Make A Payment
Client Portal
Contact us
Contact us

HITRUST

Deliver sound risk management practices, internal control systems and compliance frameworks.

What is HITRUST?

The HITRUST Common Security Framework (HITRUST CSF) is a certifiable framework that provides organizations with a comprehensive, flexible, and efficient approach to regulatory compliance and risk management. The HITRUST Alliance is a not-for-profit organization, founded in 2007, born out of the belief that information protection should be a core pillar of, rather than an obstacle to, the broad adoption of health information systems and exchanges. HITRUST also leads many efforts in awareness, education, and advocacy related to information protection. In addition, HITRUST’s framework has since been developed to be non-industry specific.

The HITRUST CSF consists of 14 Control Categories (see below), 19 Domains, 49 Control Objectives, 156 Control References, and 3 Implementation Levels. The HITRUST CSF was built on the primary principles of ISO 27001/27002 and has evolved to align with a wide range of regulations, standards, and business requirements. These include HIPAA, PCI-DSS, NIST 800-53, NIST Cybersecurity Framework, COBIT, GDPR, and more.

HITRUST CSF Control Categories

  1. Information Security Management Program
  2. Access Control
  3. Human Resources Security
  4. Risk Management
  5. Security Policy
  6. Organization of Information Security
  7. Compliance
  8. Asset Management
  9. Physical and Environmental Security
  10. Communications and Operations Management
  11. Information Systems Acquisition, Development and Maintenance
  12. Information Security Incident Management
  13. Business Continuity Management
  14. Privacy Practices

Why HITRUST?

  • You have a customer requiring HITRUST compliance
  • You’re looking to improve your overall security posture through a recognized, reputable and certifiable framework
  • You’re looking to establish governance over your risk management and information security programs
  • You’re looking to differentiate your organization through adoption of an efficient, flexible and scalable standard
    • Harmonizes and maps existing controls and requirements from standards, regulations, business, and third-party requirements, including:
    • HIPAA, NIST 800-53, PCI-DSS, ISO 27001/2, COBIT, GDPR, etc.
    • Scales controls based on the size, type, and complexity of your organization
    • Is non-industry specific
  • The HITRUST CSF Assurance Program enables trust in information protection through an efficient and manageable approach
    • The comprehensiveness of the requirement statements for the assessed entity is based on multiple levels within the HITRUST CSF as determined by defined risk factors
LEARN MORE ABOUT HITRUST CSF REPORTING

About Schneider Downs IT Risk Advisory 

Schneider Downs’ team of experienced risk advisory professionals focus on collaborating with your organization to identify and effectively mitigate risks. Our goal is to understand not only the risks related to potential loss to the organization, but to drive solutions that add value to your organization and advise on opportunities to ensure minimal disruption to your business.  

To learn more, visit our dedicated IT Risk Advisory page. 

OTHER USEFUL LINKS

SOC 2 + ExaminationsHIPAAIT TPRM |

IT Risk Advisory Resources

View our additional IT Risk Advisory services and capabilities

Learn More
Contact us
Subscribe For Updates

Receive all the latest insights and industry tips.

This field is for validation purposes and should be left unchanged.
Email us: [email protected]
Follow Us:
Facebook-f Linkedin-in

Office Locations

Pittsburgh

One PPG Place,
Suite 1700
Pittsburgh, PA 15222

p:
412.261.3644
f:
412.261.4876
Columbus

65 East State Street,
Suite 2000
Columbus, OH 43215

p:
614.621.4060
f:
614.621.4062
Metropolitan Washington

1660 International Drive,
Suite 600
McLean, VA 22102

p:
571.380.9003

Links

Inside Public Accounting Best of the Best 2024
Accounting Today Top 100 2024
Accounting Today Regional Leaders
Best Of Accounting Diamond Award

Schneider Downs is a Top 60 independent Certified Public Accounting (CPA) firm providing accounting, tax, audit and business advisory services to public and private companies, not-for-profit organizations and global companies. We also offer Internal Audit; Technology Consulting; Software Solutions; Personal Financial Services; Retirement Plan Solutions and Corporate Finance Services. Schneider Downs is the 13th largest accounting firm in the Mid-Atlantic region and serves individuals and companies in Pennsylvania (PA), Ohio (OH), West Virginia (WV), New York (NY), Maryland (MD), and additional states in the United States with offices in Pittsburgh, PA, Columbus, OH, and McLean, VA.

© 2024 Schneider Downs & Co., Inc. Maryland license number 35239.

Breached?

Every moment counts. For urgent requests, contact the Schneider Downs digital forensics and incident response team at 1-800-993-8937. For all other requests, please complete the form below.

"*" indicates required fields

This field is for validation purposes and should be left unchanged.