R2 ASSESSMENT
The HITRUST r2 Validated Assessment is considered the gold standard for information protection assurances because of the comprehensiveness of control requirements, depth of review, and consistency of oversight. The r2 offers flexible, tailorable, risk-based control selection to meet the most stringent needs for organizations processing sensitive information or facing challenging regulatory requirements. HITRUST r2 Readiness, Interim, and Bridge Assessments available.
Read More
I1 ASSESSMENT
The HITRUST i1 Assessment leverages a proven set of HITRUST-curated controls designed to ensure that an organization is exercising Leading Security Practices. The i1 provides reliable assurances against current and emerging cyber threats to help establish a strong and broad information security program. A HITRUST i1 Readiness Assessment and an i1 Rapid Recertification Assessment are also available.
Read More
e1 ASSESSMENT
The HITRUST e1 Assessment adds efficiency and flexibility to the HITRUST portfolio by covering basic Foundational Cybersecurity practices that address the assurance needs of lower-risk organizations. The e1 also provides an excellent starting point for enterprises that are in the early stages of implementing their information security controls.
Read MoreWhat Kompleye Offers as a Trusted and Certified HITRUST Assessor?
HITRUST offers a simplified, streamlined, and efficient approach towards compliance and risk management. A HITRUST certification states that the organization has a proactive commitment to robust security and risk management. A lot of businesses are now using HITRUST to streamline the entire process of implementation, assessment, and reporting of information security and privacy controls of the organization.
Kompleye is registered as a HITRUST CSF® external assessor delivering high-quality services while simplifying the assessment process. You can verify here to confirm our affiliation to the program.
Our Health Care specialists will work with your organization to adhere to the HITRUST CSF validation requirements, understand your business processes and improve your audit experience.
Our HITRUST CSF® offering:
- HITRUST CSF Certification for r2, i1 and e1 assessments.
- HITRUST CSF i1 Rapid Recertification Assessment.
- HITRUST Interim and Bridge assessments.
- SOC 2 + HITRUST CSF Attestation (without certification).
- SOC 2 + HITRUST CSF Attestation with HITRUST CSF Certification.
- HITRUST Readiness for r2, i1 and e1 assessments.
More information about the differences in SOC 2 assessment can be found here. For more information regarding MyCSF tool please check here.
About HITRUST: What Is It All About?
HITRUST has developed the HITRUST CSF®, a certifiable framework that provides organizations with the needed structure, detail, and clarity relating to information security and privacy. With input from leading organizations within the industry, HITRUST identified a subset of the HITRUST CSF® control requirements that an organization must meet to be HITRUST CSF Certified.
The HITRUST CSF is primarily used by healthcare organizations and any other related subsidiaries or business associates for the management of regulatory risks. HITRUST certification is valid for two years. However, HITRUST isn’t just for healthcare organizations. It is an agnostic framework that is used across multiple industries like education, travel, insurance, and other sectors. The certifiable framework provides organizations with structure, detail, and clarity associated with various aspects of information security and privacy.
The framework integrates controls and requirements from various standards and regulations (such as PCI DSS, ISO, NIST, GDPR, HIPAA). It harmonizes cross-references from federal regulations, state regulations, and standard frameworks by incorporating a risk-based approach to streamline an organization’s reporting.
The e1 assessment is a subset of the i1 assessment and in turn this is a subset of the r2 assessment. This means that by completing either an e1 or an i1 it allows for a steppingstone to continue building the internal control environment to meet the superseding assessment’s requirements. As of the launch of CSF V11 e1 assessments have 44 requirements; i1 assessments have 182 requirements (44 from the e1 + 138 specific to the i1); r2 assessments have 182 requirements from the i1 + additional requirements from the r2 tailoring process.
HITRUST Engagement Option
HITRUST Risk-Based, 2-Year(r2) Validated Assessment: (formerly the HITRUST CSF Validated Assessment) focuses on a comprehensive risk-based specification of controls suitable for most organizations with a very rigorous approach to evaluation, which is suitable for high assurance requirements. HITRUST r2 Readiness, Interim, and Bridge Assessments available.
HITRUST Implemented, 1-year (i1) Validated Assessment: A threat-adaptive assessment focused on best security practices with a more rigorous approach to evaluation, which is suitable for moderate assurance requirements. It is a “best practices” assessment recommended for situations that present moderate risk. The i1 is a new class of information security assessment that is threat-adaptive with a control set that evolves over time to deliver continuous cyber relevance. The i1 is designed to provide higher levels of transparency, integrity, and reliability over existing moderate assurance reports, with comparable levels of time, effort, and cost. A HITRUST i1 Readiness Assessment is available prior to starting the validation process. As of CSF V11 i1 Rapid Recertification Assessment is available to alternate yearly with an i1 full assessment (if specific conditions are met).
HITRUST Essential, 1-year (e1) Validated Assessment: Focus on good Cybersecurity hygiene controls in virtually any size organization with a simple approach to evaluation, which is suitable for rapid and/or low assurance requirements. Offers higher reliability than other self-assessments and questionnaires and falls below the level of assurance conveyed by the more rigorous HITRUST i1 and r2 Assessments.
HOW KOMPLEYE CAN HELP
With in-depth industry knowledge and extensive experience in the field of Cybersecurity Maturity Models like HITRUST-CSF, CSA Star Attestation, and Cybersecurity Frameworks (i.e. ISO 27001-2013, NIST 800-171), we aim to offer the finest quality of services to your organization. With a team of healthcare specialists who have extensive experience, we can make for a seamless and streamlined assessment process offering the most appropriate
recommendations based on the imminent needs of your firm and operations.
Simply get in touch with us for a 1-hour free consultation with a HITRUST Partner. You will also get all relevant information regarding the HITRUST certification process. Simply contact us at info@kompleye.com or call +1(703)-814-0119
NEED EXPERT SERVICES?
Kompleye is one of the best Cybersecurity and Compliance Audit organizations in the United States. Get your Hitrust certification done by highly experienced consultants in the United States.
Request For A Free Meeting
We are an independent audit firm committed to providing high-quality services. We focus on cybersecurity examinations and audits. Our objective is to provide the best audit experience in the most efficient manner. As a CPA firm, we are committed to meeting the highest standards of Independence, Objectivity, and Professionalism that provides peace of mind to our customers and their customers.