Demonstrate your commitment to compliance and provide confidence to your customers with HITRUST certification. 

A-LIGN knows HITRUST certification better than anyone. As one of the top HITRUST assessors in the world, we’ve helped more than one hundred clients successfully achieve HITRUST certification.  

 We can help you during any part of your HITRUST journey.  

fedramp certified

Proper Planning = HITRUST Success

The HITRUST CSF is a comprehensive, flexible, and certifiable security framework used by organizations across multiple industries to efficiently approach regulatory compliance and risk management.

By pulling from major pre-existing frameworks and working with organizations to better understand their needs, HITRUST provides a complete, certifiable security and privacy standard. This standard gives customers confidence that their data and confidential information is secure.

The Benefits of HITRUST Certification:

  • Satisfies regulatory requirements mandated by third-party organizations and laws 
  • Accelerates your revenue and market growth by differentiating your business from the competition
  • Saves time and money by leveraging a solid and scalable framework that includes multiple regulatory standards 

HITRUST Services

Readiness Assessment
Implemented 1-Year (i1) Assessment
Risk-Based 2-Year (r2) Assessment
Interim Assessment Testing
HITRUST Risk & Advisory Services

Readiness Assessment

We examine your organization’s environment and flow of data between systems that are in-scope, identify gaps for control, and provide recommendations for remediation.

Implemented 1-Year (i1) Assessment

The i1 Assessment is suitable for moderate assurance and results in a 1-year certification if requirements are met. There are 219 static controls in an i1 Assessment and only the Implemented maturity is tested. Once your assessment has been submitted to myCSF, we will review, validate and submit the assessment to HITRUST for approval.


Risk-Based 2-Year (r2) Assessment

This validated assessment focuses on a comprehensive risk-based specification of controls with a very rigorous approach to evaluation, suitable for high assurance requirements. A minimum of three of five maturities must be addressed during the r2 Assessment, Policy, Process, and Implemented. This certification is issued for two years with an Interim Assessment required during the one-year anniversary of the certification. Similar to the i1 Assessment, we will review and validate your assessment scores and will submit your final assessment to HITRUST for approval.

Interim Assessment Testing

If an r2 assessment was completed we will test a subset of requirements including 19 controls from the prior r2 assessment and determine the progress of any Corrective Action Plans. This ensures the ongoing effectiveness of those controls to identify and document any scope changes that may impact your HITRUST certification.

HITRUST Risk & Advisory Services

The A-LIGN Advisory Team will review your company’s policy and procedure documents and evaluate them against the HITRUST CSF standard. We will share any gaps identified and will remediate those gaps by updating and documenting the policies and procedures accordingly to meet the HITRUST CSF specifications. If your company needs policies and procedures created, we can design and document those appropriately after performing interviews to understand the control environment. We can also assist in documenting non-technical controls such as Risk Assessment, Incident Response, Disaster Recovery, and more.


500+ HITRUST Assessments
100% Successful
Certification Rate
100+ HITRUST Clients

The A-LIGN team has been awesome. I have recommended A-LIGN more times than I can count.”

James Groff

Head of IT Security at Nuxeo

Sandata Achieves CMS Certification with HITRUST

In certain cases, HITRUST can be used to maximize efficiency and replace one or more other compliance requirements. Learn how Sandata’s healthcare client used HITRUST instead of completing a range of varying assessments to meet their rigorous compliance requirements being demanded by government and private healthcare institutions for CMS certification.

A-LIGN works with client to complete audit

Get started with A-LIGN

Are you ready to start your compliance journey? A-LIGN is ready to assist with any of your compliance, cybersecurity, and privacy needs.