1. A HITRUST CSF Self-Assessment allows an organization to conduct a review and assessment of its internal control environment using the standard methodology, requirements, and tools provided under the HITRUST CSF Assurance Program. The self-assessment option removes any potential barriers for organizations that lack the resources for an onsite assessment, but nonetheless must still implement data protection controls, maintain HIPAA/HITECH compliance, and report to external parties.
2. A HITRUST Validated Assessment is conducted by a HITRUST approved CSF Assessor, such as I.S. Partners, LLC. Using the HITRUST CSF Assurance methodology, an organization’s internal controls are scored accordingly. Assessments meeting or exceeding the current HITRUST CSF Assurance scoring requirements for certification will be indicated as “HITRUST CSF Certified” on the certification report from HITRUST.