Talk to a HITRUST Expert

Have questions about pricing, plans, or other aspects of our HITRUST Certification service? Fill out the form and a HITRUST specialist will be in touch shortly.

Thank you for getting in touch!

HITRUST Assessment Types

We provide assessor services for the implemented, one year (i1) and the industry-standard risk-based, two year (r2) HITRUST Assessments. These assessment types provide organizations of all sizes and maturity levels options for HITRUST certification. Our experts can help you decide which option is best for your organization.

i1

The Implemented, 1-Year (i1) Validated Assessment is a “best practices” assessment and recommended for situations that present moderate risk or where a baseline risk assessment is needed.

  • Moderate level of effort and assurance
  • One-year certification period
  • Requires 1-year recertification or transition to r2 assessment
  • Static, predetermined set of 219 control statements

    • r2

    The industry-standard HITRUST Risk-Based, 2-Year (r2) Validated Assessment is a tailorable assessment that provides the highest level of assurance for situations with greater risk exposure due to data volumes, regulatory compliance, or other risk factors.

  • High level of effort and assurance
  • Two-year certification period
  • Requires 1-year Interim, and 2-year recertification maintenance
  • Dynamically generated control statements based on scoping factors
  • Wide range of CSF and compliance options and coverage