In an ideal world, every organization would place a high importance on information security, regardless of its maturity level, annual revenue, or contractual obligations. Unfortunately, we don’t live in an ideal world.

Many companies—especially new companies—simply don’t have the time, money, or knowledge to create a strong cybersecurity program. Instead, they must devote their limited resources to running and growing the business. This is a known issue, and thankfully, the HITRUST Alliance has recently introduced a program to help alleviate it. It’s called The HITRUST RightStart Program for Start-ups.

The HITRUST RightStart Program is specifically-designed for organizations that meet the following requirements:

1. The business was incorporated or founded within the last 3 years.

2. The business has a productive service line (or is close).

3. The business has under 50 full-time employees.

4. The business has an annual revenue of less than $10 million.

The goal of the HITRUST RightStart Program is (you guessed it) to help new companies get started on the right foot through implementing strong cybersecurity practices as a foundational part of their businesses. The HITRUST RightStart program accomplishes this by providing start-ups with access to the following resources:

    • The HITRUST CSF Library, which lets organizations assess themselves against the HITRUST CSF or any of the 35 other authoritative sources that make up the HITRUST CSF
    • The HITRUST CSF Assurance Program, which allows companies to take advantage of the major selling point of the HITRUST CSF: “Assess Once, Report Many”
    • The MyCSF Assessment Platform, which was updated in 2018 and allows companies to record and store information related to their compliance with the CSF
    • HITRUST Academy, which enables organizations to learn more about the CSF

The RightStart program was created to do all of this at a reasonable cost as well. The program costs $15,000 per year for two years, minimum, as long as the organization meets the four requirements necessary for membership in the program (mentioned above).

In the past, cybersecurity programs have been an add-on for start-ups—something they attached to their businesses with metaphorical duct-tape in hopes that they would work until there was time to invest in something better. The introduction of the RightStart Program creates a clear roadmap for start-ups to not only make cybersecurity an integral part of their business but also to ease compliance challenges in the future. And, at its most basic level, it might be able to keep start-ups from having to continually complete questionnaires and instead “assess once, report many” to both business partners and investors alike.

Whether you’re a start-up or an established business, LBMC Information Security would love to help you navigate the complexities of the HITRUST CSF. Just click here to contact us and learn how we can help.