HITRUST Overview and AI Assessments Webinar.pptx

HITRUST Overview and AI Assessments Webinar.pptx

• 1.
  WEBINAR HITRUST Overview & AIAssessments
• 2.
  14th APAC AnnualGlobal Meet, Dubai, Jan 2025 2 ControlCase. All Rights Reserved. Agenda HITRUST CSF Why HITRUST? HITRUST Assessment Portfolio 01 02 03 HITRUST AI Assessments ControlCase Methodology Panel Discussion 04 05 06
• 3.
  14th APAC AnnualGlobal Meet, Dubai, Jan 2025 Omkar Salunkhe Senior Vice President Presenter:
• 4.
  ControlCase Snapshot © ControlCase. AllRights Reserved.
• 5.
  14th APAC AnnualGlobal Meet, Dubai, Jan 2025 5 © ControlCase. All Rights Reserved. ControlCase Overview Best-in-Class Compliance Platform  ControlCase is revolutionizing the way enterprises and organizations deal with the numerous and frequently changing IT compliance and regulatory requirements  Proprietary software, including appliance and SaaS solutions, that enable CaaS (GRC and Data Discovery)  Compelling proprietary offering combining proprietary software, certification/audits, and managed services on a single platform.  One AuditTM enables our clientele to Assess once: Comply to Many  Leadership positions in the PCI DSS, SOC 2, ISO 27001, HIPAA, HITRUST, FedRAMP and CMMC domains  Serving over 1,000 customers  Global footprint with offices in the U.S., LATAM, Europe, India, Canada, and UAE  Leverages an offshore delivery infrastructure for competitive advantage  IT compliance manager for multiple industry segments including banking, service providers, retail, hospitality, and telecom Global Vision & Solutions Enhancement Provider of Compliance as a Service (CaaS) subscription-based offering bundling proprietary GRC software and managed services Founded in 2004 Headquartered in Fairfax, VA Offices in U.S., Canada, India 250+ employees
• 6.
  14th APAC AnnualGlobal Meet, Dubai, Jan 2025 6 ControlCase Snapshot © ControlCase. All Rights Reserved. CERTIFICATION AND CONTINUOUS COMPLIANCE SERVICES Go beyond the auditor’s checklist to: Dramatically reduce the time, cost, and burden of maintaining IT compliance and becoming certified. Demonstrate compliance more efficiently and cost effectively (cost certainty) Offload much of the compliance burden to a trusted compliance partner Improve efficiencies by doing more with less resources and gain compliance peace of mind 1,000+ CLIENTS 10,000+ IT SECURITY CERTIFICATIONS 275+ SECURITY EXPERTS
• 7.
  14th APAC AnnualGlobal Meet, Dubai, Jan 2025 7 ControlCase Snapshot – Solution © ControlCase. All Rights Reserved. Certification and Continuous Compliance Services Partnership Approach Compliance HUBTM + = IT Certification Services Continuous Compliance Services &
• 8.
  14th APAC AnnualGlobal Meet, Dubai, Jan 2025 8 Certification Services One Audit™ Assess Once. Comply to Many. © ControlCase. All Rights Reserved.
• 9.
  14th APAC AnnualGlobal Meet, Dubai, Jan 2025 9 HITRUST CSF © ControlCase. All Rights Reserved. • HITRUST CSF is a risk management framework developed and maintained by HITRUST. • Certifiable standard that harmonizes 50+ sources. • Allows organizations the ability to tailor their security control baselines based on their specific information security requirements. • The standard was initially targeted to cater organizations in the healthcare sector. However, it is now an industry agnostic standard that can be used by organizations across various sectors to protect sensitive data.
• 10.
  14th APAC AnnualGlobal Meet, Dubai, Jan 2025 10 Why HITRUST? © ControlCase. All Rights Reserved. Return on Investment Marketplace Differentiation Increase Speed of Sale Cyber Insurance – Better Rates and Coverage Threat Adaptive Multiple Levels of Validation Third Party Risk Management Prescriptive Control Language Security Compliance In 2024, HITRUST identified that HITRUST r2 certified organizations remediated 92% of controls that did not fully address the HITRUST CSF framework requirements within one year of achieving their certification.
• 11.
  14th APAC AnnualGlobal Meet, Dubai, Jan 2025 11 HITRUST Assessment Portfolio © ControlCase. All Rights Reserved. e1 Validated Assessment Focuses on Implementation Maturity Basic Cybersecurity Hygiene 44 Security Requirements 3 Mandatory Maturity Levels and 2 Optional Inherent Risk Factors and Compliance Factors Avg. of 275 Security Requirements i1 Validated Assessment r2 Validated Assessment Focuses on Implementation Maturity Mapped to Leading Cybersecurity Practices 182 Security Requirements As per the 2024 HITRUST Trust Report, 47.6 % of new adopters have chosen to get certified against the e1 assessment whereas i1 and r2 have been chosen by 28% and 24.4%, respectively.
• 12.
  14th APAC AnnualGlobal Meet, Dubai, Jan 2025 12 HITRUST AI Assessments © ControlCase. All Rights Reserved. HITRUST AI Risk Management Framework • Focuses on holistic AI Risk Management • Harmonizes ISO/IEC 23894:2023 and NIST AI RMF • Targeted towards AI providers and users • Resulting in an insights report; not a certification • 51 relevant AI Risk Management controls HITRUST AI Security Assessment • Focuses only on AI Security • Harmonizes controls from NIST, ISO and OWASP • Targeted towards AI providers only • Add-on certification to the e1, i1 or r2 assessments • Up to 44 AI security requirements
• 13.
  14th APAC AnnualGlobal Meet, Dubai, Jan 2025 13 © ControlCase. All Rights Reserved. ControlCase Methodology Scoping Readiness Assistance Validated Assessment HITRUST QA and Certification
• 14.
  14th APAC AnnualGlobal Meet, Dubai, Jan 2025 14 © ControlCase. All Rights Reserved. Panel Discussion - HITRUST Certification & Assessment Process Ashish Kirtikar President, Europe & UK ControlCase Moderator Sriram Lakshmanan Deputy CISO Genpact Chirag Panchal AVP – Infrastructure, Information Security and Compliance HiLabs Inc. Murugaraj Narayanan Senior Director, IT Infra and Security Prochant India Pvt. Ltd.
• 15.
  © ControlCase. AllRights Reserved. Q&A – Open Forum
• 16.
  Thank you forthe opportunity to contribute to your IT compliance program. For additional queries/support contact@controlcase.com