HITRUST to Increase Assurances and Efficiencies of CSF Assessments

Assurance Intelligence Engine to Render Self-Assessments Obsolete

FRISCO, Texas–(BUSINESS WIRE)–HITRUST®, a leading data protection standards development and certification organization, introduced today the HITRUST Assurance Intelligence (AI) Engine™, which uses a patent-pending approach to analyze assessment documentation for oversights, inconsistencies, and errors throughout the information security and privacy assessment process. The AI Engine adds efficiency to HITRUST’s comprehensive assessment review process by adding a layer of automated checks that complement existing, manual reviews to identify potential issues in assessment reports that might otherwise jeopardize the integrity, accuracy, or consistency of information.

Effective immediately, the HITRUST MyCSF® SaaS information risk management and assessment platform will incorporate the AI Engine to measurably increase assurances delivered through HITRUST CSF® Assessments. Providing real-time feedback to assessed entities and HITRUST Authorized External Assessors allows for more accurate assessment submissions, thereby reducing the time it takes HITRUST’s centralized reporting and oversight function to issue official reports.

As the assurances provided by the AI Engine are significantly greater than a traditional self-assessment, HITRUST will refer to these as HITRUST CSF Verified Assessments going forward, which applies today to the HITRUST CSF Readiness Assessment. Additionally, the AI Engine allows HITRUST to expand its portfolio of assessment offerings in the future to provide organizations with assurance reporting options for any business need.

“With the addition of the AI Engine, we can render self-assessments obsolete and continue to pave the way for providing reliable, efficient assurances,” said Jeremy Huval, Chief Innovation Officer, HITRUST. “I see the AI Engine as having the potential to revolutionize the security and privacy assessment process.”

The HITRUST AI Engine was designed and developed by leveraging HITRUST’s more than 13 years of compliance assessment experience, best-in-class quality assurance methodologies, and data analytics on hundreds of thousands of assessments submitted by organizations of varying sizes, industries, complexities, and locales. The AI Engine’s patent-pending approach was formulated using data science, artificial intelligence, natural language processing, and HITRUST’s deep experience in performing assessment quality reviews.

During an assessment, the AI Engine proactively identifies potential issues by performing a real-time analysis against thousands of data points across the body of documentation for an assessment. Through the MyCSF platform, the AI Engine provides detailed descriptions for potential quality issues, the triggering data point(s), and recommended remedial actions.

“HITRUST’s continued innovation is exciting and something we look forward to engaging with as we submit CSF Assessments on behalf of our clients,” said Jonathan Dreasler, Cybersecurity and Privacy Risk Consulting Manager at RSM US LLP – a provider of audit, tax, and consulting services focused on the middle market, and a HITRUST Authorized External Assessor firm. “I anticipate it will help organizations submit more accurate information and therefore reduce the overall time it takes from the point of assessment submission to HITRUST’s final report issuance.”

“The oversight afforded through HITRUST’s CSF Assurance Program provides numerous quality advantages over other assurance programs and certifying bodies, most notably that HITRUST has distributed the assessment fieldwork while standardizing and centralizing the platform that is leveraged to provide the assurance and compliance aspects in all HITRUST CSF reporting,” said Bimal Sheth, Vice President of HITRUST Assurance Services. “Our continued investment in MyCSF enabled the creation of the AI Engine and further streamlines the HITRUST CSF Assurance Program.”

The HITRUST AI Engine is fully integrated into HITRUST’s assessment quality assurance, oversight, and reporting processes to further strengthen the already best-in-class rely-ability of HITRUST CSF reports—a term used by HITRUST as the ability to rely upon, or trust, the information provided by another. HITRUST currently has multiple patents pending relating to the AI Engine with the United States Patent and Trademark Office.

To learn more, please visit https://hitrustalliance.net/hitrust-assurance-intelligence-engine/.

About HITRUST®

Since it was founded in 2007, HITRUST has championed programs that safeguard sensitive information and manage information risk for organizations across all industries and throughout the third-party supply chain. In collaboration with privacy, information security, and risk management leaders from the public and private sectors, HITRUST develops, maintains, and provides broad access to its widely adopted common risk and compliance management frameworks as well as related assessment and assurance methodologies. For more information, visit www.hitrustalliance.net.

Contacts

Mike Canale: mike.canale@hitrustalliance.net | (469) 269-1193