Can I use the HITRUST certification to replace my SOC 1 or SOC 2 report?

October 26, 2015

Currently, HITRUST is not a replacement for SOC 1 or SOC 2 examinations. HITRUST and the AICPA have recently released a mapping document that identifies the CSF controls that are mapped to SOC 2 Trust Services Principles for Security, Availability, Processing Integrity, and Confidentiality.

Privacy requirements are expected to be mapped sometime in 2016 after AICPA releases its new revision to the Trust Services Principles. According to HITRUST, the AICPA and HITRUST are working on a combined HITRUST CSF – AICPA SOC 2 reporting structure to support dual assessment and reporting. More information can be obtained from www.aicpa.org. A spreadsheet with the detailed SOC 2 to CSF mappings can also be found on the AICPA Website.

Previous Article
What is PII and how do I protect it?
What is PII and how do I protect it?

  There are many definitions of Personally Identifiable Information (PII), but it is broadly considered as ...

Next Article
ISO 27001  - A Deep Dive on the Internal Audit Requirement – Clause 9.2
ISO 27001 - A Deep Dive on the Internal Audit Requirement – Clause 9.2

One of the core functions of an information security management system (ISMS) is a periodic and independent...