HiTRUST

Glossary of Compliance

Compliance Glossary

Our list of curated compliance glossary offers everything you to know about compliance in one place.

a b c d e f g h i j k l m n o p q r s t u v w x y z

A

HiTrust Certification

The HITRUST Common Security Framework (CSF) is a certifiable framework that integrates and harmonizes multiple various regulatory requirements, standards, and best practices related to information security and data protection. Developed by the Health Information Trust Alliance (HITRUST), it aims to secure data in heavily regulated industries like healthcare. HITRUST organizations certification can be obtained through…
Learn More HiTrust Certification

HiTrust CSF

HITRUST CSF stemmed from the concept of a common security framework, which is an ideal tool with regulatory compliance for handling management of information security and its risks. What’s more, it consolidates the standards arising from the commonly implemented frameworks, such as HIPAA, NIST, ISO and PCI-DSS, which lets organizations mitigate the issues connected with…
Learn More HiTrust CSF

HITRUST CSF Assurance Program

The HITRUST CSF Assurance Program offers organizations a practical way to validate their compliance with the HITRUST CSF. This framework consolidates legal and regional requirements such as HIPAA, GDPR, NIST guidelines, FTC, laws of states similar to Nevada and Texas, and standards like PCI and COBIT. The two assessment models are self-assessment and validated assessment….
Learn More HITRUST CSF Assurance Program

HITRUST CSF Control Categories

HITRUST CSF Control Categories are a bit complex, with over 150 individual controls in total. The exact number of controls your company needs to focus on can vary depending on how you define “control” and your specific compliance needs. HITRUST organizes its framework into 14 distinct Control Categories, each labeled with a unique identifier from…
Learn More HITRUST CSF Control Categories

HITRUST Implemented, 1-year (i1) Validated Assessment

The HITRUST Implemented, 1-Year (i1) Validated Assessment is a certification process for organizations seeking a foundational level of security assurance. Since it focuses on well-established security controls designed to meet common cybersecurity and compliance requirements without delving into the complexities, i1 is ideal for organizations that Unlike the HITRUST Risk-Based, 2-Year (r2) Assessment which evaluates…
Learn More HITRUST Implemented, 1-year (i1) Validated Assessment

HITRUST Inheritance Program

The HITRUST Inheritance Program lets organizations rely on shared security controls provided by internal IT services or external third parties, like service providers, vendors, cloud platforms (SaaS, IaaS/PaaS), colocation data centers, and other managed services. For example, if you’re using Salesforce, the HITRUST Inheritance Program allows you to incorporate the controls Salesforce uses into your…
Learn More HITRUST Inheritance Program

HITRUST ISO 27001 Mapping

HITRUST and ISO 27001 are two of the most challenging yet highly sought-after information security certifications, especially for companies in the healthcare industry or those looking to partner with healthcare organizations.  Often, meeting just one of these standards isn’t enough to satisfy all contractual requirements. That’s where mapping security controls between HITRUST and ISO 27001…
Learn More HITRUST ISO 27001 Mapping

HITRUST MyCSF Tool

HiTRUST MyCSF Tool is Software-as-a-Service (SaaS) platform that assists organizations in Tracking and Reporting on various solutions of the framework. It makes the identification process easier, how control activities are implemented and preparation for certification much easier. It is designed for organizations that wish to prepare and pass their HiTRUST i1 and r2 assessments: to…
Learn More HITRUST MyCSF Tool

Sprinto: Your growth superpower

Use Sprinto to centralize security compliance management – so nothing
gets in the way of your moving up and winning big.

HITRUST ISO 27001 Mapping

HITRUST and ISO 27001 are two of the most challenging yet highly sought-after information security certifications, especially for companies in the healthcare industry or those looking to partner with healthcare organizations.  Often, meeting just one of these standards isn’t enough to satisfy all contractual requirements. That’s where mapping security controls between HITRUST and ISO 27001…
Oct 16, 2024

HITRUST Inheritance Program

The HITRUST Inheritance Program lets organizations rely on shared security controls provided by internal IT services or external third parties, like service providers, vendors, cloud platforms (SaaS, IaaS/PaaS), colocation data centers, and other managed services. For example, if you’re using Salesforce, the HITRUST Inheritance Program allows you to incorporate the controls Salesforce uses into your…
Oct 16, 2024

HITRUST CSF Control Categories

HITRUST CSF Control Categories are a bit complex, with over 150 individual controls in total. The exact number of controls your company needs to focus on can vary depending on how you define “control” and your specific compliance needs. HITRUST organizes its framework into 14 distinct Control Categories, each labeled with a unique identifier from…
Oct 16, 2024

HITRUST CSF Assurance Program

The HITRUST CSF Assurance Program offers organizations a practical way to validate their compliance with the HITRUST CSF. This framework consolidates legal and regional requirements such as HIPAA, GDPR, NIST guidelines, FTC, laws of states similar to Nevada and Texas, and standards like PCI and COBIT. The two assessment models are self-assessment and validated assessment….
Oct 16, 2024

HITRUST Implemented, 1-year (i1) Validated Assessment

The HITRUST Implemented, 1-Year (i1) Validated Assessment is a certification process for organizations seeking a foundational level of security assurance. Since it focuses on well-established security controls designed to meet common cybersecurity and compliance requirements without delving into the complexities, i1 is ideal for organizations that Unlike the HITRUST Risk-Based, 2-Year (r2) Assessment which evaluates…
Oct 16, 2024

HITRUST Risk-based, 2-year (r2) Validated Assessment

The HITRUST Risk-Based, 2-Year (r2) Validated Assessment is a comprehensive certification program that offers a set of assessments that are customized to offer an in-depth evaluation of an entity’s Information security and Risk management practices.  The r2 is centered on the assessment of implemented security controls as well as their levels of maturity, which makes…
Oct 16, 2024