA two-way radios can communicate with LTE/5G terminals through the Hytera HyTalk MC platform in a hybrid network. The Ad-Hoc Temporary Group Call fe

In our pressroom you can read all our latest releases, find our press contacts, images, documents and other relevant information about us.

Visit our pressroom
World GlobeA line styled icon from Orion Icon Library.HiddenA line styled icon from Orion Icon Library.Eye