Glossary of Compliance

Compliance Glossary

Our list of curated compliance glossary offers everything you to know about compliance in one place.

Glossary Β» HiTRUST Β» HITRUST Inheritance Program

HITRUST Inheritance Program

The HITRUST Inheritance Program lets organizations rely on shared security controls provided by internal IT services or external third parties, like service providers, vendors, cloud platforms (SaaS, IaaS/PaaS), colocation data centers, and other managed services.

For example, if you’re using Salesforce, the HITRUST Inheritance Program allows you to incorporate the controls Salesforce uses into your audits and assessments. 

This means you don’t have to review Salesforce’s audit reports individually. Instead, your assessor can rely on the fact that Salesforce has already met the required testing for those controls and their HITRUST assessor has reviewed everything. It simplifies the process and saves time while ensuring compliance.

Now, here’s how you can use HITRUST Inheritance:

  • External Inheritance:Β  You can adopt up to 85% of the control testing scores from HITRUST-certified third-party Cloud Service Providers (CSPs).Β 
  • Internal Inheritance: You can also inherit results from your organization’s assessments, but this feature is available only with Corporate and Premium subscriptions.

This makes it easier to leverage existing compliance work and streamline your own assessments.

Additional reading

Security and Compliance: Key Differences and Similarities

Information technology has evolved rapidly over the last couple of decades, with the industry set to top $5 trillion in 2019. The growth of IT is giving rise to a new set of complex compliance and security challenges.  Industry experts are realizing the importance of how companies share, store, and receive information. IT compliance frameworks…

The Essential Guide to Data Governance Frameworks

As data becomes a vital component in fuelling business strategy and outcomes more than ever before, forward-looking organizations are striving to continuously enhance the trustworthiness of data. This is because data-driven decisions enable better insights and meaningful changes for the organization. However, building a data-informed culture calls for better data ownership, sharing, collaboration, and ongoing…

HIPAA Covered Entities: Who Needs to Comply?

If you own a healthcare business or provide a service to one, you probably manage patient data. While easy access to patient data is crucial to optimize care services, it should not end up in the wrong hands or accidentally leak. The Health Insurance Portability and Accountability Act of 1996 (HIPAA) holds care providers and…

Sprinto: Your growth superpower

Use Sprinto to centralize security compliance management – so nothing
gets in the way of your moving up and winning big.

Contact sales