HITRUST is already applicable to and accepted by key players in the financial services industry. This fact was explained at Evolve IP’s Cybersecurity 2018 conference held last November at Evolve IP’s HQ in Wayne, PA.
During the keynote address by cybersecurity expert and author Tom Norman from Ingram Micro, Tom explained the importance of HITRUST and how it evolved into such a comprehensive and powerful standard:
“The HITRUST process is the pinnacle today of IT security. Evolve IP’s customers can rest assured that the data that they entrust to Evolve IP is being protected at the highest possible standards. HITRUST is a single, best-practice approach and it has the potential to work across every single vertical sector…financial services, military, healthcare, retail, education, government, transportation, distribution…you name it. It looks like HITRUST is going to be, if not today, within the next couple of years a solution across all of those verticals and across all of the compliance standards, including European compliance standards.”
Both of Tom’s predictions (for the financial services market and international market) have now come to pass with HITRUST version 9.1 release. Specifically, v9.1 of the HITRUST CSF incorporates 1) the New York State Cybersecurity Requirements for Financial Services Companies and 2) the European Union General Data Protection Regulation (GDPR).
The expansion of HITRUST to address the needs of financial services is the result of a strong wave of recognition and encouragement by the financial services community to ‘open up’ the robust HITRUST framework that emerged out of the healthcare industry in response to stringent HIPAA requirements. It is part of their ongoing initiative to make the HITRUST CSF more open and comprehensive so that it is applied more effectively to meet all compliance requirements across a variety of global industries.
Omar Khawaja, a board member at HITRUST, also presented at the November conference. In his presentation, he explained how there has been extensive work over the last two years to harmonize the HITRUST framework with the AICPA to align it with the process of obtaining a SOC II. Also, he also explained that there was already one top 10 bank in country that was going forward to obtain their HITRUST certification based on the general strength of the framework and because of the deep security assurances it provides (see 90 second video clip of this commentary).
Tom Norman also explained how the broad scope of HITRUST is a key part of its appeal:
“This is the thing that’s most appealing to me about HITRUST. It started out in support of HIPAA. But they took a very strategic approach to this and understood that every healthcare organization also has to comply with PCI DSS. So that’s a very prescriptive process. And as they looked at the NIST framework, COBIT, and ISO 27001, each provided a checklist of all of the things that you have to do. Somebody had the bright idea of just making HITRUST compliant with the worst case of every compliance standard out there. So it’s not an accident that HITRUST became the go-to solution for compliance.”
Further, according to their press release on v9.1, HITRUST’s cross-industry adoption has been further validated by two new independent reports: the NIST Interagency Report on the Status of International Cybersecurity Standardization for the Internet of Things (IoT) recognizes the HITRUST CSF as an industry-led security standard that addresses multiple areas of concern; and the Government Accountability Office (GAO) Report to Congressional Committees on Critical Infrastructure Protection cites the HITRUST CSF as a means of demonstrating compliance with the NIST Framework for Improving Critical Infrastructure Cybersecurity in the HPH sector.
Contact us today, for more information about Evolve IP’s HITRUST certified Evolve Cloud East or Evolve Cloud West datacenters. We’ll be happy to share and show how our secure cloud strategies and compliance-driven cloud solutions suite leverage our HITRUST certification to provide the ultimate protection to our financial services clients across the country.Categories: Cloud Computing Finance