News and Awards

Ostendio is the first SaaS company to become a HITRUST Readiness Licensee

Written by Ostendio | Sep 14, 2022 1:15:00 PM

News Summary:

  • HITRUST certification provides third-party validation that an organization is up to date with the latest security and privacy standards, protecting sensitive data
  • Clients preparing for a HITRUST assessment can build their data security program and prepare for the assessment using a combination of the Ostendio platform and the HITRUST MyCSF platform
  • Ostendio Professional Services experts have over 10+ years of experience each of HITRUST experience, including 3 Certified HITRUST CSF Practitioners

 

Arlington, Va. (September 14, 2022) - Ostendio, Inc., a leading provider of integrated risk management solutions, today announced that it has become a HITRUST Readiness Licensee. Ostendio is the first SaaS company to achieve this license from HITRUST, a leading data protection standards development and certification organization offered across many industries including healthcare, finance, and technology. 

Becoming a HITRUST Readiness Licensee will allow Ostendio to more efficiently navigate the HITRUST standards once clients are linked to their HITRUST MyCSF account and cost-effectively prepare clients to complete a HITRUST assessment. With more than thirty years of combined experience performing HITRUST assessments, Ostendio’s team of readiness experts ensures client organizations are well prepared for their HITRUST assessment. 

“Data security is a growing concern for companies of all sizes and all industries,” said Grant Elliott, CEO, and chairman of Ostendio. “The experts in our Professional Services team will work with Ostendio Authorized Auditors, who are authorized HITRUST External Assessors, to create an outstanding team helping clients throughout the HITRUST process using the Ostendio platform.”  (In accordance with its methodologies and standards, HITRUST will review the material submitted and make an independent determination on assessment scoring or certification.) 

HITRUST Certifications provide organizations and their customers with the assurance that the organization is up to date with the latest security and privacy standards. The HITRUST CSF Framework and HITRUST assessments provide a comprehensive framework of security controls, indicating the effective and efficient safeguarding of sensitive material, such as electronically protected health information and other confidential data. This advanced certification assists in providing reliable assurance of the operating effectiveness of a company's information security program and the maturity of the company. Primary areas of focus for the certification include privacy and security departments, security operations, cloud operations, change management, service management (incident management), IT services (access and device management), human resources, and finance.

Used in conjunction with the HITRUST MyCSF platform, the Ostendio platform can help organizations speed up the process towards HITRUST certification. Ostendio enables auditors and clients to collaborate on real-time evidence within a single, secure integrated risk management platform. Unlike industry-standard methods of conducting complex audits using disparate and siloed shared drives and spreadsheets, the Ostendio platform provides access to evidence and documents that are always available, easy to update, and optimized for collaboration.

The Ostendio Trust Network™ connects organizations with third-party vendors to help them safely share security information and manage and mitigate risk across the extended enterprise. Ostendio Trust Network members can invite vendors to complete custom risk assessments and share information quickly and in real time. This allows vendors to demonstrate compliance to their customers and auditors, easing sales processes and reducing compliance burdens. Companies can mandate that vendors share their compliance information directly via the Ostendio platform, dramatically reducing the risk of vendor-related data breaches.