HITRUST, a data protection standards development and certification organisation, announces that it has incorporated an additional Community Supplemental Requirement (CSR)—a customised set of security and privacy control objectives and requirements unique to a specific community of interest or organisation.
The HITRUST CSF framework and HITRUST MyCSF assessment platform will continue to be updated to incorporate additional CSRs, which will be announced as they become available.
Widely leveraged frameworks
They recognise that organisations such as industry groups, state agencies, or consortiums may want to impose unique requirements on their constituents or participants. In many cases, these may not be new security or privacy controls, but more specific implementation requirements, which HITRUST defines as CSRs, versus authoritative sources, which are public standards, international, federal, or state regulations, or widely leveraged frameworks.
HITRUST has been a leader in delivering solutions to address the unique security and privacy needs"
The advantage of the CSR program is it allows these requirements to be assessed as part of a larger HITRUST CSF Assessment, reducing redundant assessments. “HITRUST has been a leader in delivering solutions to address the unique security and privacy needs of organisations across all industries,” explained Jason Taule, Vice President and Chief Information Security Officer for HITRUST.
Compliance program investments
“We continually strive to support the community and help organisations that seek to maximise their information protection and compliance program investments.” Having a certifiable framework—like the HITRUST CSF—provides organisations with a comprehensive, flexible, and efficient approach to regulatory compliance and information risk management.
The commitment and expertise demonstrated by HITRUST ensure that organisations leveraging the framework are prepared when new security and privacy regulations and business models are introduced and threats are identified, which is why the HITRUST CSF has become the most widely adopted security and privacy framework across all industries globally. Reducing additional assessments builds on a promise that enables organisations to ‘Assess Once, Report Many.’
Utilising MyCSF platform
MyCSF makes it easy and cost-effective for an organisation to manage information risk and compliance
HITRUST provides the capability for CSR requirements to be incorporated, harmonised, and selected for inclusion during the assessment process and then included in the HITRUST CSF Assessment Report, utilising the MyCSF platform.
As the best-in-class Software as a Service (SaaS) information risk management platform, MyCSF makes it easy and cost-effective for an organisation to manage information risk and compliance concerning security and privacy.
Information risk management
If the organisation has specific information security and privacy requirements for partners and wishes to explore leveraging the HITRUST CSR program to streamline the process of providing assurances for the constituents.
HITRUST delivers focused, ‘rely-able’ market solutions, such as the HITRUST Approach™. This approach provides organisations an integrated information risk management and compliance solution that ensures all components are aligned, maintained, and comprehensive to support information risk management and compliance objectives for any enterprise, anywhere in the world.
