Glossary of Compliance

Compliance Glossary

Our list of curated compliance glossary offers everything you to know about compliance in one place.

Glossary » HiTRUST » HITRUST Inheritance Program

HITRUST Inheritance Program

The HITRUST Inheritance Program lets organizations rely on shared security controls provided by internal IT services or external third parties, like service providers, vendors, cloud platforms (SaaS, IaaS/PaaS), colocation data centers, and other managed services.

For example, if you’re using Salesforce, the HITRUST Inheritance Program allows you to incorporate the controls Salesforce uses into your audits and assessments. 

This means you don’t have to review Salesforce’s audit reports individually. Instead, your assessor can rely on the fact that Salesforce has already met the required testing for those controls and their HITRUST assessor has reviewed everything. It simplifies the process and saves time while ensuring compliance.

Now, here’s how you can use HITRUST Inheritance:

  • External Inheritance:  You can adopt up to 85% of the control testing scores from HITRUST-certified third-party Cloud Service Providers (CSPs). 
  • Internal Inheritance: You can also inherit results from your organization’s assessments, but this feature is available only with Corporate and Premium subscriptions.

This makes it easier to leverage existing compliance work and streamline your own assessments.

Additional reading

SOC 2 report

SOC 2 Reports: Types & Steps To Get It

In today’s day and age, data security is a pivotal selling point. Customers and prospects want to know that their data is secure and that the companies they sign on with have sufficient measures to ensure it stays that way. And so, companies are often tasked with proving the effectiveness of their security controls.  A…
Is your GRC system outdated

Your GRC Function Might Be Obsolete— Or Maybe Not.

As a leader, you might not realize that your function accumulates debt—not financial debt, but technical and procedural debt, which builds up quietly over time as systems age and processes go unchecked.  As your GRC function matures, minor inefficiencies can snowball into much larger issues. What was once cutting-edge is now outdated, creating friction that…
How to get started with GRC implementation

How to Successfully Implement GRC in Your Business?

Over time, businesses have experienced their fair share of realizations and revelations that have become the key drivers for GRC implementation. In the face of the interconnected nature of risks, they have learned that sticking to their traditional siloed practices is a recipe for disaster. They have also grappled with regulatory complexities and cyber threats…

Sprinto: Your growth superpower

Use Sprinto to centralize security compliance management – so nothing
gets in the way of your moving up and winning big.

Contact sales