R2 Assessment

The HITRUST Risk-based, 2-year (r2) Validated Assessment is globally recognized as a high-level validation showing that an organization successfully manages cyber risk by meeting and exceeding industry-defined and accepted information security requirements. The HITRUST r2 Validated Assessment + Certification is considered the gold standard for information protection assurances because of the comprehensiveness of control requirements, depth of quality review, and consistency of oversight.

Earning an r2 Certification puts an organization into an elite group by showing that they meet key compliance requirements included across a wide range of industry standards and frameworks, as well as federal and state regulations. The HITRUST r2 provides a competitive advantage to strengthen existing business relationships and earn new partnerships — especially in situations with significant volumes of PII, ePHI, and other sensitive data that requires the highest levels of assurance.

• The number of control requirement statements in an r2 Assessment can be tailored by adjustable risk factors.
• Uses a flexible, tailorable, risk-based approach to scale and select controls based on inherent risk factors and targeted authoritative sources.
• While 75 prescribed controls within the HITRUST CSF framework are required for an r2 Certification, organizations have the flexibility to scale and select other controls as needed.
• Relies on proven PRISMA scoring for Policies, Procedures, Implemented, (and optionally) Measured and Managed.
• Offers Assess Once, Report Many™ benefits by meeting multiple requirements and minimizing the need for additional reports.