Glossary of Compliance

Compliance Glossary

Our list of curated compliance glossary offers everything you to know about compliance in one place.

Glossary » HiTRUST » HITRUST Risk-based, 2-year (r2) Validated Assessment

HITRUST Risk-based, 2-year (r2) Validated Assessment

The HITRUST Risk-Based, 2-Year (r2) Validated Assessment is a comprehensive certification program that offers a set of assessments that are customized to offer an in-depth evaluation of an entity’s Information security and Risk management practices. 

The r2 is centered on the assessment of implemented security controls as well as their levels of maturity, which makes this framework appropriate to higher risk areas, which need additional and more profound approaches towards threats protection.

All of the security and privacy controls in the r2 assessment are divided according to numerous regulatory frameworks, including HIPAA, NIST, and ISO; this helps simplify the overall compliance process, as an organization can attain compliance in all these areas at once with a single assessment. 

While HITRUST i1 provides assessment against baseline controls, the assessment for r2 provides the extent to which an organization’s controls are designed specifically for the organization’s risk appetite.

The process of assessment starts with readiness assessment where an organization surveys the security deficiencies it has. An external expert performs the Validated Assessment to assess the strength and the complexity of the organization’s controls. This process involves consideration of control implementation, checking on the operations of the control and an evaluation of the risks by the existing controls.

When the assessment is done, the results are compiled and submitted to HITRUST. After completing the assessment, the organization gets this HITRUST r2 certification for two years. The organization must undertake an Interim Assessment, after one year in order to verify that controls are working as planned and that new risks are properly addressed.

Additional reading

GDPR Audit

Guide to GDPR Audit Checklist

The General Data Protection Regulation (GDPR) is one of the most stringent data protection laws in the world. Though this law aims to protect the privacy and security of the European Union (EU) citizens, its impact isn’t limited by geography.  If you are contemplating becoming GDPR compliant, we’ve curated a GDPR audit checklist for you…
Cybersecurity for Startups

Cybersecurity for Startups: All You Need to Know

With limited resources and fierce competition, cybersecurity often takes a back seat, viewed as a luxury reserved for larger corporations. After all, why would anyone target a startup? However, cybersecurity is a concern that should be addressed, even for startups. It’s not just big companies facing threats; small businesses and entrepreneurs are vulnerable, too. Symantec…
what is article 28 gdpr

Article 28 of GDPR: The Essentials for Data Processors

Article 28 GDPR (General Data Protection Regulation) discusses the written contract between a controller and a processor (or a sub-processor). This contract legally allows processors to process personal data on behalf of the Controller. This contract is also known as a Data Processing Agreement (DPA). Here’s an example of a standard DPA and the information…

Sprinto: Your growth superpower

Use Sprinto to centralize security compliance management – so nothing
gets in the way of your moving up and winning big.