Glossary of Compliance

Compliance Glossary

Our list of curated compliance glossary offers everything you to know about compliance in one place.

Glossary » HiTRUST » HITRUST Inheritance Program

HITRUST Inheritance Program

The HITRUST Inheritance Program lets organizations rely on shared security controls provided by internal IT services or external third parties, like service providers, vendors, cloud platforms (SaaS, IaaS/PaaS), colocation data centers, and other managed services.

For example, if you’re using Salesforce, the HITRUST Inheritance Program allows you to incorporate the controls Salesforce uses into your audits and assessments. 

This means you don’t have to review Salesforce’s audit reports individually. Instead, your assessor can rely on the fact that Salesforce has already met the required testing for those controls and their HITRUST assessor has reviewed everything. It simplifies the process and saves time while ensuring compliance.

Now, here’s how you can use HITRUST Inheritance:

  • External Inheritance:  You can adopt up to 85% of the control testing scores from HITRUST-certified third-party Cloud Service Providers (CSPs). 
  • Internal Inheritance: You can also inherit results from your organization’s assessments, but this feature is available only with Corporate and Premium subscriptions.

This makes it easier to leverage existing compliance work and streamline your own assessments.

Additional reading

To Whom Does PCI DSS Apply
Blogs PCI DSS

Who Must Comply with PCI DSS? Payment Security Explained

Key Points Introduction  The Payment Card Industry Data Security Standard (PCI DSS) was created by the PCI Security Standards Council (PCI SSC) to protect sensitive transaction data and keep it secure from cybersecurity threats. The PCI SSC is an independent organization founded in 2006 by major payment card companies like American Express, MasterCard, Visa, JCB International,…
Blogs General

Vulnerability Scanning Tools: Key Features to Look For

When choosing a vulnerability scanning tool, it’s essential to balance usability and security. CTOs and VPs of Engineering, who typically lead these decisions, aim to set a high standard for cybersecurity without sacrificing ease of use. A recent study by Qualys Threat Research stated that over 26,000 vulnerabilities were published in 2023. Naturally, to detect…
A Quick Guide to Compliance Documentation
Blogs Cloud compliance Cybersecurity

A Quick Guide to Compliance Documentation

Having comprehensive compliance documentation acts as the backbone to showcase that your organization adheres to regulatory standards. And navigating through the complex compliance documentation acts as a challenge for organizations today because of the constantly evolving policies and framework, the necessity of maintaining version histories, the intricacies of managing many moving parts and processes with…

Sprinto: Your growth superpower

Use Sprinto to centralize security compliance management – so nothing
gets in the way of your moving up and winning big.

Contact sales