HITRUST CSF

Simplifying the Path to HITRUST Certification

HITRUST Made Easy

As an international gold standard of security, HITRUST can demonstrate that your organization meets the highest standards in information security. As a HITRUST Authorized External Assessor, BARR has extensive experience in the HITRUST process and tools, and can serve as your trusted partner every step of the way.

How it Works

Phase 1

HITRUST Readiness Assessment

A readiness assessment is recommended prior to the validated assessment in order to identify control weaknesses that need correction. Deliverables from the readiness assessment include:

Preliminary control discovery results that will assist in documenting process narratives and crafting the description of controls;
Control gaps and areas of improvement; and,
Prioritized observations and recommendations for remediation.

The advantage of performing a readiness assessment prior to a HITRUST assessment is to give management an opportunity to address control gaps prior to an inaugural examination as well as help with required risk assessment activities.

Phase 2

HITRUST Validated Assessment

The validated assessment includes a number of testing procedures to ensure compliance gaps have been appropriately identified and controls are implemented and operating effectively. Testing procedures include:

Walkthroughs with personnel interviews to verify policies and procedures are documented;
Inspection of CSF-relevant policies and procedures to verify adequate coverage of CSF requirements;
Technical testing to validate the implementation of relevant controls; and,
Observation of relevant controls and control processes
Inspection of mechanisms used to manage relevant controls.

Questions about HITRUST?

HITRUST Facts

Learn important facts from the HITRUST Alliance’s Did You Know? page, and connect with a BARR expert who can help you get started on your HITRUST journey.

Get HITRUST Answers