Demonstrate your commitment to compliance and provide confidence to your customers with HITRUST certification.
A-LIGN knows HITRUST certification better than anyone. As one of the top HITRUST assessors in the world, we’ve helped more than one hundred clients successfully achieve HITRUST certification.
We can help you during any part of your HITRUST journey.
Proper Planning = HITRUST Success
The HITRUST CSF is a comprehensive, flexible, and certifiable security framework used by organizations across multiple industries to efficiently approach regulatory compliance and risk management.
By pulling from major pre-existing frameworks and working with organizations to better understand their needs, HITRUST provides a complete, certifiable security and privacy standard. This standard gives customers confidence that their data and confidential information is secure.
The Benefits of HITRUST Certification:
- Satisfies regulatory requirements mandated by third-party organizations and laws
- Accelerates your revenue and market growth by differentiating your business from the competition
- Saves time and money by leveraging a solid and scalable framework that includes multiple regulatory standards
We examine your organization’s environment and flow of data between systems that are in-scope, identify gaps for control, and provide recommendations for remediation.
Implemented 1-Year (i1) Assessment
The i1 Assessment is suitable for moderate assurance and results in a 1-year certification if requirements are met. There are 219 static controls in an i1 Assessment and only the Implemented maturity is tested. Once your assessment has been submitted to myCSF, we will review, validate and submit the assessment to HITRUST for approval.
Risk-Based 2-Year (r2) Assessment
This validated assessment focuses on a comprehensive risk-based specification of controls with a very rigorous approach to evaluation, suitable for high assurance requirements. A minimum of three of five maturities must be addressed during the r2 Assessment, Policy, Process, and Implemented. This certification is issued for two years with an Interim Assessment required during the one-year anniversary of the certification. Similar to the i1 Assessment, we will review and validate your assessment scores and will submit your final assessment to HITRUST for approval.
Interim Assessment Testing
If an r2 assessment was completed we will test a subset of requirements including 19 controls from the prior r2 assessment and determine the progress of any Corrective Action Plans. This ensures the ongoing effectiveness of those controls to identify and document any scope changes that may impact your HITRUST certification.
HITRUST Risk & Advisory Services
The A-LIGN Advisory Team will review your company’s policy and procedure documents and evaluate them against the HITRUST CSF standard. We will share any gaps identified and will remediate those gaps by updating and documenting the policies and procedures accordingly to meet the HITRUST CSF specifications. If your company needs policies and procedures created, we can design and document those appropriately after performing interviews to understand the control environment. We can also assist in documenting non-technical controls such as Risk Assessment, Incident Response, Disaster Recovery, and more.
The A-LIGN team has been awesome. I have recommended A-LIGN more times than I can count.”
James GroffHead of IT Security at Nuxeo
Sandata Achieves CMS Certification with HITRUST
In certain cases, HITRUST can be used to maximize efficiency and replace one or more other compliance requirements. Learn how Sandata’s healthcare client used HITRUST instead of completing a range of varying assessments to meet their rigorous compliance requirements being demanded by government and private healthcare institutions for CMS certification.
Get started with A-LIGN
Are you ready to start your compliance journey? A-LIGN is ready to assist with any of your compliance, cybersecurity, and privacy needs.