ControlCase Inc.
Contact Us
  • English

Start your HITRUST® CSF Assessment Preparation today! 

Integrate Your Compliance


BEGIN YOUR HITRUST® COMPLIANCE JOURNEY NOW!

  • This field is for validation purposes and should be left unchanged.

Our team of HITRUST® experts here at ControlCase can help you align your security posture with the HITRUST CSF.  

ControlCase, an approved HITRUST Authorized External Assessor, performs all HITRUST® validated assessments. ControlCase offers readiness assistance to help companies understand and prepare before the audit. ControlCase is also a part of the coveted HITRUST® external Assessor’s council for 2022/23. 

ControlCase uses proven methodologies and solutions to assist in saving you time and money on your journey to HITRUST Certification.

The HITRUST® Common Security Framework (HITRUST CSF®) rationalizes relevant data protection regulations and standards into a single overarching security and privacy framework. HITRUST CSF® is both risk and compliance-based, so organizations of varying profiles can customize the control baselines with various factors in mind, like organization type, size, and overall compliance needs.

HITRUST® is an industry-agnostic framework that allows organizations of any size and industry to adopt the HITRUST® framework and get certified. Organizations that want to prove compliance with data privacy regulations, such as HIPAA, GDPR, and more, may choose to become HITRUST CSF Certified.

Currently, there are 3 different types of HITRUST® assessments that an organization can choose to get certified against:
HITRUST® Essentials e1 Assessment: Valid for 1 year
HITRUST® Implemented i1 Assessment: Valid for 1 year
HITRUST® Risk-Based r2 Assessment: Valid for 2 years

 
 

  • Certification Logos-PCI
  • Certification Logos-FedRAMP
  • CMMC C3PAO Badge
  • Certification Logos-CSA
  • Certification Logos-Hitrust
  • Certification Logos-AICPA
  • Certification Logos-GDPR
  • Certification Logos-Crest
  • Certification Logos-ANAB
  • Certification Logos-ComTia
  • Certification Logos-CSSLP
  • Certification Logos-Cyber AB
  • Certification Logos-Cyber
  • Certification Logos-FFIEC
  • Certification Logos-HiPaa
  • Certification Logos-IAPP
  • Certification Logos-NIS2
  • Certification Logos-NIST
  • Certification Logos-SCA
  • Certification Logos-SIG
  • Certification Logos-SSPA
  • Certification Logos-Swift

 
 

FREQUENTLY ASKED QUESTIONS

1

HITRUST® vs. HIPAA

HITRUST® rationalizes relevant data protection regulations and standards into a single overarching security and privacy framework. HIPAA refers to the US 1996 Act that established national standards to protect sensitive patient health information from being disclosed without the patient’s consent or knowledge.
2

What is a HITRUST® gap analysis?

A HITRUST® gap analysis helps to determine areas of information that need to be updated or expanded to align with the requirements of the HITRUST CSF. 
3

What is the process for an organization to achieve HITRUST® Certification? 

Before starting the Certification process, HITRUST® recommends a self-assessment or readiness assessment be performed to prepare organizations for the validated assessment. To begin the Certification process, please select a HITRUST Assessor, such as ControlCase. Once you select an Assessor, you will need to purchase a validated assessment from HITRUST. ControlCase will help the customer complete the validated assessment using the MyCSF tool and then an independent ControlCase Assessor will perform the validation/audit work. Once the Assessor work is complete, the Assessor will submit it to HITRUST for review. HITRUST will create a report and, depending on the scores in the report, will issue a letter of certification.
© 2025 ControlCase. All rights reserved.
  • English
Manage your privacy

We use cookies to enhance your experience and show relevant ads. Consent allows us to process data like browsing behavior. Without consent, some features may not work. If you log in, all cookies are accepted by default. Learn more in our Privacy Policy & Cookies Policy.

Strictly Necessary Cookies Always active
The technical storage or access is strictly necessary for the legitimate purpose of enabling the use of a specific service explicitly requested by the subscriber or user, or for the sole purpose of carrying out the transmission of a communication over an electronic communications network.
Functional Cookies
The technical storage or access is necessary for the legitimate purpose of storing preferences that are not requested by the subscriber or user.
Statistics Cookies
The technical storage or access that is used exclusively for statistical purposes. The technical storage or access that is used exclusively for anonymous statistical purposes. Without a subpoena, voluntary compliance on the part of your Internet Service Provider, or additional records from a third party, information stored or retrieved for this purpose alone cannot usually be used to identify you.
Marketing Cookies
The technical storage or access is required to create user profiles to send advertising, or to track the user on a website or across several websites for similar marketing purposes.
Manage options Manage services Manage {vendor_count} vendors Read more about these purposes
Manage options
{title} {title} {title}