HITRUST News

“Ask any security vendor how cybersecure their solutions are, and you’ll most likely be told ‘it’s great’, but how can we objectively measure the relative cyber-worthiness of a network device? Just ask the experts,” says Will Knehr, Senior Manager of Information Assurance and Data Privacy at i-PRO Americas, Inc. Cyber-resilient network security With the ever-increasing rise in cybercrime, i-PRO Americas Inc., a global pioneer in professional security solutio...

HITRUST announced the general availability of the HITRUST Results Distribution System (RDS) to make it easier and more efficient to collect, inspect, export, and act upon findings in a third-party information assurance report. The current system of sharing and consuming third-party assurance reports is antiquated and highly inefficient. Third-party risk management (TPRM) system Vendor risk managers are encumbered with mundane and time-consuming tasks in reviewing existing reports, in order to...

HITRUST announced it is addressing the need for a continuously-relevant cybersecurity assessment that aligns and incorporates best practices and leverages the latest threat intelligence to maintain applicability with information security risks and emerging cyber threats, such as ransomware. The design and selection of the controls for the HITRUST Implemented 1-year (i1) Assessment puts it in a new class of information security assessment that is threat-adaptive and designed to maintain relevanc...

HITRUST announces a major expansion of its assessment portfolio to raise the quality and efficiency of assurances across the spectrum of information assurance needs. HITRUST also is unveiling a new evolutionary approach to streamline the exchange and consumption of assessment results across the ecosystem of relying parties. HITRUST CSF Certification is the most reliable information assurance report on the market and is made possible by the transparency and consistency in the selection of contro...

HITRUST®, a data protection standards development and certification organisation, announced that it has achieved a new milestone in the turnaround time for issuing its CSF Validated Reports and Certifications resulting in a significantly improved customer experience. The number of days an assessment spends in review with the HITRUST Assurance team has been reduced by over 54% compared to previous years while continuing to maintain high level of quality. The significant reduction in the n...

HITRUST, data protection standards development and certification organisation, announced a new milestone in throughput of assessment reviews by reducing the turnaround time by 50% over the last six months and exceeding established quality standards, all while assessment volumes have hit an all-time high, confirming the growing need for reliable assurances. Also announced is the publication of Advisories outlining updates to the HITRUST CSF Assurance Program™ that deliver at least a 25% sa...

HITRUST, a data protection standards development and certification organisation, introduced today the HITRUST Assurance Intelligence (AI) Engine™, which uses a patent-pending approach to analyse assessment documentation for oversights, inconsistencies, and errors throughout the information security and privacy assessment process. The AI Engine adds efficiency to HITRUST’s comprehensive assessment review process by adding a layer of automated checks that complement existing, man...

HITRUST®, a data protection standards development and certification organisation, announces strategic organisational changes in the form of new leadership appointments as well as new and expanded responsibilities for existing executive management. The changes are aligned with HITRUST’s global expansion and innovative new services aimed at helping organisations implement best-in-class risk management and compliance programs as simply and efficiently as possible. All changes are effecti...

HITRUST®, a data protection standards development and certification organisation, announces the release of publicly available resources that clearly define security and privacy responsibilities between cloud service providers and their customers, thereby streamlining processes for risk management programs. Developed with Amazon Web Services (AWS) and Microsoft Azure, each new HITRUST Shared Responsibility Matrix aligns with the cloud service provider’s unique solution offering. Cloud...

HITRUST, a data protection standards development and certification organisation announced a major feature enhancement to its information risk management platform, HITRUST MyCSF, that significantly streamlines how organisations capture and present regulatory compliance evidence. HITRUST also introduced a new, no-cost Regulatory Assistance Center to further support organisations with a HITRUST CSF Certification as they prepare for and undergo regulatory audits. Compliance and Reporting Pack feat...

HITRUST® announced the formation of the HITRUST Third-Party Risk Management (TPRM) Council to foster collaboration between companies, third-party vendors and advisory service firms. The mission for the TPRM Council is to drive efficiencies and effectiveness as it relates to identifying, assessing and mitigating risk in the complex supply chain ecosystem. Founding members of the TPRM Council are global security, risk, compliance and audit executives representing a diverse cross-section of o...

HITRUST, a data protection standards development and certification organisation, announces that it has incorporated an additional Community Supplemental Requirement (CSR)—a customised set of security and privacy control objectives and requirements unique to a specific community of interest or organisation. The HITRUST CSF framework and HITRUST MyCSF assessment platform will continue to be updated to incorporate additional CSRs, which will be announced as they become available. Widely lev...

HITRUST, a globally renowned data protection standards development and certification organisation, has announced the availability of version 9.4 of the HITRUST CSF information risk and compliance management framework, further delivering on its mission of ‘One Framework, One Assessment, Globally’. HITRUST CSF version 9.4 HITRUST CSF version 9.4 now incorporates and harmonises the largest number of authoritative sources of any security and privacy framework, most recently adding the...

HITRUST, a data protection standards development and certification organisation, continues to expand and enhance its services and support in the Asia Pacific region as part of a global information protection approach to streamline information risk management and compliance for organisations of any type, size, or geography delivering services locally, nationally, or internationally. This strategy builds on the HITRUST Approach and the vision of One Framework, One Assessment, globally. Global ob...

HITRUST Assessment XChange (XChange), a wholly-owned subsidiary of HITRUST, is providing healthcare organisations with free access to its third-party risk management (TPRM) solution, including methodologies, technology, and staff augmentation. The decision to provide the TPRM service free of charge was made, after discussions with leaders in the healthcare industry concerning operational challenges, financial impacts, and disruptions being faced by organisations across the healthcare ecosystem...

HITRUST, a data protection, standards development, and certification organisation, announces the general availability of the HITRUST Shared Responsibility Program and Matrix™ Version 1.0. The Matrix is the first ever common model for communicating and assigning security and privacy responsibility between cloud service providers (CSPs) and their tenants or customers. The Matrix is part of the HITRUST Shared Responsibility Program, which was established to address the growing misunderstandi...

HITRUST, a data protection standards development and certification organisation, announced that Jeremy Huval was promoted to Chief Compliance Officer, effective January 15, 2020. Huval served as Vice President of Compliance and Internal Audit for HITRUST since 2019 and will succeed Ken Vander Wal, who retired on January 1, 2020, after a successful ten-year career with the Company. The promotion of Huval to the CCO role was a logical choice following the successful implementation of an enhanced...

Johnson & Quin, a nationally-trusted provider of edge direct mail production, integrated marketing solutions, data services and high-speed colour inkjet printing, has successfully completed a rigorous examination of its data security processes and procedures, under the SOC 2 Type 1 standards. The SOC 2 examination was administered by the professional IT assurance and compliance staff, at 360 Advanced, a respected national Qualified Security Assessor, HITRUST CSF Assessor and CPA firm, based...

Fidano, a software and business solutions provider for the payment processing industry, has successfully completed a rigorous fifth annual examination of its policies and procedures, under the System and Organization Controls (SOC) 1 Type 2 standards, demonstrating its ongoing commitment to data security at all levels of its operations. SOC 1 Type 2 standards examination The demanding third-party examinations that led to the achievement were administered by the professional IT assurance and co...

ForeSight Medical, LLC, a renowned provider of surgical and implant cost-containment services, has announced that their ForeSight and Encompass applications have earned certified status for information security by HITRUST. HITRUST CSF Certified status HITRUST CSF Certified status demonstrates that the organisation’s ForeSight and Encompass applications have met key regulations and industry-defined requirements and is appropriately managing risk. This achievement places ForeSight Medical,...