Glossary of Compliance

Compliance Glossary

Our list of curated compliance glossary offers everything you to know about compliance in one place.

Glossary » HiTRUST » HITRUST Inheritance Program

HITRUST Inheritance Program

The HITRUST Inheritance Program lets organizations rely on shared security controls provided by internal IT services or external third parties, like service providers, vendors, cloud platforms (SaaS, IaaS/PaaS), colocation data centers, and other managed services.

For example, if you’re using Salesforce, the HITRUST Inheritance Program allows you to incorporate the controls Salesforce uses into your audits and assessments. 

This means you don’t have to review Salesforce’s audit reports individually. Instead, your assessor can rely on the fact that Salesforce has already met the required testing for those controls and their HITRUST assessor has reviewed everything. It simplifies the process and saves time while ensuring compliance.

Now, here’s how you can use HITRUST Inheritance:

  • External Inheritance:  You can adopt up to 85% of the control testing scores from HITRUST-certified third-party Cloud Service Providers (CSPs). 
  • Internal Inheritance: You can also inherit results from your organization’s assessments, but this feature is available only with Corporate and Premium subscriptions.

This makes it easier to leverage existing compliance work and streamline your own assessments.

Additional reading

Cyber Insurance Companies: Protecting Your Business from Cyber Risks

Cyber insurance offers much more than protection alone. It covers expenses for things like, legal and investigative services, crisis communication and even compensation for those affected. Without insurance, some companies shut down entirely post-breach. Our cybersecurity insurance guide covers the fundamentals — what policies cover, cost factors, exclusions, and why 76% of breached companies say impacts equal…

How to Build an Effective Data Protection Strategy

Businesses today have their data distributed across the cloud, partner networks, data centers, and on-premise locations. This could include data of varying levels of sensitivity such as customer data, financial records, and other business essential information. Protecting such information requires a great deal of resources. Every company aims to minimize the heightened risks of potential…

How to build a risk-aware culture in your organization?

TL,DR: A risk-aware culture is an organizational mindset where employees demonstrate shared commitment to identifying, assessing, and mitigating risks as part of everyday decision-making Organizations often focus on technical controls while overlooking that employees are the weakest link, setting weak passwords, clicking phishing links, and writing credentials on sticky notes The 2024 State of Risk…

Sprinto: Your growth superpower

Use Sprinto to centralize security compliance management – so nothing
gets in the way of your moving up and winning big.

Contact sales