HiTrust Common Security Framework


The HITRUST Common Security Framework (CSF) was created as a hybrid of ISO, NIST, HIPAA, PCI and other existing frameworks. HITRUST is a risk-based framework being adopted globally for data security and privacy requirements. HITRUST provides assessment and risk tools to support the implementation and management of its framework.

For many of our clients, using ISO 27001 (along with ISO 27701) and integrating the relevant key components for other frameworks such as HIPAA, GDPR and newly-adopted state privacy laws has been sufficient risk mitigation for protecting personal information. Other clients, especially those with contractual requirements, need a specific certification to support the security requirements for handling protected health information. HITRUST has established the HITRUST CSF – a certifiable framework used by organizations that create, access, store or exchange personal health and financial information. Radian has a strategic partnership with an authorized CSF assessment organization that will perform the required assessment against HITRUST. Multiple models of HITRUST CSF support both large and small businesses. There are additional supporting services available. Contact us for details.

Core HITRUST CSF Services Supported

  • PRE-ASSESSMENT. Our team will review the current status of your IT and data security against the HITRUST requirements at a basic level. This review can provide insight into the level of effort needed prior to a Validated Assessment.
  • FACILITATED SELF-ASSESSMENT. This official self-assessment is formal step to identify the organization’s readiness for the Validated Assessment. This event provides the organization a stronger understanding of the current state of security and privacy controls. The review of the work is completed by HITRUST and an overall report is issued. If gaps are found, corrections should be made prior to the full Validated Assessment.
  • VALIDATED ASSESSMENT. This report is provided by our certified HITRUST assessors.  The event follows the process defined by HITRUST. This assessment takes a closer examination in assessing your IT systems, firewalls, data protection and much more – with the end goal of a HITRUST CSF Certification. In some cases, the Validated Assessment results in a Corrective Action Plan (CAP) that identifies actions needed to achieve certification and a timetable for implementation.

Improve Data Security and Privacy Today