HITRUS is, a certifiable framework that provides organizations with a comprehensive, flexible, and efficient approach to regulatory compliance and risk management.

Developed in collaboration with data protection professionals, the HITRUST rationalizes relevant regulations and standards into a single overarching security and privacy framework. Because the HITRUST provides a risk-based approach to information protection and compliance, organizations of varying risk profiles can customize the security and privacy control baselines through a variety of organizational, technical, and compliance risk factors.

The HITRUST provides the structure, transparency, guidance, and cross-references to authoritative sources organizations globally need to be certain of their data protection compliance. The initial development of the HITRUST leveraged nationally and internationally accepted security and privacy-related regulations, standards, and frameworks–including ISO, NIST, PCI, HIPAA, and COBIT–to ensure a comprehensive set of security and privacy controls, and continually incorporates additional authoritative sources. HITRUST standardizes these requirements, providing clarity and consistency, and reducing the burden of compliance.

HITRUST understands data protection compliance and the challenges of assembling and maintaining the many and varied programs, and ensures the components are aligned, maintained, and comprehensive in order to support your organization’s information security management program. Due to this, HITRUST has become a widely adopted security and privacy framework across industries globally.