Our HITRUST® Certification Services

The I.S. Partners firm is authorized by the HITRUST Alliance and we have a team of certified HITRUST assessors.

Approaching HITRUST can seem like a big challenge. But we make the process easy, providing expert guidance through preparation, assessments, and certification. Just like our motto says, we provide guidance and “audits without anxiety.”

With 15 years of experience working with organizations in various industries and risk-based frameworks, our HITRUST-certified practitioners are ready to help you.

hitrust asessments certification

Engage Your Visitors!

Click here to change this text. Lorem ipsum dolor sit amet, consectetur adipiscing elit. Ut elit tellus, luctus nec ullamcorper mattis pulvinar dapibus.

Get Started



HITRUST Certification Leads the Way in Data Security

The HITRUST Alliance is an independent non-profit company that acts as a certification body for organizations handling sensitive data. HITRUST introduced the Common Security Framework (CSF) that standardizes standardize Health Insurance Portability and Accountability Act (HIPAA) compliance and coordinate it with other national and international data security frameworks and state regulations.

The HITRUST, developed in collaboration with healthcare and security experts, is a certifiable, information security framework that provides organizations with an actionable roadmap tailored to the healthcare industry’s unique needs. This has become the most widely adopted security framework in the U.S. healthcare industry and has become the de facto standard for healthcare compliance.

The HITRUST combines regulatory requirements and recognized frameworks from ISO, NIST, HIPAA/HITECH, PCI DSS and COBIT into one comprehensive guideline. Because of this, it is now being adopted to streamline security compliance in other industries, including financial services, retail, education, government, and transportation.


Why Pursue HITRUST Certification?

By providing a full range of valuable resources, the HITRUST Approach is a comprehensive information risk management and compliance program. It helps organizations continually improve security procedures and policies as they grow and evolve.

An organization that creates, accesses, stores, or exchanges Protected Health Information (PHI) can use its HITRUST certification to demonstrate that they meet the high standards of security prescribed within the HITRUST framework.

It incorporates all major information security-related requirements and best practices, and provides scalable cybersecurity measures based on different risks and exposures. For this reason, HITRUST certification is valuable for enhancing the credibility of an organization, but also for reducing the time and expense related to verifying compliance with multiple regulatory standards. Additionally, many companies now accept a HITRUST certification as evidence of compliance, thus relieving them of the obligation to audit their vendors.

Need to further your understanding on HITRUST? Utilize our HITRUST Assessment Glossary before getting started!

HITRUST Approach 01 1


Free HITRUST Audit Software for Our Clients

Fieldguide automated HITRUST audit software is free to use for all I.S. Partners clients. Start working with us and getting faster, less expensive compliance engagements.


Steps to HITRUST Assessment & Certification

I.S. Partners, LLC performs HITRUST readiness, certification, and remediation services for organizations and their business associates. This assesses compliance with industry security requirements and standards and develops solutions that help organizations align with the HITRUST security framework. If your company requires both a HITRUST certification and a SOC 2 report, I.S. Partners can leverage the efficiencies between both sets of requirements, thus lowering the time and expense of effective risk management.

I.S. Partners, LLC performs HITRUST readiness, certification, and remediation services for organizations and their business associates. This assesses compliance with industry security requirements and standards and develops solutions that help organizations align with the HITRUST security framework. If your company requires both a HITRUST certification and a SOC 2 report, I.S. Partners can leverage the efficiencies between both sets of requirements, thus lowering the time and expense of effective risk management.

How to Get HITRUST Certified

We understand that achieving HITRUST certification can seem overwhelming. We suggest starting this new endeavor by speaking to HITRUST assessment specialists to understand better the benefits and process of becoming HITRUST certified. Below are the recommended first steps towards certification.

In preparation, your organization must first put together the project management structure and identify the key roles involved. Then, your team can define the scope, goals and timeline, collect the required documentation, and run system tests. Consulting with a certified HITRUST certified practitioner helps set up the entire process for success.

Time to complete: Up to 2 months

  • Identify the key stakeholders
  • Define the scope
  • Select an authorized external assessor organization

During the Readiness phase, reliable HITRUST certified practicioners, like those at I.S. Partners, will test security controls and compare the existing policies and procedures to HITRUST requirements and controls.

Time to complete: Up to 6 months


  • Gap analysis
  • Develop a remediation plan
  • Set a time for the Validated Assessment

This phase gives the organization critical information and time to address any gaps identified during the readiness phase. Assessors analyze the organization’s controls, identify gaps, and develop solutions for remediation. This helps ensure certification success.

Time to complete: Up to 3 months


  • Complete the Validated Assessment using the MyCSF tool
  • The assessor validates and audits the assessment

At this point, assessors test control requirements, perform an on-site risk assessment, as well as penetration testing and vulnerability scans. Finally, a score is calculated for each control within the validated assessment scope.

Time to complete: 1 – 2 months


  • HITRUST will perform the required quality assurance procedures
  • HITRUST will create a report and score the validated assessment
  • HITRUST will issue a Letter of Certification

When the validated assessment is complete, the assessment is sent to HITRUST for their quality assurance review and generation of the final report.

Achieving HITRUST CSF Certification is important because it builds credibility and visibility for an organization. It is clear proof of the effectiveness of its security protocols for consumers and other business entities. Additionally, HITRUST CSF certification streamlines the compliance process, decreasing the time and expense needed to verify compliance with numerous sets of regulations.

Speak to a HITRUST Specialist today!


Which HITRUST Assessment Is Right for You?

Features HITRUST Essentials 1-Year
(e1) Validated Assessment (New)
HITRUST Implemented
1-Year (i1) Validated Assessment (New)
HITRUST Risk-Based,2-Year (r2) Validated Assessment
(Formerly: HITRUST CSF Validated Assessment)
Validated Assessment +Certification Checkbox Icon Checkbox Icon Checkbox Icon + Risk-Based Certification
Purpose (Use Case)
Focus on good security hygiene controls in virtually any size organization with a simple approach to evaluation, which is suitable for rapid and/or low assurance requirements Checkbox Icon
Focus on security best practices in medium-sized and larger organizations with a more rigorous approach to evaluation, which is suitable for moderate assurance requirements Checkbox Icon
Focus on a comprehensive risk-based specification of controls suitable for most organizations with a very rigorous approach to evaluation, which is suitable for high assurance requirements Checkbox Icon
Number of Control Requirement Statements
Lean set of 44 controls Checkbox Icon
Approximately 200 Static Checkbox Icon
2000+ based on tailoring; (360 average in scope of assessments) Checkbox Icon
Flexibility of Control Selection
Tailoring Checkbox Icon
Targeted Coverage
NISTIR 7621: Small Business Information Security Fundamentals Checkbox Icon
NIST SP 800-171, HIPAA Security Rule Checkbox Icon
NIST SP 800-53, HIPAA, FedRAMP, NIST CSF, AICPA TSC, PCI DSS, GDPR, and 37 others Checkbox Icon
Level of Assurance
Low Checkbox Icon
High Checkbox Icon
Moderate Checkbox Icon
Level of Effort Required
Low Checkbox Icon
High Checkbox Icon
Moderate Checkbox Icon
Certification Valid for:
1 Year 1 Year 2 Years


HITRUST Certification Program

  • Establishment of the HITRUST common risk and compliance management framework.
  • Development of an assessment and assurance methodology.
  • Educational and career development.
  • Advocacy and awareness.
  • A federally recognized Information Sharing and Analysis Organization (ISAO) and other supporting programs and initiatives.

HITRUST Risk Management Framework & Third-Party Assurance

The HITRUST Third-Party Assurance Program supports the relationship between covered entities and their business associates. It facilitates risk management by providing a consolidated information security framework and guide to industry best practices. With a single assessment process, third-party business associates can verify compliance across multiple regulatory standards, saving both time and effort.

HITRUST RightStart Program for Startups

The HITRUST RightStart Program now provides clear guidance for new companies and startups seeking certification. This program was designed specifically to help new organizations to navigate the certification process, and implement effective risk management strategies, security measures, and information privacy policies. It is a comprehensive and efficient way to verify compliance while earning the trust of industry partners and new customers.


Authorized HITRUST Assessors Guiding You to Success

What makes I.S. Partners, LLC different from other firms is our systematic risk methodology combined with our use of the latest technology and specialized experience. Our activities are supported by a strong background in healthcare and insurance and our team includes healthcare security professionals. 

These factors provide a clear competitive advantage in understanding compliance requirements and ensuring an effective and efficient healthcare audit. I.S. Partners, LLC. can assist you from the very beginning.

Get a Quote Book a Free Consultation


Common Questions

Get started

Get a Customized Quote

Please fill out the form to schedule a free, 30-minute consultation. This consultation will allow us to create a customized plan and an accurate quote just for you.

Great companies think alike.

Join hundreds of other companies that trust I.S. Partners for their compliance, attestation and security needs.

Get Started

Schedule a Demo

Scroll to Top