Achieve HITRUST r2 Certification
HITRUST r2 Facts
| Description | Validated Assessment + Certification |
|---|---|
| Purpose (Use Case) | Comprehensive risk-based control specifications with a rigorous approach to evaluation, suitable for high assurance requirements |
| Complementary Assessments | Readiness, Interim, Bridge |
| 4th-Party-Performed Controls (Performed by Subservice Providers) | Included |
| Shares Assessment Results with Relying Parties through the HITRUST Results Distribution System™ | Yes |
| Leverages HITRUST Assurance Intelligence Engine™ (AIE) to Prevent Omissions, Errors, or Fraud | Yes |
| Targeted Coverage | NIST SP 800-53, HIPAA, FedRAMP, NIST Cybersecurity Framework, AICPA TSC, PCI DSS, GDPR, and a full range of others |
| Number of Control Requirement Statements | 2,000+ based on Tailoring (360 average in scope of assessments) |
| Flexibility of Control Selection | Custom Tailoring |
| Evaluation Approach | PRISMA 3x5 or 5x5: Control Maturity assessment against either 3 or 5 maturity levels (Policy/Procedure/Implemented/ Measured/Managed) |
| Level of Effort / Level of Assurance Conveyed | High |
| Certifiable Assessment | Yes, every two years |
HITRUST AI Cybersecurity
HITRUST AI Cybersecurity for AI ensures organizations mitigate cybersecurity threats, while also addressing privacy, ethics, and transparency risks.
HITRUST AI Risk Management
HITRUST AI Risk Management provides a strong foundation for assessing AI risks, identifying gaps, and drive continuous improvement.
Benefits of a HITRUST r2 Certification
- Responsible assurances for risk management and compliance
- Comprehensive r2 Certification Report
- Assess Once, Report ManyTM
- Highest level of assurance
- Reduction in cyber insurance premiums
- Protected from intrusion and breaches
