HITRUST CSF Reporting
WHAT & WHY? - HITRUST Common Security Framework defines and prescribes a specific prescriptive set of controls that meet the requirements of multiple regulations and standards. The HITRUST framework provides a way to comply with standards such as ISO / IEC 27000 series and HIPAA. It incorporates various security, privacy, and other regulatory requirements from existing frameworks and standards which organizations utilize to demonstrate their security and compliance in a consistent and streamlined manner.
HOW? - HITRUST CSF is a comprehensive and a certifiable framework, that can be used by all organizations that create, access, store or exchange sensitive and/or regulated data from/within their systems.
Regulator? - Governed by an Executive Council and led by a management team comprising leaders from across various industries.
Types of Policy/Procedures Testing performed by us:
-
Readiness Assessment – This is somewhat like a pre-check assessment which an entity pursues while getting ready for a Validated Assessment. We check the policies/procedures to make sure the assessed organization adheres to the defined policies and have appropriate procedures in place to comply with the policy.
-
Validated Assessment – This comprehensive assessment provides an entity with HITRUST Certification, which says that the entity is complying with various security baselines as given by HITRUST CSF and has appropriate policies/procedures in place for various Security & Privacy Regulations. This is performed by HITRUST Certified External Assessor, i.e., a Certified CSF Practitioner (CCSFP).
HITRUST Documentation Upload – This is done by uploading the testing evidences at the HITRUST Portal and further submitting the Assessment Object online for Certification. Then, the HITRUST reviews the assessment and provides a Certification to the assessed entity if all the compliance requirements are found adequate.