Blog

As AI continues to transform industries worldwide and organizations continue to innovate their use of AI in regular practice, they are also faced with growing pressure to demonstrate that their AI systems are secure, trustworthy, and responsible. With regulatory scrutiny and public concern over widespread use of AI on the rise, aligning with established frameworks and standards has become essential for maintaining credibility and mitigating risk.

Though HITRUST released v11 of the HITRUST CSF back in January 2023, as of April 16, 2024, HITRUST released CSF v11.3. Standard practice is for HITRUST to update their CSF annually—at a minimum—and this v11.3 is a relatively minor revision with two main differences:

For any organization committed to robust cybersecurity hygiene, due diligence isn’t just for your interior systems, operations, facilities, and people—it also requires vetting your service relationships with suppliers to ensure they’re also secure. This is something Microsoft clearly understands, given their rigorous Supplier Security & Privacy Assurance (SSPA) Program they require. And for said suppliers participating in the SSPA Program, there are benefits to further extending your security compliance through HITRUST certification.

As organizations face pressure to obtain third-party validation demonstrating their effective cybersecurity and risk management practices, they may wonder which compliance approach is best to pursue. HITRUST Certification is a globally recognized program that validates an organization’s compliance with the HITRUST Common Security Framework (CSF). An alternative to obtaining a HITRUST CSF Certification is the SOC 2 + HITRUST report, which serves as a collaboration between HITRUST and the AICPA.