HITRUST® to Address Market Gaps in Reliability and Challenges in the Exchange of Security and Privacy Assessments
HITRUST® announced today a major expansion of its assessment portfolio to raise the quality and efficiency of assurances across the spectrum of information assurance needs. HITRUST also is unveiling a new evolutionary approach to streamline the exchange and consumption of assessment results across the ecosystem of relying parties.
HITRUST CSF Certification is the most reliable information assurance report on the market and made possible by the transparency and consistency in the selection of controls, and in the scoring, and validation of controls by both qualified third-party assessors and the HITRUST Assurance and Quality teams. The assurance process is rigorous by design to ensure a high level of assurance in the results provided. However, there are many situations where a moderate or low level of assurance is warranted. Organizations are seeking a broader range of assessment options that require less effort and time to perform while still providing a commensurate level of reliability for moderate- to lower-risk scenarios.
To meet the market needs for varying levels of assurance with higher reliability, HITRUST is adding two new assessment offerings. Like the HITRUST CSF Validated Assessment, these new offerings will aid in understanding control effectiveness as well as cyber preparedness and resilience. With the two new additions, the HITRUST assessment portfolio will include:
- The Basic Current State (bC) Assessment is a “good hygiene” assessment and offers higher reliability than self-assessments and questionnaires by utilizing the HITRUST Assurance Intelligence Engine™ (AI Engine) to identify errors, omissions, and deceit.
- The Implemented One-Year (i1) Validated Assessment is a “best practices” assessment and recommended for situations that present moderate risk or where a baseline risk assessment is needed. The i1 is designed to provide higher levels of transparency, integrity, and reliability over existing moderate assurance reports, with comparable levels of time, effort, and cost. HITRUST Authorized External Assessors will validate i1 assessments.
- The industry standard HITRUST CSF Validated Assessment is a risk-based and tailorable assessment, which continues to provide the highest level of assurance for situations with greater risk exposure due to data volumes, regulatory compliance, or other risk factors. The HITRUST CSF Validated Assessment will be renamed the Risk-based, Two-Year (r2) Validated Assessment.
Until now, most low to moderate risk assessment mechanisms were either self-attested or validated against unsuitable or inconsistent control selection and limited and subjective assurance programs; which makes it difficult for relying parties to understand the control requirements and depth, breadth, and consistency of the assurance process, limiting the usefulness and reliability of the results.
“Often, organizations utilize mid-level assurance reports such as a SOC 2 report because they take less time and effort while being less costly. Unfortunately, these mid-level assurance reports lack the consistency and reliability of more comprehensive assessments like HITRUST,” said John Houston, Vice President of Information Security and Privacy at UPMC. “The HITRUST i1 Assessment fills a gap in the market for a medium assurance assessment that delivers a higher level of reliability and consistency while having a similar effort and cost to a SOC 2 report. And it can help the organization move towards full HITRUST CSF Certification—which organizations like UPMC view as the gold standard.”
While reliability is crucial for assurance, the accessibility, usability, and consumption of the results are just as important if organizations are to manage supply chain risk given evolving cyber threats. The current method of obtaining and consuming assessment results by the relying party often results in delays, inefficiencies, and misinterpretations as it is based on the exchange of PDF files that are reviewed to determine the scope, scoring, and corrective action plans before key information is often manually entered into a third-party risk management (TPRM) system.
To meet the expanding demand for effective information risk management across the supply chain, the HITRUST Results Distribution System (RDS) will enable assessed entities to deliver their HITRUST Assessment results through a secure, centralized reporting hub to relying parties, eliminating the need for exchanging PDFs and the manual review and entry into third-party systems that subsequently occurs. Recipients will be able to customize dashboards to view the results that interest them most, including scope, aggregate, or specific control scores. In addition, integration with GRC/VRM platforms will be available via API.
“For third-party risk management systems to achieve their full potential in helping organizations manage their vendor risk, assessment results need to be electronically shared and consumed,” said Jeremy Fisher, Vice President of Product at Archer. “HITRUST’s Results Distribution System is a big step in making that possible and will be a strong complement to our focus on vendor interaction through Archer Engage.”
The expansion of the HITRUST Assessment Portfolio and the addition of the RDS further extend HITRUST’s position as an innovator and leader in information risk management, compliance, and assurance. HITRUST continues to drive higher assurances and greater efficiencies into the assurance ecosystem. “HITRUST is building upon our market leadership in providing Rely-Able assurances by introducing moderate and low-level information assurance products,” said Bimal Sheth, Executive Vice President, Standards Development and Assurance Operations, HITRUST. “No other assessment or certification organization is able to meet the expanding global market need for information assessments and electronic results distribution.”
The industry standard r2 assessment (HITRUST CSF Validated Assessment) is currently available while the bC and i1 assessments will be offered to the market later this year. Any i1 or r2 assessment submitted with a reservation is backed by a service-level guarantee to deliver the assessment report within 45 days.
To Learn More:
Since it was founded in 2007, HITRUST has championed programs that safeguard sensitive information and manage information risk for organizations across all industries and throughout the third-party supply chain. In collaboration with privacy, information security, and risk management leaders from the public and private sectors, HITRUST develops, maintains, and provides broad access to its widely adopted common risk and compliance management frameworks as well as related assessment and assurance methodologies. For more information, visit www.hitrustalliance.net.
To view this piece of content from cts.businesswire.com, please give your consent at the top of this page.
Media Contact: Marc Fitzpatrick, e: email@example.com, t: 469.269.1230
About Business Wire
Subscribe to releases from Business Wire
Subscribe to all the latest releases from Business Wire by registering your e-mail address below. You can unsubscribe at any time.
Latest releases from Business Wire
IFF to Release Third Quarter 2021 Results November 828.10.2021 22:15:00 CEST | Press release
IFF (NYSE:IFF), today announced that it will release its third quarter 2021 earnings results following the market close on Monday, November 8. The management team will host a live webcast on Tuesday, November 9, 2021 at 10:00 a.m. ET to discuss results and outlook with the investor community. Investors may access the live webcast and accompanying slide presentation on the Company's website at ir.iff.com. For those unable to listen to the live webcast, a recorded version will be made available for replay. Welcome to IFF At IFF (NYSE: IFF), an industry leader in food, beverage, scent, health and biosciences, science and creativity meet to create essential solutions for a better world – from global icons to unexpected innovations and experiences. With the beauty of art and the precision of science, we are an international collective of thinkers who partners with customers to bring scents, tastes, experiences, ingredients and solutions for products the world craves. Together, we will do mo
Norsk Titanium Announces Deployment of RPD Builder™ Tool28.10.2021 18:54:00 CEST | Press release
Norsk Titanium AS (Norsk Titanium; Euronext: NTI), a global leader in Directed Energy Deposition (DED) additive manufacturing of aerospace-grade structural titanium components, announces today a significant advancement to their Rapid Plasma Deposition® (RPD®) process. The company has successfully deployed and validated the internally developed RPD Builder™ computer-aided manufacturing tool for the first time, significantly shortening part development timelines. “This is a tremendous accomplishment for Norsk Titanium,” said Nicholas Mayer, Norsk Titanium’s Vice President of Commercial. “RPD Builder™ is a significant enabler as we move into more industrial manufacturing and engineering services markets. It will give our customers added flexibility and allow them to explore part design options independent from our manufacturing engineering team.” RPD Builder™ has been developed over the past three years and incorporates the full knowledge base of Norsk Titanium’s process metallurgy and ma
FINVASIA Acquires Gini Health, Expands Into Healthcare Services28.10.2021 18:49:00 CEST | Press release
FINVASIA, today, announced its investment in Gini Health, a Canada based healthcare technology company that pioneered DNA and lifestyle data based personalized health to prevent diseases. This acquisition furthers FINVASIA’s strategic business objectives of investing in traditional business and transforming them. The partnership supports FINVASIA’s commitment to health care to accelerate technology-led innovation in preventive and personalized healthcare services. Effective immediately, all the previous investors have exited, making FINVASIA and Gini Health’s founder and CEO Gurjot Narwal key stakeholders in the company. This move by FINVASIA is a step towards making the company’s capital structure lean, providing them more room to support their business strategy. Gini Health’s founder and CEO Gurjot Narwal will keep leading the company. Finvasia along with the investment will provide group resources, operational experience, technology, infrastructure, and its reach as a multidisciplin
Philippine Airlines Boosts Digital Transformation by Switching to Rimini Street Support for its Oracle Footprint28.10.2021 18:00:00 CEST | Press release
Rimini Street, Inc. (NASDAQ: RMNI), a global provider of enterprise software products and services, the leading third-party support provider for Oracle and SAP software products and a Salesforce partner, today announced that Philippine Airlines (PAL), the flagship carrier of the Philippines, has switched to Rimini Street Support for its Oracle E-Business Suite, Fusion Middleware and Database software portfolio. The airline made a strategic decision to move to Rimini Street to help it address the challenges faced by the commercial aviation sector as a result of the global pandemic. By turning over complete support of its Oracle footprint, the airline was able to accelerate key digital innovation projects that support the growth of its business including modernizing its cargo system, integrating its mobile and remote capabilities for more efficiencies and launching its passenger analytics for improving its Know Your Customer program. This press release features multimedia. View the full
Verimatrix Video Protection To Be Deployed Inside New WISI Professional ABR Receiver for Hospitality Networks28.10.2021 17:55:00 CEST | Press release
Regulatory News: Verimatrix, (Euronext Paris: VMX), the leader in powering the modern connected world with people-centered security, and WISI, a world leader in edge video delivery solutions, today announced that Verimatrix video protection technologies are set to be deployed within the new WISI Professional ABR Receiver that enables video operators to connect multiscreen PayTV offerings to the edge while still maintaining existing infrastructure at hospitality sites. Designed to allow video operators that service the world’s major hospitality organizations to avoid costly upgrades, WISI’s Professional ABR (Adaptive Bitrate Streaming) Receiver, along with Verimatrix’s protection technologies, eliminate the need for new set-top boxes or TVs. “By providing operators with a simple path toward migrating to ABR services while still supporting Linear TV deployments at the edge, this WISI-Verimatrix solution stands as a notable example of how close industry collaboration can translate into ma
Ben Cousins Appointed Head of Studio Operations for FunPlus’ European Studios28.10.2021 17:00:00 CEST | Press release
FunPlus, a leading independent mobile game developer and publisher, announced today that Ben Cousins has been appointed Head of Studio Operations, supervising projects in development at FunPlus’ studios in Moscow and Stockholm. Based in Stockholm, and in close collaboration with studio leadership in both locations, Cousins will help to optimize the studios’ working environment and align all studio activities to contribute to successful product development and continued company growth. This press release features multimedia. View the full release here: https://www.businesswire.com/news/home/20211028005417/en/ Ben Cousins Appointed Head of Studio Operations for FunPlus’ European Studios; Free-to-play and games-as-a-service expert brings more than two decades of experience to the role (Photo: Business Wire) A game industry thought leader, Cousins created Battlefield Heroes, one of the western world’s first free-to-play games. A former Executive Producer of the Battlefield franchise at DIC
Moody’s ESG Solutions’ Climate on Demand tool selected by the Private Infrastructure Development Group28.10.2021 16:02:00 CEST | Press release
Moody’s ESG Solutions announced today that the Private Infrastructure Development Group (PIDG) has selected Moody’s Climate on Demand scoring tool to assess climate risk exposure in its investment projects. PIDG mobilizes private investment in sustainable and inclusive infrastructure in sub-Saharan Africa and south and south-east Asia. It will use Moody’s data to screen potential new investments for exposure to climate hazards based on their precise location, and to assess the physical climate risk exposure of assets in its existing portfolio. PIDG’s investment teams and project sponsors will also leverage the data to inform due diligence and climate risk management and mitigation measures. “We need to ensure that new infrastructure is resilient to the changing climate, especially in the most vulnerable countries,” said Marco Serena, Head of Sustainable Development Impact at PIDG. “Using Moody’s data, we look forward to working with project sponsors and investee companies to understand
In our pressroom you can read all our latest releases, find our press contacts, images, documents and other relevant information about us.Visit our pressroom