Quality is Job One When it Comes to the HITRUST CSF Assurance Program

Zach Shales, Principal, Healthcare Certification, Coalfire

The HITRUST CSF® remains an essential security and privacy controls framework that addresses the multitude of security, privacy, and regulatory challenges facing both public and private sector organizations. As framework adoption increases across all industries, maintaining integrity is crucial, and continuous improvement should always be top of mind with any endeavor. This was HITRUST’s clear intent when they announced the formation of an Assessor Council back in 2016 and a Quality Subcommittee in 2017.

As one of the first organizations to join the HITRUST Assessor Program in 2011, we’ve seen massive growth in the number of Assessor firms to more than 90 today. Add in the brand-new Internal Assessor Program and it becomes even more necessary to ensure quality and consistency.

In 2020, HITRUST updated the name of Assessor firms to HITRUST Authorized External Assessors to differentiate with Internal Assessors. External Assessors are organizations that must be approved by HITRUST for performing assessment and services associated with the HITRUST CSF Assurance Program and the HITRUST CSF. They're critical to HITRUST’s efforts to provide trained resources to organizations of varying size and complexity to assess compliance with security control requirements, and document corrective action plans that align with the HITRUST CSF.

With such a rigorous and complex validation process, we’ve prioritized quality over the years since it is so integral to certification success. We understand the need to balance quality with cost, and consider this expertise key to our input with the Assessor Council. Playing an active role in setting standards for regulations and frameworks designed to achieve data protection goals is of utmost importance for our team, and the benefits translate directly to our clients.

As a trusted resource, we're able to advise on issues around the uniformity and discipline needed for assessment execution, which in turn helps our clients prepare for, validate, and optimize their HITRUST programs. Organizations that have adopted the framework understand that it's vital for HITRUST to maintain a process for ensuring quality and compliance with the HITRUST CSF Assurance Program. We value the chance to invest our time and expertise in this initiative, and to reinforce and strengthen the HITRUST CSF Assurance Program.

Zach Shales


Zach Shales — Principal, Healthcare Certification, Coalfire

Recent Posts

Post Topics



Accounting Agency AICPA Assessment assessments ASV audit AWS AWS Certified Cloud Practitioner AWS Certs AWS Summit bitcoin Black Hat Black Hat 2017 blockchain Blueborne Breach BSides BSidesLV Burp BYOD California Consumer Privacy Act careers CCPA Chertoff CISO cloud CMMC CoalfireOne Compliance Covid-19 credit cards C-Store Culture Cyber cyber attacks Cyber Engineering cyber incident Cyber Risk cyber threats cyberchrime cyberinsurance cybersecurity danger Dangers Data DDoS DevOps DevSecOps DFARS DFARS 7012 diacap diarmf Digital Forensics DoD DRG DSS e-banking Education encryption engineering ePHI Equifax Europe EU-US Privacy Shield federal FedRAMP financial services FISMA Foglight forensics Gartner Report GDPR Google Cloud NEXT '18 government GRC hack hacker hacking Halloween Health Healthcare heartbleed Higher Education HIMSS HIPAA HITECH HITRUST HITRUST CSF Horror Incident Response interview IoT ISO IT JAB JSON keylogging Kubernetes Vulnerability labs LAN law firms leadership legal legislation merchant mobile NESA News NH-ISAC NIST NIST 800-171 NIST SP 800-171 NotPetya NRF NYCCR O365 OCR of P2PE PA DSS PA-DSS password passwords Payments PCI PCI DSS penetration Penetration Testing pentesting Petya/NotPetya PHI Phishing Phising policy POODLE PowerShell Presidential Executive Order Privacy program Ransomware Retail Risk RSA RSA 2019 Safe Harbor Scanning Scans scary security security. SOC SOC 2 social social engineering Spectre Splunk Spooky Spraying Attack SSAE State Stories Story test Testing theft Virtualization Visa vulnerability Vulnerability management web Wifi women XSS