Our HITRUST CSF Services
As a HITRUST CSF assessor, 360 Advanced has been approved to perform assessment services associated with the CSF Assurance Program.
HITRUST CSF Readiness Assessment
This engagement is designed as an introduction to compliance with CSF, and is the springboard to a validated assessment. This is completed quickly and is the least burdensome on your organization’s resources. HITRUST does not perform any validation of your self-assessment.
HITRUST CSF Implemented, 1-Year (i1) Validated Assessment
The i1 is a “best practices” assessment recommended for situations that present moderate risk. The i1 is a new-class of information security assessment that is threat-adaptive with a control set that evolves over time to deliver continuous cyber relevance. The i1 is designed to provide higher levels of transparency, integrity, and reliability over existing moderate assurance reports, with comparable levels of time, effort, and cost.
HITRUST CSF Risk-Based, 2-Year (r2) Validated Assessment
A validated assessment offers your relying entity (aka client) assurance from 360 Advanced, an authorized CSF Assessor, about your CSF compliance. HITRUST requires us to perform on-site procedures along with executing an extensive testing program. Upon completion, HITRUST reviews the completed assessment and issues a Validated Report. In general, if your organization achieved a rating of 3+ or higher (on a scale of 1 – 5) in each domain, then your organization is eligible to become HITRUST CSF Certified valid for a two-year period.
HITRUST CSF Interim Assessment
In order to maintain your organization’s two-year HITRUST CSF Certification, an interim assessment must be conducted by an authorized CSF Assessor and submitted to HITRUST within the 90 day window leading up to the one year anniversary of the certification issuance date. Since your organization has made the effort to achieve certification, it’s critical to maintain that status with the Interim Assessment.
Download A Saas Provider’s Journey to HITRUST Certification Case Study
A Comprehensive Framework for Risk Management
HITRUST stands for Health Information Trust Alliance and was created to maintain the Common Security Framework (CSF). The framework was created to bring together and harmonize the compliance frameworks of HIPAA, ISO 27001/27002, NIST 800-53, GDPR, and PCI DSS. The HITRUST CSF is used by healthcare organizations and their business associates to manage regulatory risk. A HITRUST certification is valid for 24 months.
However, HITRUST isn’t just for healthcare organizations. HITRUST CSF Version 9.3 is an agnostic framework, allowing it to be used across multiple industries. Companies in education, travel, insurance, and other sectors are now using HITRUST to streamline
the selection, implementation, assessment, and reporting of information security and privacy controls.
The HITRUST CSF provides an efficient approach to compliance and risk management. HITRUST combines relevant regulations (e.g., HIPAA, CCPA, and GDPR) and standards (e.g., PCI, COBIT, NIST, etc.) into one framework. Certification demonstrates a robust, proactive
commitment to security and risk management.
Compliance Doesn’t Have to be Complicated
Encompassing at least 135 security controls and 21 privacy controls, HITRUST can be challenging to understand. Additionally, as security threats evolve, so does the HITRUST CSF. An experienced assessor can provide the guidance you need to achieve and maintain certification.
At 360 Advanced, we will help you navigate the complex world of HITRUST. As a HITRUST Authorized External Assessor, we’ll use our experience to guide you through the certification process – from scoping and interviews to technical testing and validation.
If you’re new to HITRUST, the first step may be a guided Readiness Assessment. Our HITRUST Certified CSF Practitioners (CCSFPs) and Certified HITRUST Quality Professionals (CHQPs) will explain how your current efforts measure up, while identifying issues to remediate before your validated assessment. Once you move on to a validated security assessment, our team will perform onsite fieldwork to review your policies, procedures, implementation methodologies, measurement strategies, and management strategies.
See what our clients are saying about us.
360 Advanced showed great professionalism as it relates to getting acquainted with a very unique industry like ours, the school transportation industry. We know that’s not easy and we appreciate all the extra effort that was put into learning about us and our industry. We’re extremely pleased with the service.
The one thing that sticks out more than anything else is the audit readiness they provide before the audit process starts. I appreciated the coaching and mentoring we received so we were well prepared for the audit. 360 Advanced always answer their phones, whether for quick issues or questions. And, they are not nickel and diming us – we paid one fee and they are still assisting us post audit.
Vice President and Chief Information Officer
R.C. Giltner Services, Inc.
I think the strength of SSA16 accreditation compliance has been such an advantage for us, allowing us to improve our processes, provide oversight and have our customers see the difference. The SOC examination has exceeded our wildest dreams. We are communicating this as part of our sales process and now it’s a requirement in nearly all the RFPs. We’ve won every single bid we submitted on since we received compliance. We think that is the key differentiator.
Audit Services Company
You deserve a conversation, not a questionnaire.
We build long-term relationships through trust and value. If you’re looking for a trusted business advisor to build your holistic compliance strategy, let’s chat!