HITRUST Assessment Services

Secure Patient Information with A Kratos HITRUST Assessment

Contact Us Download Data Sheet

Kratos provides assessment services according to the HITRUST Framework for different levels of need

HITRUST Essentials, 1-Year (e1) Assessment Essentials

This addresses basic cybersecurity hygiene practices. The HITRUST Alliance suggests some use cases:

  • To show justification for more favorable cyber insurance premiums.
  • For small organizations or start-ups to differentiate themselves in the marketplace.
  • To evaluate or onboard third-party business partners and service providers or to get meaningful assurance reports for Merger/Acquisition partners, new business units, or recently deployed technology platforms.

HITRUST Implemented, 1-year (i1) Assessment Leading Practices

This assessment verifies an organization's implementation of Leading Security Practices using specific controls. Additional use cases suggested by HITRUST are:

  • To demonstrate broad protection against current and emerging threats, which can help meet contractual and compliance obligations.
  • For Third-Party Risk Management more detailed than revealed in an e1 assessment.

HITRUST Risk-based, 2-year (r2) Assessment Expanded Practices

This assessment provides the most comprehensive review and sets the highest standard for ensuring information protection. Customers leverage r2 Assessments:

  • When assurances are needed by specific authorities or international requirements; when a customer has adopted HITRUST as required for doing business.
  • For organizations or third parties processing large amounts of sensitive data and personal information that requires the highest levels of assurance.

Why Kratos for HITRUST? Benefits of a Kratos Assessment

All HITRUST External Assessor Organizations must conduct assessments in strict accordance with the HITRUST CSF® Framework. So why choose Kratos?

Kratos has expertise assessing precisely how technology solutions are applied in wide contexts:

  • A common observation is that the HIPAA regulations spell out the requirements for data protection and privacy but do not specify any technological solutions for meeting the requirements. At the same time, the law itself is sometimes modified, business processes change (such as outsourcing), and certainly technologies change. The “how” solution of five (5) years ago or even less is not guaranteed indefinitely. There is rarely a one-size-fits-all technology, and in the digital age there is never a “one-and-done”. Our assessors and subject matter experts have the knowledge, years of experience, and dealt with customer use cases to understand and provide realistic, actionable, and customized solutions for each customer.
  • HITRUST is part of Kratos’ comprehensive security compliance services portfolio, which includes advisory services, assessments, and ongoing re-assessments for the Federal Risk and Authorization Management Program (FedRAMP), Cybersecurity Maturity Model Certification (CMMC), Department of Defense (DoD) Cloud Computing (CC) Security Requirement Guide (SRG), National Institutes of Science and Technology (NIST) Risk Management Framework (RMF), Federal Information Security Modernization Act (FISMA), and Infrastructure Asset Pre-Assessment Program (IA-PRE). Leveraging our experience and work concurrently conducted on other audits decreases audit fatigue, avoids duplication of efforts and evidentiary paperwork, and engages customer resources effectively.

Ready to Learn More?

Reach out to a Kratos expert for Advice & Support
Contact Us

Work with a Leader and Make a Difference

Find Opportunities