Get started on your path towards HITRUST compliance


HITRUST Assessment

HITRUST Assessment

Identify gaps in your security and compliance using a HITRUST assessment.

Completing a HITRUST Assessment demonstrates your commitment to take data security seriously to your customers. By partnering with SecurityMetrics, you can find gaps in your security and compliance while saving time and resources.

Increase Customer Trust

A HITRUST Certification helps you adopt globally accepted compliance mandates to protect sensitive data. A HITRUST Certification gives your organization a strong data security foundation by helping you remediate vulnerabilities before they are exploited. Customers can have increased confidence in your commitment to keeping their data secure.

Alt Text

Discover Gaps in Your Compliance

Navigating a HITRUST CSF Assessment can be daunting. We help you identify gaps in your compliance while also giving you the remediation advice you need. Using years of assessment experience in PCI, HIPAA, penetration testing, and forensic investigations, SecurityMetrics helps you prioritize and address your vulnerabilities.

Alt Text

Enjoy a Straightforward Process and Meet Your Deadlines

SecurityMetrics make the HITRUST process simple by breaking steps into actionable pieces, so you won’t feel overwhelmed. An assigned project coordinator works with you and SecurityMetrics assessors, keeping everyone involved organized and on track. The HITRUST process can be complex, SecurityMetrics is committed to helping you reach your important deadlines.

Alt Text

HITRUST Timeline Steps

SecurityMetrics works with you step-by-step during your assessment. Understanding the basic steps of a HITRUST CSF Assessment can help you anticipate a time-frame and work-load for your organization.

Understand Your Data

Define your scope, including documenting where data enters, exits, and rests in your environment.

Determine Controls

HITRUST determines controls that need to be validated based on information in your MyCSF Portal. Note: Controls must be in place for at least 90 days before HITRUST Assessment.

Get Expert Advice

SecurityMetrics offers consulting to help you evaluate where your controls stand with regards to the HITRUST scoring rubric.

Validation and Submission

SecurityMetrics assesses if controls are in place and gives you a score. Submit the assessment for verification.

Continued Compliance

HITRUST requires that an assessment be performed once every two years (with an interim assessment at the one year mark).

Purchase MyCSF Portal

Purchase the MyCSF Portal from HITRUST and create an account.

Coordinate Onsite Assessment

Work with SecurityMetrics to determine which of your locations need to be visited as part of the onsite assessment.

Start Your Assessment

Start your Assessment in MyCSF Portal, with 90 days to complete it.

HITRUST CSF Certification

HITRUST can review your Assessment for Certification, if you qualify HITRUST will approve that you are HITRUST CSF Certified and issue a report.

Reasons To Use SecurityMetrics For Your HITRUST Assessment

Protect Sensitive Data

HITRUST is a globally accepted certification that communicates to your customers that you are dedicated to protecting their sensitive data.

Gain a Strong Security Foundation

A HITRUST Certification provides your business with a strong data security foundation, helping you address vulnerabilities in your organization.

Understand Your Vulnerabilities

Conducting a HITRUST Assessment allows you to go beyond the surface level and gain a deeper understanding of your vulnerabilities, allowing you to remediate security gaps before they are exploited.

Data Security Expert Advice

SecurityMetrics want to help you secure your environment against threat actors, not just pass your HITRUST Assessment. Using years of data security experience, SecurityMetrics can explain your network’s vulnerabilities and offer possible solutions.

Trusted HITRUST Partner

SecurityMetrics has experience with PCI, HIPAA, penetration testing, and forensic investigations, allowing us to draw on best practices to discover and prioritize your vulnerabilities.

Path to Compliance

Working towards a HITRUST Certification helps you on a path towards 44 authoritative sources and frameworks like PCI, HIPAA, NIST, ISO 27001, FTC, and COBIT.

Related Links

  • Guide SecurityMetrics Guide to PCI DSS Compliance

    The SecurityMetrics Guide to PCI DSS Compliance will help you understand current PCI requirements and trends, so that you can better protect data from inevitable future attacks.

  • Academy SecurityMetrics Academy

    Academy contains videos, quizzes, and external resources on topics like security policies and encryption. Our intent is to help SMBs like franchisees, small merchants, and healthcare practices address specific cybersecurity risks businesses may face.

  • Guide SecurityMetrics Guide to HIPAA Compliance

    We intend our guide to be a “deskside” reference for the day-to-day and recurring demands of HIPAA compliance. It’s meant to strike a balance between generally informative and specifically practical. Those who use our guide report that it is “thorough and detailed-oriented. Very helpful.”

  • Podcast SecurityMetrics Podcast

    The SecurityMetrics Podcast is intended to help businesses of all sizes as well as individuals–whether security professionals or not. We want to break security concepts down well enough that anyone can understand the top cybersecurity threats and how to deal with them.


  • SecurityMetrics Summit

    This recorded event is for all businesses that need solutions for cybersecurity, data protection, PCI DSS, HIPAA, and other types of compliance (HITRUST, GDPR, CCPA). Summit is ideal for those working in universities, retail, government, acquiring banks, and the healthcare industry. If your job includes anything related to compliance, payment card data, or cybersecurity, this is a must-watch event.


  • Threat Intelligence Center Feed

    SecurityMetrics Threat Intelligence Center analysts monitor current cybercriminal trends to give you weekly news reports and trending threat insights straight to your inbox, including: bi-monthly cybersecurity video-podcast, current data breaches, cybersecurity news, and technical advice to keep your system hacker-free.

Request a Quote for SecurityMetrics HITRUST Services