NDB is a leading provider of HITRUST Risk-Based, 2-Year (r2) Validated Assessments for healthcare organizations all throughout North America. Per HITRUST, “The HITRUST Risk-Based, 2-Year (r2) Validated Assessment (formerly named the HITRUST CSF Validated Assessment) is a risk-based and tailorable assessment that continues to provide the highest level of assurance for situations with greater risk exposure due to data volumes, regulatory compliance, or other risk factors.”
Additionally, per HITRUST, the r2 focuses on a comprehensive, prescriptive risk-based specification of controls suitable for most organizations with a very rigorous approach to evaluation, which is suitable for high assurance requirements.”
Key Elements of the HITRUST Risk-Based, 2-Year (r2) Validated Assessments
Formerly named the HITRUST CSF Validated Assessment, the new HITRUST Risk-Based, 2-Year (r2) Validated Assessment consists of the following measures:
- The number of control requirement statements in an r2 assessment varies from 198 – 2000 (360 average in scope of assessments), based on inherent risk factors and included authoritative sources (optional)
- r2 assessments can be tailored to convey assurances over dozens of information protection regulations and standards (including HIPAA, NIST CSF, PCI DSS, GDPR and more)
- r2 assessments are tailored based on the assessed entity’s inherent risk factors (examples: whether in-scope systems are accessible from the Internet, whether wireless networks are used in the scoped environment, etc.)
Additionally, per HITRUST, a properly scoped r2 Assessment offers coverage against: NIST SP 800-53, NIST CSF, ISO 27001, HIPAA, FedRAMP, FISMA, FTC Red Flags Rule Compliance, MARS-E Requirements, PCI DSS, CCPA, GDPR, AICPA Trust Services Criteria for Security, Confidentiality and Availability, plus more than 30 other industry-recognized frameworks, standards, and authoritative sources.
