HiTrust CSF Certification
At Tanner, we understand the critical importance of cybersecurity and privacy in today’s digital landscape. That’s why we offer the full suite of HITRUST assessments, designed to help organizations achieve, maintain, and demonstrate robust cybersecurity and privacy practices. As the first Utah-based company to receive the HITRUST CSF Assessor designation, we are well positioned to be your partner on your journey to certification. Our team of HITRUST-trained experts will take the time to understand your people, processes, and technologies and guide you along the path as your trusted advisors.
What is HITRUST?
Since its founding in 2007, HITRUST has championed programs and solutions that safeguard sensitive information and manage information risk and compliance for global organizations across all industries and throughout the third-party supply chain. HITRUST, in collaboration with the private sector, government, technology, and information privacy and security leaders, has established the HITRUST CSF, a certifiable framework that can be used by any organization that creates, accesses, stores or exchanges sensitive information. The HITRUST CSF harmonizes numerous frameworks, standards, state, federal and international regulations, and leading practices into a single framework. Whether you desire to demonstrate adherence to HIPAA, PCI DSS, ISO 27001, NIST, FFIEC, EU GDPR, CCPA 1798, COBIT, or dozens of other authoritative sources, HITRUST CSF has a tailored approach with prescriptive implementation requirements and guidelines for you!
Building and running a robust information risk management program can be overwhelming, resource-intensive, and costly. For many organizations, effectively managing this risk is a complex and ever-changing process, often met with confusion and stress. HITRUST streamlines this process for you, making it easier than ever to ensure that sensitive information is protected effectively and efficiently in accordance with your risk profile.
HITRUST Assessment Options
The HITRUST Assessment Portfolio features three cybersecurity assessment levels to meet nearly any need:
The HITRUST e1 Assessment adds efficiency and flexibility to the HITRUST portfolio by covering basic Foundational Cybersecurity practices that address the assurance needs of lower-risk organizations. The e1 also provides an excellent starting point for enterprises that are in the early stages of implementing their information security controls. e1, on its own accord, offers the right level of assurance for many organizational needs. For those needing to work towards an i1 or r2 assessment, e1 can also function as an excellent starting point and steppingstone for organizations because all e1 requirements can be found in both the i1 and r2 assessments.
For organizations aiming to go beyond the essential cybersecurity hygiene, the i1 Validated Assessment is the next logical step. It leverages a proven set of HITRUST-curated controls designed to ensure that an organization is exercising Leading Security Practices. The i1 provides reliable assurances against current and emerging cyber threats to help establish a strong and broad information security program. The i1 can also serve as either a “destination” audit or a “steppingstone” audit to an r2 assessment. Readiness and Rapid Recertification Assessment are also available.
The HITRUST r2 Validated Assessment is considered the gold standard for information protection assurances because of the comprehensiveness of control requirements, depth of review, and consistency of oversight. The r2 offers flexible, tailorable, risk-based control selection to meet the most stringent needs for organizations processing sensitive information or facing challenging regulatory requirements.
As a bonus for this assessment option, a separate NIST CSF Report is provided with each r2 Validated Assessment Report issued as a scorecard detailing your organization’s compliance with NIST Cybersecurity Framework-related controls included in the HITRUST CSF framework. The NIST Cybersecurity Framework Report is not available with an e1 or i1 Assessment
Choosing the Right Assessment for Your Organization
Selecting the most suitable HITRUST assessment depends on your organization’s cybersecurity goals, objectives, commitments, and maturity level. Our experienced team will work closely with you to understand your specific requirements and recommend the assessment type that aligns with these factors and your needs. Additionally, we can provide readiness assessments as a stepping-stone to help you evaluate your preparedness for a validated assessment. Whether you’re looking to establish and demonstrate essential cybersecurity hygiene or achieve cybersecurity excellence, we have the expertise and resources to guide you through the process.
Why Choose Tanner?
With Tanner, you gain access to: