HITRUST, a data protection standards development and certification organisation, continues to expand and enhance its services and support in the Asia Pacific region as part of a global information protection approach to streamline information risk management and compliance for organisations of any type, size, or geography delivering services locally, nationally, or internationally.
This strategy builds on the HITRUST Approach and the vision of One Framework, One Assessment, globally.
Global objective
To accomplish this important global objective, HITRUST is announcing several activities:
- Establishing the Asia Advisory Council and releasing a call for member nominations.
- Updating the HITRUST CSF framework with additional Asia-specific authoritative sources.
- Supporting data localisation within HITRUST MyCSF.
- Submission to be an Accountability Agent under the Asia Pacific Economic Cooperation (APEC) Cross Border Privacy Rules System (CBPRS) and Privacy Recognition for Processors System (PRPS).
HITRUST Asia Advisory Council
Council seats will be available for organisations from industry, government, or academia in the region
The members selected will have extensive experience in security, privacy, and/or risk management, as well as an understanding of security and privacy laws and standards relevant to organisations conducting business in Asia. Council seats will be available for organisations from industry, government, or academia in the region.
The creation of the Asia Advisory Council ensures that the HITRUST Approach remains current and relevant to the needs of the HITRUST community in Asia. To learn more about the Council, including details about the nomination process and other information for organisations headquartered in the APEC region that are interested in joining, visit the webpage.
HITRUST CSF Framework
The HITRUST CSF currently contains 44 authoritative sources covering various privacy and security standards and laws, including Singapore’s PDPA.
HITRUST has committed to incorporating additional sources that align in these three areas: data privacy, banking and financial services, and cybersecurity/IT.
Additional standards and laws
HITRUST will work with the Asia Advisory Council to identify and prioritise additional standards and laws for future inclusion. These Asia-specific authoritative sources will be introduced in three phases:
- Phase 1 will include data privacy regulations. In addition to Singapore’s PDPA, we will introduce Hong Kong’s Personal Data Privacy Ordinance (PDPO), Malaysia’s Personal Data Protection Act 2010, and the Philippines Data Privacy Act of 2012 in the HITRUST CSF version 10.
- Phase 2 will include banking and financial services regulations. This will include Singapore’s Monetary Authority of Singapore (MAS) Technology Risk Guidelines, Malaysia Bank Negara Malaysia Risk Management in Technology (RMIT), Hong Kong’s Monetary Authority (HKMA) General Principles for Technology Risk Management, the Philippines Bangko Sentral Guidelines on Information Technology Risk Management for all Banks and other BSP-supervised Institutions, and Indonesia’s Financial Services Authority Risk Management in Use of Information Technology Banks 2017 Circular.
- Phase 3 will include cybersecurity/IT-focused regulations, such as Singapore’s Cybersecurity Act (CSA) and GovTech requirements.
HITRUST MyCSF data localisation
MyCSF platform is being enhanced to enable subscribers to specify the locale in which their data resides
The MyCSF platform is being enhanced to enable subscribers to specify the locale(s) in which their data resides, which will include locales in Asia.
This is important not only for an organisation’s sense of security but also to comply with any relevant data localisation requirements.
Accountability Agent for Asia-Pacific Economic Cooperation (APEC)
HITRUST has applied to become an Accountability Agent for the CBPRS and PRPS, which allows HITRUST organisations to demonstrate compliance with these key data transfer rules as part of their HITRUST CSF Validated Report.
The global economy runs on data, and being able to appropriately transfer personal data across borders is critical to success.
Increasing risk management, privacy, and security
HITRUST ensures that businesses have access to the comprehensive and globally-relevant information protection
HITRUST is committed to ensuring that businesses of all sizes have access to the world’s most comprehensive and globally-relevant information protection framework and services, giving them the ability to demonstrate the breadth and strength of their information risk management and mitigation programs to third-party vendors and stakeholders.
As the volume of data being shared internationally increases, so does the need for a scalable, integrated, and mature information protection framework and assurance program that is recognised internationally.
Data protection laws
“The mass adoption of data protection laws and increased need for heightened security postures around the world make information protection a key aspect of participating in the global economy,” says Anne Kimbol, Assistant General Counsel and Chief Privacy Officer, HITRUST.
“The HITRUST CSF and CSF Assurance Program address information risk management and relevant regulatory requirements through a single integrated approach that documents an organisation’s information risk management program in a way that can be shared with customers, authorities, and other stakeholders efficiently.”
Cost-effective, streamlined framework
HITRUST offers a cost-effective, streamlined framework and solution with the ability to incorporate information protection
HITRUST offers organisations a cost-effective, streamlined framework and solution with the ability to incorporate information protection, risk management, and regulatory requirements as necessary on a global scale.
As international business ecosystems grow, HITRUST remains focused on Securing the Future of the Digital World™.
CSF adoption, assessments, and training
“HITRUST is taking a focused approach to our Asia engagement to better assist organisations in the region in addressing their global information risk management and compliance priorities, increasing our already growing momentum in the market relating to CSF adoption, assessments, and training,” explained Steve Baram, Senior Vice President, HITRUST.
“As the global privacy and security landscape expands, so will HITRUST’s framework and services.”