HITRUST i1 Assessment Control Evolves with Changing Security Threats


Most regulations remain stagnant for quite some time. Or, when it is time for updates, the governing bodies go through extended rounds of public comments and insider review before new regulations are published. HITRUST has flipped this process on its head by launching HITRUST Implemented 1-year (i1) Assessment, which is designed to maintain relevance over time as threats evolve and new risks emerge by retiring controls no longer deemed relevant.  

Many existing assessments are not designed to keep pace with current and emerging threats. They rely on broad control requirements which raise questions about suitability of control and consistency of review that could impact the reliability of the results. HITRUST instead identified information security controls relevant to mitigating known risks and leverages cyber threat intelligence data to influence the selection and, as required, updating the technically focused HITRUST CSF requirements included in the HITRUST i1 Assessment. As a result, the HITRUST i1 Assessment includes controls selected to address emerging cyberthreats active today.   

The HITRUST i1 Assessment basically offers organizations the opportunity to obtain HITRUST certification with less effort than the traditional validated assessment, now referred to as the HITRUST Risk-based, 2-year (r2) validated Assessment.   

The HITRUST i1 Assessment is the first information security assessment of its kind with attributes not available through other assurance programs. Its unique controls selection and assurance program design deliver a higher level of reliability than other moderate assurance options. Also, the level of time and effort to complete certification is comparable to other moderate assurance options in the market.   

You may want to weigh your options when considering whether to pursue the HITRUST r2 or i1 certification. Your organization can complete the i1 certification, but since it is only good for one year, those costs may be offset by having to repeat the process annually. It could serve as a bridge to obtaining the r2 certification, though.   

No matter which HITRUST certification assessment you choose, 2W Tech can help you get to the finish line. We have a Cybersecurity Compliance Program that can help you maintain compliance with all your industry’s regulatory obligations. Call us today to learn more. 

Read More:

What is Double Extortion Ransomware?

Epicor ERP Financials Core Accounts Receivable

Back to IT News