What’s the best way to get started with HITRUST?
Participants of this year’s HITRUST 2019 conference found that the easiest way to get started was to attend the pre-conference day. The day began with HITRUST kicking off the assessment workshop. Attendees were treated to an hour-long session where they learned the mechanics of the HITRUST process, how scoring works, and the various roles and responsibilities within the HITRUST journey to certification.
LBMC Information Security’s Contribution
The Assessment Workshop was led by veteran experts, LBMC’s Drew Hendrickson and Nancy Spizzo. Both shared their years of experience assisting clients with decisions such as whether to start with a self-assessment or jump right into a validated assessment.
If time will allow it, the self-assessment is always the best option! It gives you the opportunity to assess your organization and resolve any gaps in your security or privacy program ahead of testing for certification. Drew and Nancy explained realistic timelines needed to achieve certification, as well as other first-time assessment expectations.
The session seemed to really engage the audience with a conversation around actionable talking points:
- Following best practices and securing executive support. A project sponsor is critical to any project’s success.
- Engaging your assessor early in the process to streamline the gap analysis process and focus results.
- Defining the scope and purpose of the assessment discreetly to allow the assessor to provide credible results. This was so important that HITRUST had prepared a second session just so participants could exercise the scoping process.
- Associating SOC2 audits with HITRUST requirements. The “assess once, report many” benefit was featured.
In the last point—associating SOC2 audits with HITRUST requirements—Drew was able to introduce the benefits of the SOC2 reporting framework as a high-level summary. He was able to prepare participants for the more detailed session he was presenting during the General Session material.
All in all, participants left the assessment workshop prepared to talk with their organization about the HITRUST process to certification and best practices to ensure their success and avoid common pitfalls. They now had exposure to the industry’s move toward consolidated audit needs. LBMC was honored to lead the session and share with the HITRUST community our many years of experience assisting clients through the process.
Conference Response Among Participants
As a follow up to the conference, we are hearing that many organizations have been able to put this information to good use! They are reporting to us that the conversation is going well with their leadership, projects are being planned according to the timelines presented at the conference, and that gap analysis projects are starting!
Congrats to getting your project off to a great start, we can’t wait to see you at the conference next year as “certified” participants!