HITRUST® Continues to See Expansion of HITRUST CSF® Assessments as De Facto Approach for Third Party Risk Management

Editorial & Advertiser Disclosure Global Banking And Finance Review is an independent publisher which offers News, information, Analysis, Opinion, Press Releases, Reviews, Research reports covering various economies, industries, products, services and companies. The content available on globalbankingandfinance.com is sourced by a mixture of different methods which is not limited to content produced and supplied by various staff writers, journalists, freelancers, individuals, organizations, companies, PR agencies Sponsored Posts etc. The information available on this website is purely for educational and informational purposes only. We cannot guarantee the accuracy or applicability of any of the information provided at globalbankingandfinance.com with respect to your individual or personal circumstances. Please seek professional advice from a qualified professional before making any financial decisions. Globalbankingandfinance.com also links to various third party websites and we cannot guarantee the accuracy or applicability of the information provided by third party websites. Links from various articles on our site to third party websites are a mixture of non-sponsored links and sponsored links. Only a very small fraction of the links which point to external websites are affiliate links. Some of the links which you may click on our website may link to various products and services from our partners who may compensate us if you buy a service or product or fill a form or install an app. This will not incur additional cost to you. A very few articles on our website are sponsored posts or paid advertorials. These are marked as sponsored posts at the bottom of each post. For avoidance of any doubts and to make it easier for you to differentiate sponsored or non-sponsored articles or links, you may consider all articles on our site or all links to external websites as sponsored . Please note that some of the services or products which we talk about carry a high level of risk and may not be suitable for everyone. These may be complex services or products and we request the readers to consider this purely from an educational standpoint. The information provided on this website is general in nature. Global Banking & Finance Review expressly disclaims any liability without any limitation which may arise directly or indirectly from the use of such information.

HITRUST, a leading data protection standards development and certification organization, today announced continued adoption of its HITRUST CSF Assurance Program, and specifically the HITRUST CSF Assessment Report, as the most effective means of communicating an organizations information privacy and security controls with their business partners and regulators.

Sabre Corporation, a leading technology provider to the global travel industry, is the latest organization to require its vendors to provide a HITRUST CSF Assessment as a means of demonstrating the effectiveness of their information privacy and security controls. Sabre sought an approach that would provide a comprehensive and consistent privacy and security assessment without requiring their vendors globally to undergo a proprietary Sabre assessment.

We are committed to safeguarding our customers sensitive information, and our vendors play a key role in the process, said Roy Mellinger, Senior Vice President and CISO, Sabre Corporation. By leveraging HITRUST CSF Assessment Reports, Sabre can get the consistency and assurance it requires while leveraging a common and widely adopted assessment approach.

Customers and their vendors across industries and geographies are recognizing the benefits of the HITRUST CSF Assessment Report as the most efficient and effective way to communicate information risk, said Michael Parisi, Vice President, Assurance Strategy and Community Development, HITRUST. The HITRUST CSF Assessment Report addresses issues of transparency, integrity and consistency not found in other commonly used assessment and assurance approaches.

Organizations can have from a handful to hundreds of thousands of different vendors, with those vendors services varying in the sensitivity and volume of information they have access to. Assessing the information privacy and security posture of vendors in a manner that is valuable for both the customer and vendor is crucial in ensuring both the integrity and efficiency in the ecosystem “ and is increasingly required for demonstrating compliance with regulations such as the EUs General Data Protection Regulation (GDPR). The HITRUST CSF Assurance Programs design and reliability is key to streamlining the assessment process and enables vendors to reduce the number and associated costs of information privacy and security assessments and assurance reporting.

Highmark has required our third parties to be HITRUST CSF Certified for the past three years. By adopting a comprehensive and risk-based, yet transparent and consistent approach, we have simplified the process of ensuring our third parties adequately protect our information. Without this approach, our third-party risk program would not have been able to scale as effectively, said Omar Khawaja, Vice President and Chief Information Security Officer, Highmark Health.

Our adoption, and subsequent pursuit, of HITRUST CSF Certification is delivering on the promise of reduced assessments and associated costs, as more and more organizations across industries accept our HITRUST CSF Certification Report as evidence of the effectiveness of our information security program, said Rick A. Gilmore, Corporate Security, Cognizant.

The HITRUST CSF Assurance Program helps organizations understand and report their effectiveness against many standards, regulations and leading practice frameworks. With just one assessment, organizations can understand and report their information privacy and security program against the HIPAA Security and Privacy Rules, NIST Cybersecurity Framework, GDPR, International Organization for Standardization (ISO) 27001, Payment Card Industry (PCI) and the American Institute of Certified Public Accountants (AICPA) Trust Services Criteria and can even obtain a Service Organization Control (SOC) 2 report. The HITRUST CSF Assurance Program is part of HITRUSTs integrated risk management and compliance programs and services called The HITRUST Approach.


Founded in 2007, HITRUST Alliance is a not-for-profit organization whose mission is to champion programs that safeguard sensitive information and manage information risk for organizations across all industries and throughout the third-party supply chain. In collaboration with privacy, information security and risk management leaders from both the public and private sectors, HITRUST develops, maintains and provides broad access to its widely adopted common risk and compliance management and de-identification frameworks; related assessment and assurance methodologies; and initiatives advancing cyber sharing, analysis and resilience.

HITRUST actively participates in many efforts in government advocacy, community building, and cybersecurity education. For more information, visit www.hitrustalliance.net.

Kevin Lightfoot
[email protected]