HITRUST, data protection standards development and certification organisation, announced a new milestone in throughput of assessment reviews by reducing the turnaround time by 50% over the last six months and exceeding established quality standards, all while assessment volumes have hit an all-time high, confirming the growing need for reliable assurances.
Also announced is the publication of Advisories outlining updates to the HITRUST CSF Assurance Program™ that deliver at least a 25% savings in time and effort for assessed entities and HITRUST Authorized External Assessors to complete a CSF Validated Assessment while maintaining the current level of assurance and Rely-Ability™.
Reliable assurances
The ability to provide reliable assurances has become more critical than ever in the face of ransomware attacks"
“Collectively, we have significantly reduced the cycle time required to prepare, submit, and complete a validated assessment so that organisations can more rapidly demonstrate to stakeholders that they take information risk management and compliance seriously, as proven through the only transparent and independently validated assessment of controls in the market,” said Bimal Sheth, Vice President of Assurance Services, HITRUST.
“The ability to provide reliable assurances has become more critical than ever in the face of ransomware attacks, and emerging cyber threats.”
New features and enhanced processes
HITRUST continues to make substantial investments in its assessment infrastructure and has released several new innovative features and functionalities designed to further streamline and reduce the time and effort of the CSF Assessment process for assessed entities and external assessors.
See a partial list describing the new features and enhanced processes within HITRUST MyCSF and the HITRUST CSF Assurance Program:
1) Reservation-Based Quality Assurance (RBQA)
The new reservation system for HITRUST CSF Validated Assessments allows the HITRUST community to schedule a specific starting date to begin the HITRUST QA process, which enables better submission planning, greater predictability and added trackability.
2) Streamlined Policies and Procedures
The incubation period for newly implemented policies and procedures is being reduced to 60 days
Policy evaluation and Procedure criteria have been revised to reduce effort, save time, and reduce duplication of effort.
In addition, the incubation period for newly implemented policies and procedures is being reduced from 90 days to 60 days, allowing organisations to demonstrate remediation to their assessors sooner.
3) Kanban-Style Dashboards
Online User Interface improvements clearly show at-a-glance status tracking, including dynamic tiles that change to show what phase an assessment is in, badges that show open items and the assigned owners, the number of days open items have been assigned, and more. Users can configure the Kanban
Board to highlight what is most important to them. Drill down by assessment capabilities provide added transparency by showing metadata about the assessment and color-coded phases indicating which stages are complete, current, and remaining.
4) Assurance Intelligence Engine™
Expanded capabilities analyse assessment documentation before submission to alert for missing information, inconsistencies, and errors.
These additional automated checks add efficiency and save time by identifying issues up-front that can slow the assessment review process.
5) UI and UX Updates
Numerous updates to the user interface and experience include the ability to enter scoping data, complete the QA checklist, and request draft revisions directly into MyCSF for added efficiency, greater document security, and less redundancy.
6) Updated Workflows and Expanded Notifications
Improved communication during the QA process is much more detailed and easier to understand
Re-sequenced assessment phases simplify steps, clearly identify owners, and reduce back-and-forth communications. Workflow improvements focus on completing QA more efficiently and generating reports sooner with fewer slowdowns.
Improved communication during the QA process with periodic updates and requests which are much more detailed, easier to understand, and focused on specific actions and timelines needed to move assessments to the next phase.
Reducing time and effort
“These recent investments to improve report turnaround time, coupled with the CSF Assurance Methodology changes and platform enhancements that reduce time and effort for assessed entities and assessors, are substantial and significant,” said Dr. Kevin Charest, Executive Vice President, and Chief Technology Officer, HITRUST.
“These milestones for HITRUST are not obtainable by any other information security or privacy accreditation organisation and are only possible due to the previous and continued investments in the HITRUST infrastructure.”