What is the HITRUST Shared Responsibility and Inheritance Program?
TheHITRUST Shared Responsibility and Inheritance Program is intended to simplify leveraging service provider security controls for a HITRUST CSF Assessment.Assessment scores of any cloud hosting or service provider participating in the HITRUST Shared Responsibility and Inheritance Program can be applied to any other organization’s assessment. In other words, a company can leverage a vendor’s assessment scores when conducting its own HITRUST CSF Assessment, thereby inheriting a vendor’s controls and applying them to its own assessments easily, saving time and resources. This simplifies and streamlines the assessment process.
Benefits of the program
Key benefits of the HITRUST Shared Responsibility and Inheritance Program include:
An indication that a vendor has a strong focus on security
Less required testing
Inheriting control requirement scores
Less data entry for applications already hosted on a HITRUST CSF certified environment
By seamlessly lifting and applying assessment scores to other assessments across the board, organizations can reduce the time, effort and associated costs required for testing inherited controls.
How the program works
Participating service providers appear in the official list of organizations that have a HITRUST CSF Validated Assessment. A client indicates which specific control requirement it will inherit and chooses its hosting or service provider from the list. The system validates the relationship by requesting verification from the vendor to confirm the services provided. In order to participate in the program, a vendor must have:
Current HITRUST CSF Validated Assessment in good standing
For more information about the HITRUST Shared Responsibility and Inheritance Program, contact HITRUST at 855.HITRUST or email sales@hitrustalliance.net.