HiTrust CSF Certification

HiTrust CSF

At Tanner, we understand the critical importance of cybersecurity and privacy in today’s digital landscape. That’s why we offer the full suite of HITRUST assessments, designed to help organizations achieve, maintain, and demonstrate robust cybersecurity and privacy practices. As the first Utah-based company to receive the HITRUST CSF Assessor designation, we are well positioned to be your partner on your journey to certification. Our team of HITRUST-trained experts will take the time to understand your people, processes, and technologies and guide you along the path as your trusted advisors.

What is HITRUST?

Since its founding in 2007, HITRUST has championed programs and solutions that safeguard sensitive information and manage information risk and compliance for global organizations across all industries and throughout the third-party supply chain. HITRUST, in collaboration with the private sector, government, technology, and information privacy and security leaders, has established the HITRUST CSF, a certifiable framework that can be used by any organization that creates, accesses, stores or exchanges sensitive information. The HITRUST CSF harmonizes numerous frameworks, standards, state, federal and international regulations, and leading practices into a single framework. Whether you desire to demonstrate adherence to HIPAA, PCI DSS, ISO 27001, NIST, FFIEC, EU GDPR, CCPA 1798, COBIT, or dozens of other authoritative sources, HITRUST CSF has a tailored approach with prescriptive implementation requirements and guidelines for you!

Building and running a robust information risk management program can be overwhelming, resource-intensive, and costly. For many organizations, effectively managing this risk is a complex and ever-changing process, often met with confusion and stress. HITRUST streamlines this process for you, making it easier than ever to ensure that sensitive information is protected effectively and efficiently in accordance with your risk profile.

HITRUST Assessment Options

The HITRUST Assessment Portfolio features three cybersecurity assessment levels to meet nearly any need:

The HITRUST e1 Assessment adds efficiency and flexibility to the HITRUST portfolio by covering basic Foundational Cybersecurity practices that address the assurance needs of lower-risk organizations. The e1 also provides an excellent starting point for enterprises that are in the early stages of implementing their information security controls. e1, on its own accord, offers the right level of assurance for many organizational needs. For those needing to work towards an i1 or r2 assessment, e1 can also function as an excellent starting point and steppingstone for organizations because all e1 requirements can be found in both the i1 and r2 assessments.

For organizations aiming to go beyond the essential cybersecurity hygiene, the i1 Validated Assessment is the next logical step. It leverages a proven set of HITRUST-curated controls designed to ensure that an organization is exercising Leading Security Practices. The i1 provides reliable assurances against current and emerging cyber threats to help establish a strong and broad information security program. The i1 can also serve as either a “destination” audit or a “steppingstone” audit to an r2 assessment. Readiness and Rapid Recertification Assessment are also available.

The HITRUST r2 Validated Assessment is considered the gold standard for information protection assurances because of the comprehensiveness of control requirements, depth of review, and consistency of oversight. The r2 offers flexible, tailorable, risk-based control selection to meet the most stringent needs for organizations processing sensitive information or facing challenging regulatory requirements.

As a bonus for this assessment option, a separate NIST CSF Report is provided with each r2 Validated Assessment Report issued as a scorecard detailing your organization’s compliance with NIST Cybersecurity Framework-related controls included in the HITRUST CSF framework. The NIST Cybersecurity Framework Report is not available with an e1 or i1 Assessment

 Choosing the Right Assessment for Your Organization

Selecting the most suitable HITRUST assessment depends on your organization’s cybersecurity goals, objectives, commitments, and maturity level. Our experienced team will work closely with you to understand your specific requirements and recommend the assessment type that aligns with these factors and your needs. Additionally, we can provide readiness assessments as a stepping-stone to help you evaluate your preparedness for a validated assessment. Whether you’re looking to establish and demonstrate essential cybersecurity hygiene or achieve cybersecurity excellence, we have the expertise and resources to guide you through the process.

Tanner Trust T Logo

Why Choose Tanner?

With Tanner, you gain access to:

  • Extensive Experience

    With decades of experience in public accounting and IT assurance, our senior team members have successfully served a diverse clientele, ranging from Fortune 10 companies to the three-person startups. By partnering with us, you can rest assured that your business will benefit from our extensive experience, tailored specifically to you.

  • Trusted Advisors

    We are neither robo auditors nor box checkers! We actually take the time to understand your business, processes, and control environment. We provide proactive consultation, comprehensive resources, and tailored education to ensure your readiness for audits and certifications. We empower your organization to make informed decisions and enhance your security and compliance posture. We are committed to not just being your auditor but being a trusted business advisor and value enabler through your compliance journeys.

  • Tailored Solutions

    We offer a comprehensive suite of services to meet your data security, compliance, and risk management needs. Our tailored solutions ensure that you receive the right level of support and guidance.

  • Industry Best Practices

    Experience the assurance of our comprehensive assessments and audits, where we leverage industry-accepted methodologies, proven frameworks, and best practices to drive excellence.

  • Commitment to Excellence

    We are dedicated to delivering you the highest standards of quality, professionalism, and integrity in all our engagements. We take pride in building long-term relationships with clients, creating trust in our team through our commitment to your success.


Don’t leave your cybersecurity maturity and posture to chance—partner with Tanner for reliable, comprehensive IT assurance and advisory services. Contact us today to schedule a consultation!