The HITRUST CSF® is a security, privacy, risk management and regulatory compliance framework comprised of nationally and internationally accepted standards including ISO, NIST, COBIT, PCI, HIPAA and more to ensure a comprehensive set of baseline security and privacy controls. The CSF normalizes these security requirements and provides clarity and consistency, reducing the burden of compliance with the varied requirements that apply to organizations.
Originally developed for the healthcare industry, the HITRUST CSF now offers over 30 authoritative sources comprised of the frameworks mentioned above plus state, Federal and foreign regulations. As such, the CSF can be used as a central security, privacy, risk management and regulatory compliance framework so an organization can perform one assessment and report against many requirements instead of performing multiple assessments and generating multiple reports, thereby containing cost.
As an Authorized HITRUST External Assessor, SCA can help simplify HITRUST and offers the following services:
HITRUST Gap Assessment
SCA analyzes your security posture against the applicable HITRUST CSF control requirements for your specific circumstances. SCA offers three levels of engagement depending upon how much interaction is needed and budget.
HITRUST Facilitated Self-Assessment
Like the gap assessment above, the Facilitated Self-Assessment is a client driven evaluation of the applicable HITRUST control requirements with the assistance (facilitation) of an Authorized External Assessor.
HITRUST Validated Assessment
To achieved HITRUST CSF Certification, an organization must undergo a Validated Assessment. The Validated Assessment must be performed by an Authorized HITRUST CSF External Assessor such as SCA. The Validated Assessment follows a strict rubric to assess security controls and is submitted to HITRUST for approval and certification.
The Interim Assessment is required to maintain CSF certification and follows a similar process as the Validated Assessment and is designed to evaluate the client’s continued alignment with HITRUST requirements. Here only a sample of controls are reviewed as well as any open CAPs (Corrective Action Plans).
The Bridge Assessment fills the void when an already HITRUST CSF certified organization is unable to complete their next HITRUST CSF Validated Assessment before their existing certificate’s expiration. A Bridge Assessment follows a similar methodology as an Interim Assessment, reviewing only a sampling of controls, and provides a temporary certificate valid for 90 days allowing the organization to maintain relationships with those that requested HITRUST certification and to also complete the next Validated Assessment.
HITRUST Services – Consulting
SCA analysts are available in various capacities to help support your HITRUST initiative including assistance with policy and process document creation.
Discuss your needs with our HITRUST professionals today! SCA offers a no-cost scoping exercise to provide more insight into the potential size (number of controls) and fees for HITRUST services before you spend anything on a MyCSF® (CSF assessment tool) subscription.