TX-HITRUST
6.10.2021 15:02:10 CEST | Business Wire | Press release
HITRUST® announced today a major expansion of its assessment portfolio to raise the quality and efficiency of assurances across the spectrum of information assurance needs. HITRUST also is unveiling a new evolutionary approach to streamline the exchange and consumption of assessment results across the ecosystem of relying parties.
HITRUST CSF Certification is the most reliable information assurance report on the market and made possible by the transparency and consistency in the selection of controls, and in the scoring, and validation of controls by both qualified third-party assessors and the HITRUST Assurance and Quality teams. The assurance process is rigorous by design to ensure a high level of assurance in the results provided. However, there are many situations where a moderate or low level of assurance is warranted. Organizations are seeking a broader range of assessment options that require less effort and time to perform while still providing a commensurate level of reliability for moderate- to lower-risk scenarios.
To meet the market needs for varying levels of assurance with higher reliability, HITRUST is adding two new assessment offerings. Like the HITRUST CSF Validated Assessment, these new offerings will aid in understanding control effectiveness as well as cyber preparedness and resilience. With the two new additions, the HITRUST assessment portfolio will include:
- The Basic Current State (bC) Assessment is a “good hygiene” assessment and offers higher reliability than self-assessments and questionnaires by utilizing the HITRUST Assurance Intelligence Engine™ (AI Engine) to identify errors, omissions, and deceit.
- The Implemented One-Year (i1) Validated Assessment is a “best practices” assessment and recommended for situations that present moderate risk or where a baseline risk assessment is needed. The i1 is designed to provide higher levels of transparency, integrity, and reliability over existing moderate assurance reports, with comparable levels of time, effort, and cost. HITRUST Authorized External Assessors will validate i1 assessments.
- The industry standard HITRUST CSF Validated Assessment is a risk-based and tailorable assessment, which continues to provide the highest level of assurance for situations with greater risk exposure due to data volumes, regulatory compliance, or other risk factors. The HITRUST CSF Validated Assessment will be renamed the Risk-based, Two-Year (r2) Validated Assessment.
Until now, most low to moderate risk assessment mechanisms were either self-attested or validated against unsuitable or inconsistent control selection and limited and subjective assurance programs; which makes it difficult for relying parties to understand the control requirements and depth, breadth, and consistency of the assurance process, limiting the usefulness and reliability of the results.
“Often, organizations utilize mid-level assurance reports such as a SOC 2 report because they take less time and effort while being less costly. Unfortunately, these mid-level assurance reports lack the consistency and reliability of more comprehensive assessments like HITRUST,” said John Houston, Vice President of Information Security and Privacy at UPMC. “The HITRUST i1 Assessment fills a gap in the market for a medium assurance assessment that delivers a higher level of reliability and consistency while having a similar effort and cost to a SOC 2 report. And it can help the organization move towards full HITRUST CSF Certification—which organizations like UPMC view as the gold standard.”
While reliability is crucial for assurance, the accessibility, usability, and consumption of the results are just as important if organizations are to manage supply chain risk given evolving cyber threats. The current method of obtaining and consuming assessment results by the relying party often results in delays, inefficiencies, and misinterpretations as it is based on the exchange of PDF files that are reviewed to determine the scope, scoring, and corrective action plans before key information is often manually entered into a third-party risk management (TPRM) system.
To meet the expanding demand for effective information risk management across the supply chain, the HITRUST Results Distribution System (RDS) will enable assessed entities to deliver their HITRUST Assessment results through a secure, centralized reporting hub to relying parties, eliminating the need for exchanging PDFs and the manual review and entry into third-party systems that subsequently occurs. Recipients will be able to customize dashboards to view the results that interest them most, including scope, aggregate, or specific control scores. In addition, integration with GRC/VRM platforms will be available via API.
“For third-party risk management systems to achieve their full potential in helping organizations manage their vendor risk, assessment results need to be electronically shared and consumed,” said Jeremy Fisher, Vice President of Product at Archer. “HITRUST’s Results Distribution System is a big step in making that possible and will be a strong complement to our focus on vendor interaction through Archer Engage.”
The expansion of the HITRUST Assessment Portfolio and the addition of the RDS further extend HITRUST’s position as an innovator and leader in information risk management, compliance, and assurance. HITRUST continues to drive higher assurances and greater efficiencies into the assurance ecosystem. “HITRUST is building upon our market leadership in providing Rely-Able assurances by introducing moderate and low-level information assurance products,” said Bimal Sheth, Executive Vice President, Standards Development and Assurance Operations, HITRUST. “No other assessment or certification organization is able to meet the expanding global market need for information assessments and electronic results distribution.”
The industry standard r2 assessment (HITRUST CSF Validated Assessment) is currently available while the bC and i1 assessments will be offered to the market later this year. Any i1 or r2 assessment submitted with a reservation is backed by a service-level guarantee to deliver the assessment report within 45 days.
To Learn More:
About HITRUST®
Since it was founded in 2007, HITRUST has championed programs that safeguard sensitive information and manage information risk for organizations across all industries and throughout the third-party supply chain. In collaboration with privacy, information security, and risk management leaders from the public and private sectors, HITRUST develops, maintains, and provides broad access to its widely adopted common risk and compliance management frameworks as well as related assessment and assurance methodologies. For more information, visit www.hitrustalliance.net .
View source version on businesswire.com: https://www.businesswire.com/news/home/20211006005249/en/
About Business Wire
Subscribe to releases from Business Wire
Subscribe to all the latest releases from Business Wire by registering your e-mail address below. You can unsubscribe at any time.
Latest releases from Business Wire
Andersen Global tilføjer samarbejdspartneren Abcoo Law Firm9.7.2026 20:28:00 CEST | Pressemeddelelse
Andersen Global styrker sin tilstedeværelse i Tyrkiet gennem en samarbejdsaftale med advokatfirmaet Abcoo Law Firm, der tilfører bredere juridiske kompetencer til organisationens eksisterende platform i landet. Abcoo blev grundlagt i 2014 og rådgiver lokale og internationale klienter inden for en bred vifte af juridiske tjenester med erfaring inden for selskabsret og M&A, fast ejendom og byggeri, tvistbilæggelse, ansættelsesret, compliance, bank og finans, konkurrenceret samt immaterialret. Firmaet nævnes konsekvent som værende blandt de førende advokatfirmaer af internationale publikationer, herunder The Legal 500. Abcoo understøtter organisationer på tværs af en lang række brancher, herunder ejendomshandel og byggeri, detailhandel, tekstil, kosmetik, bilindustrien, logistik, kemikalier, it, energi, sundhedsvæsnet, produktion og finansielle tjenesteydelser, inden for hvilke de yder strategisk juridisk rådgivning og kommercielt fokusererede løsninger. "Vores prioritet har altid været a
DEWA International Launched as a Wholly Owned Independent Subsidiary of DEWA to Develop Global Energy and Water Projects9.7.2026 18:07:00 CEST | Press release
HH Sheikh Ahmed bin Saeed Al Maktoum, Chairman of the Dubai Supreme Council of Energy, announced the establishment of ‘DEWA International’, a wholly owned independent subsidiary of Dubai Electricity and Water Authority (DEWA). The company aims to develop conventional and clean energy projects worldwide and export Dubai’s successful energy and water infrastructure model to global markets. This press release features multimedia. View the full release here: https://www.businesswire.com/news/home/20260709099653/en/ DEWA International launched as a wholly owned independent subsidiary of DEWA to develop global energy and water projects (Photo: AETOSWire) HH Sheikh Ahmed bin Saeed Al Maktoum said: “Thanks to the vision and directives of His Highness Sheikh Mohammed bin Rashid Al Maktoum, Vice President and Prime Minister of the UAE and Ruler of Dubai, Dubai has become a global model for achievement and accelerated development. Through its world-class infrastructure, particularly in the energy
Echodyne Opens New Manufacturing Facility to Meet Surging Global Demand for Advanced MESA® Radar9.7.2026 15:00:00 CEST | Press release
New Washington State facility provides capacity to manufacture more than 30,000 radars annually, strengthening the U.S. defense industrial base As governments around the world accelerate investment in counter-unmanned aircraft systems (C-UAS) and short-range air defense, Echodyne today announced the opening of a new advanced radar manufacturing facility in Washington State, significantly expanding its manufacturing capacity to meet rapidly growing demand from U.S. and allied customers. With millions of drones manufactured and used by both sides in the Russian War in Ukraine, the need for enhanced safety for defense, national security, and critical infrastructure assets grows with every successful strike and interception. The low cost and high utility of drones dramatically alters the need for safety and security sensors. And as the low altitude economy takes off, hundreds of thousands of drones will perform a range of life-saving and commercial missions, requiring a sensor infrastructu
Orca Security Report: 99.9% of Fixable AI Vulnerabilities Remain Unpatched as AI Moves Into Production9.7.2026 15:00:00 CEST | Press release
Analysis of more than 1,200 production cloud environments provides a first-hand view into how organizations are embedding AI into business-critical workflows, exposing new security risks that traditional controls weren't built to address. Orca Security, a leader in cloud and AI security, today released its 2026 State of AI Security Report, offering a first-hand view into how AI is being deployed across more than 1,200 production cloud environments. The findings show AI is no longer limited to isolated pilots or developer experiments. Organizations are embedding AI into production applications, cloud services, and autonomous workflows faster than security programs can adapt. More than half (56%) of organizations have already deployed AI agents into production, while 51% use AI to build custom applications. At the same time, Orca found that 81% of organizations run vulnerable AI packages, and 99.9% of fixable AI vulnerabilities remain unpatched, highlighting how quickly AI has become ope
Viz.ai Expands into Neurodegenerative Disease with Cortechs.ai Collaboration9.7.2026 15:00:00 CEST | Press release
Cortechs.ai and Viz.ai partner to tackle multiple sclerosis and other neurodegenerative diseases across Viz.ai's health system network Viz.ai, the leader in AI-powered disease detection and intelligent care coordination, today announced a collaboration with Cortechs.ai, a global leader in neuroimaging and quantitative analysis solutions, to integrate Cortechs.ai's NeuroQuant and NeuroQuant MS suite into the Viz.ai platform, expanding access to quantitative neuroimaging for hospitals and health systems across the U.S. This partnership marks Viz.ai's expansion into neurodegenerative disease, growing Viz Neuro Suite beyond its already market-leading neuro offerings. The collaboration will begin with a focus on multiple sclerosis (MS), integrating quantitative MRI analysis from NeuroQuant MS directly into Viz.ai's care coordination workflow, giving clinicians both the quantitative precision and the coordination infrastructure needed to identify and manage MS patients at scale. “Viz.ai's co
In our pressroom you can read all our latest releases, find our press contacts, images, documents and other relevant information about us.
Visit our pressroom
