HITRUST i1
As an annual assessment, the HITRUST i1 Assessment is intended to help organizations meet the evolving threat landscape. This threat-adaptive assessment helps organizations meet their current threats, such as transitioning phishing and ransomware, by constantly updating its requirements to those challenges. While this document should be regarded as more of a necessity than an assessment, the i1 Assessment does make every effort to proactively adjust to current cyber threats, thus enhancing organizational security. The changing control set is not static; it necessitates an annual revaluation of the i1 certification.
What is HITRUST i1?
The HITRUST i1 certification is not as robust as the r2, however, it provides a good level of assurance to the organizations that have established security practices, but do not require an extensive r2 assessment. It fills the certification gap for organizations at lower risk levels and is more economical in terms of time and resources:
- Thorough Assessment: The i1 measures controls in 19 domains with 182 requirements, some of which are also included in NIST SP 800-171 and the HIPAA Security Rule. These controls apply to all organizations of every size and industry, and evaluation is limited to only implementation.
- Threat-Adaptive: HITRUST i1 updates its requirements every three months to accommodate emerging threats like ransomware and phishing attacks. It remains aligned with the cybersecurity standards set by industries.
- Certifiable and Renewable: The i1 is an assessable certification and must be verified by a third-party evaluator. Re-certification must occur once a year as it is valid for one year.
The i1 serves both as a standalone option and as a transitional step for more complex r2 assessments.
01
Integrates Best Security Practices
Backs a holistic program of cybersecurity that adjusts frequently in line with intelligence analysis of threats.
02
Provides Enhanced Assurance
Gives more confidence than other similar assessments of the same time and effort.
03
Eases the Assessment Process
Focuses on assessing the implementation of information security programs.
04
Ability To Have Rapid Recertification
Enables organizations to maintain compliance with annual assessments.
Deciding Which HITRUST Certification is Right For You
To offer some explanation, we have prepared a summary of all the three assessments’ major components. If you have never encountered the term HITRUST, you can treat this step as an overview of your three further available options
ESSENTIALS 1-YEAR
-
An e1 is a baseline certification
-
44 fixed controls
-
Yearly certification
-
Assessment Complexity: Low
-
Small, non-complex environments
IMPLEMENTED 1-YEAR
-
An i1 is the stepping-stone certification
-
182 fixed controls
-
Annual re-certification
-
Assessment Complexity: Moderate
-
Moderate assurance needs
RISK BASED 2-YEARS
-
An r2 is a comprehensive risk-based certification
-
Up to 2,000+ (risk-based selection)
-
2 years (with interim assessment)
-
Assessment Complexity: High
-
Highly regulated industries & complex organizations
Recipients can either scan the code on a phone or tablet to access the form