ecfirst Achieves HITRUST® Certification

Risk-based r2 Certification attained for Microsoft Office365 SaaS

Waukee, IA  — Oct 14, 2022 — ecfirst is a compliance and cybersecurity consulting firm specializing in bringing exceptional value to clients with its full suite of flexible services. The ecfirst specialized services include managed security and IT infrastructure solutions including policies, remediation, risk assessment, technical vulnerability assessment, penetration testing, social engineering, policy and procedure development, certification training and more.

The HITRUST Risk-based, 2-year (r2) Certified status demonstrates that key implemented systems within the organization are HITRUST-certified and that ecfirst appropriately meets the requirements within HITRUST for managing risk associated with the certified systems.

This achievement places ecfirst in an elite group of organizations worldwide that have earned this industry gold standard certification. By including federal and state regulations, standards, and frameworks and incorporating a risk-based approach, the HITRUST Assurance Program helps organizations address security and data protection challenges through a comprehensive and flexible prescriptive and scalable security controls framework.

ecfirst partnered with Postlethwaite & Netterville (P&N), a HITRUST Authorized External Assessor, in achieving HITRUST Certification for Microsoft Office365 Software as a Service (SaaS).

“The successful achievement of the ecfirst HITRUST Certification reflects our deep commitment to maintain high standards for our implemented capabilities ,” said Uday Ali Pabrai, Chief Executive, ecfirst. “Further, our experience as a HITRUST Authorized External Assessor, afforded us additional insight as we managed our internal HITRUST Certification program.”

About ecfirst

Established in 1999, ecfirst delivers complete end-to-end compliance and cyber defense services across the United States and worldwide. ecfirst has completed several thousand information security assessments and guided clients to successfully manage HITRUST certification, NIST, and HIPAA compliance programs. Our team has managed assessments using various standards including NIST SP 800-53/171, CMMC, HIPAA, GDPR, ISO 27001, PCI-DSS and others. ecfirst is Department of Defense authorized  CMMC C3PAO Candidate, RPO, LPP, and LTP. ecfirst is also a HITRUST Authorized External Assessor. For more information, please visit and

Press Release Contact

If you would like more information about ecfirst, please contact Krystal Perez at