New Framework: HITRUST i1 is now available on Scrut

What's new?

Scrut now supports the HITRUST CSF i1 (Implemented 1-year) framework, a moderate assurance report that validates whether essential security controls are properly implemented and operating effectively.

Why was this needed?

The i1 is rapidly emerging as the industry standard for organizations that handle sensitive data. It strikes the ideal balance between comprehensiveness and efficiency.

• Moderate Assurance Standard: It demonstrates to partners and regulators a strong commitment to risk management by confirming that critical security controls are not just documented but are actively in place.

• Best Practice Control Set: The i1 control requirements are carefully selected to reflect modern best-practice cybersecurity threats, providing a highly relevant security baseline.

• Efficient Alternative to r2: For many companies, the i1 provides enough assurance to satisfy most third-party risk requirements without the extensive scoping and tailoring required by the full r2 assessment.

• Vendor Due Diligence: It is increasingly required for business associates, SaaS providers, and technology vendors who process, store, or transmit PHI (Protected Health Information) or other sensitive data.

How it works

• Access the HITRUST CSF i1 framework within the Frameworks module to view the entire set of i1 controls.

• Leverage control mapping to quickly inherit controls and evidence already used for other frameworks (like ISO 27001 or SOC 2) to accelerate your i1 preparation.

• Use the control dashboard to monitor the completeness of control implementation and remediation activities, ensuring you are ready for the audit.

• Create and share detailed readiness reports to demonstrate compliance to internal and external stakeholders.

Need help?

Your Customer Success Manager (CSM) is always ready to help if you need assistance. Explore all recent product updates → View now.