Glossary of Compliance

Compliance Glossary

Our list of curated compliance glossary offers everything you to know about compliance in one place.

Glossary » HiTRUST » HITRUST Inheritance Program

HITRUST Inheritance Program

The HITRUST Inheritance Program lets organizations rely on shared security controls provided by internal IT services or external third parties, like service providers, vendors, cloud platforms (SaaS, IaaS/PaaS), colocation data centers, and other managed services.

For example, if you’re using Salesforce, the HITRUST Inheritance Program allows you to incorporate the controls Salesforce uses into your audits and assessments. 

This means you don’t have to review Salesforce’s audit reports individually. Instead, your assessor can rely on the fact that Salesforce has already met the required testing for those controls and their HITRUST assessor has reviewed everything. It simplifies the process and saves time while ensuring compliance.

Now, here’s how you can use HITRUST Inheritance:

  • External Inheritance:  You can adopt up to 85% of the control testing scores from HITRUST-certified third-party Cloud Service Providers (CSPs). 
  • Internal Inheritance: You can also inherit results from your organization’s assessments, but this feature is available only with Corporate and Premium subscriptions.

This makes it easier to leverage existing compliance work and streamline your own assessments.

Additional reading

ISO 42001 Audit: Compliance Steps, Checklist & Pitfalls

AI is moving fast. And regulations are trying to catch up faster. In McKinsey’s 2024 State of AI report, 13% of organizations have already hired AI compliance experts, and another 6% are onboarding AI ethics specialists. That’s because businesses are realizing something big: policy PDFs won’t cut it anymore. You need audit-ready AI systems. How…

Sprinto vs OneTrust: What’s a better fit for you?

Compliance platforms like Sprinto and OneTrust simplify achieving compliance standards like SOC 2, ISO 27001, GDPR, and more. The challenge is immense: juggling multiple frameworks, battling redundant tasks, and preparing for audits without slowing down operations. The platforms become critical enablers for growth and trust. However, they take very different approaches. TLDR: Sprinto is an…

ISMS Awareness Training Program Guide

In the age of cloud computing, information is vulnerable. Bad actors are always on the lookout for their next target. They scope for vulnerabilities in an organization’s ISMS (Information Security Management System) and exploit them. This often disrupts business activities. Employees are the weakest security link, which is why ISMS awareness training is essential. An…

Sprinto: Your growth superpower

Use Sprinto to centralize security compliance management – so nothing
gets in the way of your moving up and winning big.

Contact sales