Have questions about pricing, plans, or other aspects of our HITRUST Certification service? Fill out the form and a HITRUST specialist will be in touch shortly.
Thank you for getting in touch!
HITRUST Assessment Types
We provide assessor services for the implemented, one year (i1) and the industry-standard risk-based, two year (r2) HITRUST Assessments. These assessment types provide organizations of all sizes and maturity levels options for HITRUST certification. Our experts can help you decide which option is best for your organization.
The Implemented, 1-Year (i1) Validated Assessment is a “best practices” assessment and recommended for situations that present moderate risk or where a baseline risk assessment is needed.
Moderate level of effort and assurance
One-year certification period
Requires 1-year recertification or transition to r2 assessment
Static, predetermined set of 219 control statements
The industry-standard HITRUST Risk-Based, 2-Year (r2) Validated Assessment is a tailorable assessment that provides the highest level of assurance for situations with greater risk exposure due to data volumes, regulatory compliance, or other risk factors.
High level of effort and assurance
Two-year certification period
Requires 1-year Interim, and 2-year recertification maintenance
Dynamically generated control statements based on scoping factors
Wide range of CSF and compliance options and coverage