Resources

General

Streamlining the Process of Third-Party and Vendor Risk Management

An in-depth review of the XChange and how it is powered by the XChange Manager portal to execute the HITRUST TPRM Methodology

READ MORE

HITRUST Basic, Current-state (bC) Assessment

The HITRUST bC Assessment is a verified good hygiene information security self-assessment that offers better consistency, improved accuracy, and more flexibility than other types of self-assessments.

READ MORE

HITRUST Implemented, 1-year (i1) Validated Assessment

The HITRUST Implemented, 1-year (i1) Assessment + Certification is an innovative, threat-adaptive, broad-based assessment that evolves over time to actively address the ever-changing cybersecurity landscape across industries.

READ MORE

HITRUST Risk-based, 2-year (r2) Validated Assessment

The HITRUST Risk-based, 2-year (r2) Validated Assessment + Certification is globally recognized as a high-level validation showing that an organization successfully manages cyber risk by meeting and exceeding industry-defined and accepted information security requirements.

READ MORE

Assessing Risks and Obtaining Assurances: A Guide

The HITRUST XChange offers several options to assess the amount of risk posed by each of your business relationships and to obtain assurances relating to the security and privacy posture of each of your third parties.

READ MORE

HITRUST Assessment XChange Illustrative Process

The HITRUST Assessment XChange offers an innovative and comprehensive solution, combining the processes, technology, and people needed to help organizations streamline and simplify their third-party risk management.

READ MORE

HITRUST Assessment XChange Workflow

Flow chart showing the HITRUST Assessment XChange processes and procedures used to request IRQs and Assessments from third parties and vendors.

READ MORE

Providing Reliable Assurances

Understanding the Differences Between a HITRUST Assessment Report and an AICPA SOC 2 Report

READ MORE

HITRUST Assessment XChange Use Cases

Guidelines that help your organization determine when to use the Inherent Risk Questionnaire to obtain additional data from a third-party; and/or when to request a HITRUST Basic, Current-state bC Self-assessment from vendors for whom you require only low-level, basic assurances.

READ MORE

HITRUST Assessment XChange Features Overview

The HITRUST Assessment XChange is the only third-party risk management solution that is both comprehensive and modular, including the three vital components of people, process, and technology.

READ MORE

Customer FAQs

The most frequently asked questions from current and prospective customers of the XChange

READ MORE

HITRUST Assessment XChange Subscription Pricing

Subscription options for organizations who participate in the XChange

READ MORE

Webinars

HITRUST Assessment XChange Adoption & Integration of HITRUST’s Third-Party Risk Management Program

An introduction to the HITRUST Assessment XChange and the recommended approach on how to implement the HITRUST TPRM Methodology and the XChange into an organization’s TPRM program

WATCH NOW

HITRUST Third-Party Risk Management (TPRM) Methodology and HITRUST Assessment XChange Enhancements

How the HITRUST TPRM Methodology and HITRUST Approach help organizations qualify their third parties for new and existing business relationships based on the inherent risk they pose to the organization

WATCH NOW

HITRUST TPRM Methodology

HITRUST TPRM Methodology: Third-Party Risk Management Methodologies, Programs and Services

Overview of HITRUST’s strategic programs and services

READ MORE

HITRUST Third-Party Risk Management (TPRM) Methodology: The Qualification Process

A streamlined approach to qualifying a third party for a business relationship leveraging the HITRUST CSF and CSF Assurance Program

READ MORE

HITRUST Third-Party Risk Management Methodology

An Illustration of the Process

LEARN MORE