ControlCase Inc.
Contact Us
  • English

Start your HITRUST® CSF Assessment Preparation today! 

Integrate Your Compliance


BEGIN YOUR HITRUST® COMPLIANCE JOURNEY NOW!

  • This field is for validation purposes and should be left unchanged.

Our team of HITRUST® experts here at ControlCase can help you align your security posture with the HITRUST CSF.  

ControlCase, an approved HITRUST Authorized External Assessor, performs all HITRUST® validated assessments. ControlCase offers readiness assistance to help companies understand and prepare before the audit. ControlCase is also a part of the coveted HITRUST® external Assessor’s council for 2022/23. 

ControlCase uses proven methodologies and solutions to assist in saving you time and money on your journey to HITRUST Certification.

The HITRUST® Common Security Framework (HITRUST CSF®) rationalizes relevant data protection regulations and standards into a single overarching security and privacy framework. HITRUST CSF® is both risk and compliance-based, so organizations of varying profiles can customize the control baselines with various factors in mind, like organization type, size, and overall compliance needs.

HITRUST® is an industry-agnostic framework that allows organizations of any size and industry to adopt the HITRUST® framework and get certified. Organizations that want to prove compliance with data privacy regulations, such as HIPAA, GDPR, and more, may choose to become HITRUST CSF Certified.

Currently, there are 3 different types of HITRUST® assessments that an organization can choose to get certified against:
HITRUST® Essentials e1 Assessment: Valid for 1 year
HITRUST® Implemented i1 Assessment: Valid for 1 year
HITRUST® Risk-Based r2 Assessment: Valid for 2 years

 
 

  • Certification Logos-PCI
  • Certification Logos-FedRAMP
  • CMMC C3PAO Badge
  • Certification Logos-CSA
  • Certification Logos-Hitrust
  • Certification Logos-AICPA
  • Certification Logos-GDPR
  • Certification Logos-Crest
  • Certification Logos-ANAB
  • Certification Logos-ComTia
  • Certification Logos-CSSLP
  • Certification Logos-Cyber AB
  • Certification Logos-Cyber
  • Certification Logos-FFIEC
  • Certification Logos-HiPaa
  • Certification Logos-IAPP
  • Certification Logos-NIS2
  • Certification Logos-NIST
  • Certification Logos-SCA
  • Certification Logos-SIG
  • Certification Logos-SSPA
  • Certification Logos-Swift

 
 

FREQUENTLY ASKED QUESTIONS

1

HITRUST® vs. HIPAA

HITRUST® rationalizes relevant data protection regulations and standards into a single overarching security and privacy framework. HIPAA refers to the US 1996 Act that established national standards to protect sensitive patient health information from being disclosed without the patient’s consent or knowledge.
2

What is a HITRUST® gap analysis?

A HITRUST® gap analysis helps to determine areas of information that need to be updated or expanded to align with the requirements of the HITRUST CSF. 
3

What is the process for an organization to achieve HITRUST® Certification? 

Before starting the Certification process, HITRUST® recommends a self-assessment or readiness assessment be performed to prepare organizations for the validated assessment. To begin the Certification process, please select a HITRUST Assessor, such as ControlCase. Once you select an Assessor, you will need to purchase a validated assessment from HITRUST. ControlCase will help the customer complete the validated assessment using the MyCSF tool and then an independent ControlCase Assessor will perform the validation/audit work. Once the Assessor work is complete, the Assessor will submit it to HITRUST for review. HITRUST will create a report and, depending on the scores in the report, will issue a letter of certification.
© 2026 ControlCase. All rights reserved.
  • English