HITRUST®, a leading data protection standards development and certification organization, announced today a new milestone in throughput of assessment reviews by reducing the turnaround time by 50% over the last six months and exceeding established quality standards, all while assessment volumes have hit an all-time high, confirming the growing need for reliable assurances. Also announced today is the publication of Advisories outlining updates to the HITRUST CSF Assurance Program™ that deliver at least a 25% savings in time and effort for assessed entities and HITRUST Authorized External Assessors to complete a CSF Validated Assessment while maintaining the current level of assurance and Rely-Ability™.
“Collectively, we have significantly reduced the cycle time required to prepare, submit, and complete a validated assessment so that organizations can more rapidly demonstrate to stakeholders that they take information risk management and compliance seriously, as proven through the only transparent and independently validated assessment of controls in the market,” said Bimal Sheth, Vice President of Assurance Services, HITRUST. “The ability to provide reliable assurances has become more critical than ever in the face of ransomware attacks, and emerging cyber threats.”
HITRUST continues to make substantial investments in its assessment infrastructure and has released several new innovative features and functionalities designed to further streamline and reduce time and effort of the CSF Assessment process for assessed entities and external assessors.
See a partial list describing the new features and enhanced processes within HITRUST MyCSF® and the HITRUST CSF Assurance Program:
Reservation-Based Quality Assurance (RBQA) – The new reservation system for HITRUST CSF Validated Assessments allows the HITRUST community to schedule a specific starting date to begin the HITRUST QA process, which enables better submission planning, greater predictability, and added trackability.
Streamlined Policies and Procedures – Policy evaluation and Procedure criterion have been revised to reduce effort, save time, and reduce duplication of effort. In addition, the incubation period for newly implemented policies and procedures is being reduced from 90 days to 60 days, allowing organizations to demonstrate remediation to their assessors sooner.
Kanban-Style Dashboards – Online User Interface improvements clearly show at-a-glance status tracking, including dynamic tiles that change to show what phase an assessment is in, badges that show open items and the assigned owners, number of days open items have been assigned, and more. Users can configure the Kanban Board to highlight what is most important to them. Drill down by assessment capabilities provide added transparency by showing metadata about the assessment and color-coded phases indicating which stages are complete, current, and remaining.
Assurance Intelligence Engine™ – Expanded capabilities analyze assessment documentation before submission to alert for missing information, inconsistencies, and errors. These additional automated checks add efficiency and save time by identifying issues up-front that can slow the assessment review process.
UI and UX Updates – Numerous updates to user interface and experience include the ability to enter scoping data, complete the QA checklist, and request draft revisions directly into MyCSF for added efficiency, greater document security, and less redundancy.
Updated Workflows and Expanded Notifications – Re-sequenced assessment phases simplify steps, clearly identify owners, and reduce back-and-forth communications. Workflow improvements focus on completing QA more efficiently and generating reports sooner with fewer slowdowns. Improved communication during the QA process with periodic updates and requests which are much more detailed, easier to understand, and focused on specific actions and timelines needed to move assessments to the next phase.
“These recent investments to improve report turnaround time, coupled with the CSF Assurance Methodology changes and platform enhancements that reduce time and effort for assessed entities and assessors, are substantial and significant,” said Dr. Kevin Charest, Executive Vice President and Chief Technology Officer, HITRUST. “These milestones for HITRUST are not obtainable by any other information security or privacy accreditation organization and are only possible due to the previous and continued investments in the HITRUST infrastructure.”
For more information on the items announced in this release, see these resources:
Since it was founded in 2007, HITRUST has championed programs that safeguard sensitive information and manage information risk for organizations across all industries and throughout the third-party supply chain. In collaboration with privacy, information security, and risk management leaders from the public and private sectors, HITRUST develops, maintains, and provides broad access to its widely adopted common risk and compliance management frameworks as well as related assessment and assurance methodologies. For more information, visit www.hitrustalliance.net.