HITRUST Services

Providing fixed-fee HITRUST i1 and r2 Readiness Assessments

Get A Fixed Fee Quote Today Request a Free Quote

NDB is a leading provider of HITRUST Risk-Based, 2-Year (r2) Validated Assessments for healthcare organizations all throughout North America. Per HITRUST, “The HITRUST Risk-Based, 2-Year (r2) Validated Assessment (formerly named the HITRUST CSF Validated Assessment) is a risk-based and tailorable assessment that continues to provide the highest level of assurance for situations with greater risk exposure due to data volumes, regulatory compliance, or other risk factors.”

Additionally, per HITRUST, the r2 focuses on a comprehensive, prescriptive risk-based specification of controls suitable for most organizations with a very rigorous approach to evaluation, which is suitable for high assurance requirements.”

Key Elements of the HITRUST Risk-Based, 2-Year (r2) Validated Assessments

Formerly named the HITRUST CSF Validated Assessment, the new HITRUST Risk-Based, 2-Year (r2) Validated Assessment consists of the following measures:

  • The number of control requirement statements in an r2 assessment varies from 198 – 2000 (360 average in scope of assessments), based on inherent risk factors and included authoritative sources (optional)
  • r2 assessments can be tailored to convey assurances over dozens of information protection regulations and standards (including HIPAA, NIST CSF, PCI DSS, GDPR and more)
  • r2 assessments are tailored based on the assessed entity’s inherent risk factors (examples: whether in-scope systems are accessible from the Internet, whether wireless networks are used in the scoped environment, etc.)

Additionally, per HITRUST, a properly scoped r2 Assessment offers coverage against: NIST SP 800-53, NIST CSF, ISO 27001, HIPAA, FedRAMP, FISMA, FTC Red Flags Rule Compliance, MARS-E Requirements, PCI DSS, CCPA, GDPR, AICPA Trust Services Criteria for Security, Confidentiality and Availability, plus more than 30 other industry-recognized frameworks, standards, and authoritative sources.

To learn more about NDB’s HITRUST assessment services, including i1 validated assessments, i1 and r2 readiness assessments, along with r2 validated assessments, contact us today at This email address is being protected from spambots. You need JavaScript enabled to view it., or call 1-800-277-5415, ext. 705 to speak with a HITRUST specialist. With NDB, we offer fixed-fees for all HITRUST services.

Since 2006, NDNB has been setting the standard for security & compliance regulations