Leading the Future of Cybersecurity
HITRUST Collaborate 2024, held October 1-3 in Frisco, Texas, gathered top professionals in cybersecurity, risk management, and compliance for an impactful 2.5-day event.
As one of the event’s Platinum Sponsors, I.S. Partners was excited to contribute to discussions on the future of cybersecurity, share insights, and connect with industry leaders from across the globe.
Two major announcements occurred when our very own Rob Godard and Ian Terry shared the stage with HITRUST VP of Adoption Ryan Patrick and HITRUST EVP Market Engagement Blake Sutherland.
HITRUST’s integration of the third-party risk management (TPRM) framework with ServiceNow will enable more seamless management of third-party risks. I.S. Partners helped provide key insights on the challenges facing the industry, particularly around third-party risk management and AI. Their expert perspectives helped set the stage for this important advancement in risk management.
The event also featured the upcoming HITRUST AI Security Certification, set to launch in December 2024. This certification is tailored specifically for AI providers designed to protect AI systems against evolving threats.
Insights from HITRUST leadership outlined the strategic vision for 2025 and beyond.
With discussions on ransomware, compliance, and cyber insurance, HITRUST Collaborate 2024 successfully equipped attendees to tackle future cybersecurity challenges.

Highlights of the HITRUST Collaborate 2024 Event
HITRUST Collaborate 2024 offered insights and actionable strategies that will shape the future of cybersecurity and risk management. Across 2.5 days, industry leaders shared critical updates, groundbreaking innovations, and practical solutions to the challenges organizations face today.
In particular, Rob Godard, one of I.S. Partners’ Senior Partners, highlights the opportunity they had to connect with other sponsors.
One key achievement of the team was the ability to connect with other sponsors. This allowed us to participate in a collective effort to reduce industry risk through the HITRUST security framework.
Below, we’ve captured some of the most signifcant highlights from the event’s key sessions and announcements.
HITRUST: Past, Present, and Future
HITRUST Founder and CEO Daniel Nutkis, along with a panel of experts, reflected on HITRUST’s evolution and the security assurance industry’s progress. This session offered insights into how HITRUST has shaped the landscape and continues to lead in setting the standard for security and compliance.
The session gave a glimpse into the process of building a globally renowned organization and internationally recognized framework for newcomers and a refresher for the attending experts. When asked for some of their key takeaways from the event, Philip LaRocca, one of I.S. Partners’ managers who attended the event, had this to emphasize,
One of the biggest takeaways from HITRUST Collaborate 2024 is how effective the HITRUST CSF may be for Cybersecurity Assurance and Information Risk Reduction. Only 0.64% of HITRUST-certified environments reported breaches in the last two years (2022 and 2023), according to HITRUST’s Inaugural Trust Report.
Vision 2025: A Plan for Continuous Assurance
Robert Booker, HITRUST’s Chief Strategy Officer, unveiled the Vision 2025 initiative, outlining HITRUST’s move toward Continuous Assurance. His presentation focused on the organization’s plans to offer continuous security control validation, starting in 2025 to help organizations keep pace with the fast-evolving cybersecurity landscape.
The new approach is designed to enhance security monitoring and compliance by providing continuous control validation. This evolution builds on HITRUST’s proven ecosystem, enabling organizations to move away from outdated security practices and reduce the risk of evidence decay.
The strategy involves key elements, including the following:
- Continuous Monitoring Taxonomy. Identifies control categories suited for continuous assurance, supported by the Next Generation HITRUST CSF, starting with version 12 in 2025.
- Continuous Monitoring Workflow Enhancements. New workflows in MyCSF allow organizations to update evidence and seek validation, with external assessors reviewing critical control outcomes.
- Automated Evidence Collection. Integrates with existing compliance frameworks, reducing the cost and complexity of gathering security evidence.
- Continuous Outcome Inspection. From late 2025, service providers can continuously validate that security requirements are met, using shared responsibility models.
- Results Distribution System. Streamlines the sharing of assessment results and corrective action plans, enabling real-time tracking and analysis.
- Governance, Risk, and Compliance (GRC) Integration. Enables integration of HITRUST assessment results into third-party risk management systems, improving analysis and risk mitigation efforts.
By providing continuous, real-time monitoring, HITRUST aims to offer even higher levels of security outcomes and resilience in today’s dynamic cyber environment.
AI Assurance: Program and Security Certification
The HITRUST AI Assurance Program was introduced in the event as a comprehensive approach to managing the security risks associated with AI and machine learning (ML) systems. The program is designed to offer a sustainable and secure framework for AI providers, leveraging HITRUST’s Common Security Framework (CSF) and a shared responsibility model.
During one of the key sessions, the much-anticipated HITRUST AI Security Certification was announced, scheduled to launch in December 2024. This certification is designed for AI providers and will include 44 AI-specific requirements aimed at securing AI systems and protecting against the evolving risks inherent in AI and ML deployments.
The certification will apply to a wide range of AI systems, including:
- Predictive AI
- Generative AI
- Rule-based AI
Additionally, it will address security challenges brought on by popular generative AI development patterns, such as:
- Retrieval Augmented Generation (RAG)
- AI Platform-as-a-Service (PaaS)
- Agents and Plugins
- Embeddings
HITRUST emphasized that the AI Security Certification is not a stand-alone assessment. It must be combined with HITRUST e1, i1, or r2 certifications to account for broader IT security. This ensures AI-specific risks are addressed alongside traditional cybersecurity threats, considering the technology layers that support AI.
The certification focuses on key AI security risks while also addressing broader concerns like ethics, privacy, and safety, ensuring a balance between Trustworthy and Responsible AI and system security.
HITRUST TRPM and ServiceNow Integration
During HITRUST Collaborate 2024, a major announcement was the integration of HITRUST’s Third-Party Risk Management (TPRM) framework with ServiceNow. This integration aims to overcome long-standing challenges in third-party risk management by offering a more practical and effective solution that automates workflows and improves security risk management across vendor populations.
By operationalizing HITRUST’s assurance portfolio within ServiceNow’s platform, this collaboration simplifies the entire risk management lifecycle. From vendor onboarding to results analysis, this will help organizations enhance security without increasing costs or complexity.
HITRUST laid out the following benefits of the integration:
- Comprehensive Framework with Threat-Adaptive Controls. HITRUST’s continuously updated framework eliminates the need for custom questionnaires, ensuring controls stay relevant against evolving cyber threats.
- Multiple Assessment Options. Organizations can choose from a range of assessment levels (low, medium, high assurance) based on the inherent risk of their third-party suppliers, now including AI risk assessments.
- Streamlined Results Delivery. Validated assessment results are delivered directly into the TPRM solution, allowing for faster risk analysis and real-time tracking of status and remediation activities.
- End-to-End Security Risk Management. The integration manages the entire vendor risk lifecycle—from initial evaluation to continuous assessment—with detailed reports, corrective action plans, and population risk analysis at the control level.
- Staff Augmentation Services. Optional services are available to support vendor engagement, outreach, and education, enhancing internal governance efforts.
This launch is set to be bigger in the future. HITRUST has plans to expand this integration beyond ServiceNow, offering even more platforms for organizations to leverage its comprehensive TPRM methodology.
By the end of 2024, the HITRUST-ServiceNow integration will be available in the ServiceNow Store, offering a seamless, efficient way to manage third-party risks in a single pane of glass.
HITRUST is also accepting applications for a private preview of the integration, giving organizations an early opportunity to experience these new capabilities.
Drive Cybersecurity Forward with I.S. Partners and HITRUST
As a Platinum Sponsor of HITRUST Collaborate 2024, I.S. Partners was proud to contribute to the discussions surrounding cybersecurity, AI governance, and third-party risk management. Our involvement showcased our dedication to helping organizations not only navigate these challenges but also achieve hassle-free audits through streamlined security and compliance strategies.
We would like to extend our deepest gratitude to everyone who engaged with us throughout the event. Your insights and collaboration enriched the experience, and we appreciate the opportunity to connect with so many forward-thinking professionals.
The event’s focus on continuous assurance, AI risk management, and evolving compliance challenges aligns perfectly with I.S. Partners’ mission—to deliver stress-free audits by staying ahead of industry changes and providing comprehensive support to our clients.
For those interested in learning more about HITRUST’s new programs, including the AI Assurance Program and the latest in third-party risk management, our team is here to help.
Contact us to see how I.S. Partners can support your journey toward stronger cybersecurity and hassle-free audits.
Thank you again for making HITRUST Collaborate 2024 a success.
We look forward to staying connected and working together to secure the future of cybersecurity.