HITRUST CSF
The HITRUST Common Security Framework — certification widely used to satisfy HIPAA, NIST, and ISO 27001 in healthcare.
Any organisation pursuing HITRUST certification; widely used in US healthcare and increasingly multi-sector.
Continuous evidence pipeline available; audit support included for all customers.
What HITRUST actually requires.
These are the obligations a regulated entity owes — the things an assessor or supervisor will ask about.
HITRUST e1, i1, or r2 assessment scope.
Authorised HITRUST External Assessor.
Annual certification cycle for r2.
Pre-mapped controls. Continuous evidence.
Each requirement above is bound to live telemetry — not screenshots. The mapping below is what your auditor or regulator sees.
HITRUST control crosswalk with continuous evidence.
MyCSF-ready evidence packaging.
Artifacts your auditor accepts.
Each evidence artifact is signed and timestamped. Auditors can verify integrity without trusting Safeguard.
HITRUST r2 evidence pack.
MyCSF readiness inputs.
One evidence base. Many regulators.
These frameworks share substantial control overlap with HITRUST. Customers running one assessment typically satisfy the others with the same evidence base.
HIPAA / HITECH
North America
Privacy, security, and breach notification rules for Protected Health Information (PHI) in the United States.
ISO/IEC 27001:2022
Cross-jurisdictional
The global Information Security Management System standard, updated in 2022 with 93 Annex A controls in four themes.
SOC 2 Type II
North America
The Trust Services Criteria attestation that has become the de-facto B2B SaaS security baseline globally.
Ready for HITRUST?
Bring the framework. We'll walk the controls with you — section by section, evidence packet by evidence packet, with the regulators you actually have to answer to.