What it is: A mapping between the HITRUST CSF requirements and AICPA's Trust Services Categories and Criteria has been developed and made available to enable service organizations to provide information to users of their system about whether controls relevant to security, availability and confidentiality are suitably designed and operating effectively to meet the applicable trust services criteria (TSC) and HITRUST CSF requirements. This enables the service organization to communicate information about the processes and procedures it uses to meet the HITRUST CSF, in addition to the applicable TSC. This increases transparency and provides information for decision making.
What it is: This reporting option is used when a service organization wants to obtain both a SOC 2 + HITRUST CSF report in addition to a HITRUST CSF certification.
Attribute | SOC 2 | HITRUST Certification | SOC 2 + HITRUST | SOC 2 + HITRUST CSF + CSF Certfication |
---|---|---|---|---|
Framework | AICPA TSC | Tes | A/C/P TSC and HITRUST CFS+ Certification | This reporting option is used when a service organization wants to obtain both a SOC 2 + HITRUST CSF report in addition to a HITRUST CSF certification. Please contact us if you are considering this reporting option. |
Requires HITRUST scoping factors | NO | CSF Assesor | Yes | |
Independent third party examiner | CPA Firm | HITRUST Alliance | CPA Firm with valid licensure | |
Governing body for the report | AICPA | HITRUST Alliance | AICPA | |
Who prepares the report? | CPA FIRM | No | Yes | |
Incorporate SOC 2 Trust Services Criteria (TSC) | Yes | No | Yes | |
Allows Type 1 (point in time) explanation option | Yes | Yes | Yes | |
Requires a risk rating to be established for controls | Yes | No, but CorrectiveAction Plans are issued | Yes | |
Reporting control gaps (exceptions) | Yes (Type 2) | Yes (Type 2) | Yes (Type 2) | |
Allow for Corrective Action Plans | No | No | Yes | |
Requires a full scope examinations each year | Yes | Yes | Yes | |
List of attestation | 1 year | 2 years, plus an interim review within 1 year | 1 year |
[email protected]
p: 412.261.3644
f: 412.261.4876
[email protected]
p: 614.621.4060
f: 614.621.4062
[email protected]
p: 571.380.9003