Request Information

Request Information

or Call 1.877.459.4347

Credit Unions Enjoy Enterprise-Class Security in Evolve IP’s HITRUST Certified Cloud

March 12, 2018 / Evolve IP

“The HITRUST process is the pinnacle today of IT security. Evolve IP’s customers can rest assured that the data that they entrust to Evolve IP is being protected at the highest possible standards.” – Tom Norman, Cybersecurity Consultant and Author, Ingram Micro

Data security and cybersecurity were among the hottest topics discussed at Evolve IP’s CUNA Governmental Affairs Conference (GAC) exhibit last week. The protection of member data and expectation of privacy are, of course, key pillars of the credit union service promise. At CUNA, we shared how Evolve IP supports the security objectives of our credit union clients by delivering our call center, omni-channel communications system, and disaster recovery services in a world-class, compliance-focused infrastructure that is HITRUST audited and certified.

CUNA1 Ironically, as the GAC was concluding, the HITRUST organization issued a press release explaining that newest version (v9.1) of Common Security Framework has significant further implications for Evolve IP’s credit union customers and the credit union marketplace in general. As explained in the release, version 9.1 incorporates both the European Union General Data Protection Regulation (GDPR) and New York State Cybersecurity Requirements for Financial Services Companies (23 NYCRR 500). The expansion of HITRUST to address the needs of financial services is the result of a strong wave of recognition and encouragement by the financial services community to ‘open up’ the robust HITRUST framework that emerged out of the healthcare industry in response to stringent HIPAA requirements. It is part of their ongoing initiative to make the HITRUST CSF more open and comprehensive so that it is applied more effectively to meet all compliance requirements across a variety of global industries.


Security Assurance for Financial Services

HITRUST is already applicable to and accepted by key players in the financial services industry. This fact was explained at Evolve IP’s Cybersecurity 2018 event held last November at our Wayne, PA headquarters. The first keynote speaker was Omar Khawaja, Chief Information Security Officer for Highmark Health and a board member at HITRUST. He explained how there has been extensive work over the last two years to harmonize the HITRUST framework with the AICPA to align it with the process of obtaining a SOC II. Also, he also explained that there was already one top 10 bank in the country that was going forward to obtain their HITRUST certification based on the general strength of the framework and because of the deep security assurances it provides.

These sentiments were echoed during the second keynote address by cybersecurity expert and author Tom Norman from Ingram Micro. Tom explained how HITRUST evolved into such a comprehensive and powerful standard:

“This is the thing that’s most appealing to me about HITRUST. It started out in support of HIPAA. But they took a very strategic approach to this and understood that every healthcare organization also has to comply with PCI DSS. So that’s a very prescriptive process. And as they looked at the NIST framework, COBIT, and ISO 27001, each provided a checklist of all of the things that you have to do. Somebody had the bright idea of just making HITRUST compliant with the worst case of every compliance standard out there. So it’s not an accident that HITRUST became the go-to solution for compliance.”

HITRUST is a single, best-practice approach and it has the potential to work across every single vertical sector…financial services, military, healthcare, retail, education, government, transportation, distribution…you name it. It looks like HITRUST is going to be, if not today, within the next couple of years a solution across all of those verticals and across all of the compliance standards, including European compliance standards.”

Both of Tom’s predictions (for the financial services market and international market) have now come to pass with HITRUST’s version 9.1 release. The incorporation of the Cybersecurity Requirements for Financial Services Companies issued by New York, shows that HITRUST has clearly embraced the needs of the financial services industry. Further, incorporating the European GDPR requirement is a major step towards the internationalization of the framework.

The key takeaways for credit unions are simple:

  • The cloud communications and computing solutions that are part of OneCloud Credit Union are built on a robust, geographically redundant, HITRUST-certified environment (that is also PCI DSS compliant).
  • Evolve IP’s infrastructure and solutions are built specifically to meet the needs of compliance-driven, privacy-minded companies with 24x7x365 services expectations. Assuring business continuity is our specialty.
  • Our cloud solutions will at a minimum meet, and in many cases exceed, our clients’ on-premises data protection and privacy standards.

For more information about HITRUST or the OneCloud Credit Union solution suite, contact us today.

Categories: Credit Union General
Listening To Needs. Solving Complex Challenges.

Helping enterprise IT focus on business results, not infrastructure

  • One of the nation’s largest and fastest-growing dermatology businesses estimates savings of $6.45 Million over 5 years

    View Case Study

    “Evolve IP’s digital workspaces have allowed us to acquire more practices in a faster and more profitable way. That is resulting in bottom-line cost savings and top-line business benefits.”

    – Jeff Francis, Vice President of IT USDP

  • International Law Firm Drives Communications Reliability Across 60+ Worldwide Locations and Saves Over $300,000 a Year

    View Case Study

    “That’s the type of proposition I like to bring to a Board of Directors. When I can say, ‘we can get everything new, be completely redundant, it can meet all of our needs and oh, by the way, we are going to save over $300,000 a year.’ It makes it easy for me to sell!”

    – Ken Schultz CIO of Ogletree Deakins

  • Financial advisory firm enables employees to Work Anywhere with an integrated platform

    View Case Study

    “The transition has been almost seamless to our folks, working from home full time. My team looks like heroes right now.”

    Ryan Easter, Director of IT and Principal at Johnson Investment Counsel

Simplify and future-proof your technology footprint with Evolve IP

It's nearly impossible to stay on top of every change in technology. Partner with Evolve IP and gain the combined experience of hundreds of technologists, all acting as an extension of your IT team. Helping you do more with less.


Contact Us

or Call 1.877.459.4347