Introducing HITRUST CSF, the Future of Cybersecurity Standard


In the age of digital transformation, adversaries are winning the race in penetrating the cyber defence systems of organisations around the world. According to the IBM Cost of Data Breach Report 2020, a data breach’s average total cost is an astonishing USD 3.92 million. The same report also noted that between 2019 and 2020, there was an increase of 52 % in data breaches caused by a malicious attack, with the cost of data breaches growing exponentially. The increased threat of cyberattacks put organisations at tremendous pressure to implement a proper risk management strategy that complies with local and global data protection regulations.

The complexity of the Risk & Compliance landscape has been increasing rapidly in recent times. This is further magnified due to the large number of data breaches that business is facing daily. Some of the key factors contributing to this complexity are:

  1. Multiple regulations for Security & Data Privacy. In fact, one can well say that an ever-increasing number of regulations and standards.
  2. Increasing customer expectations – An increasing awareness of the risks posed to organisations, coupled with the vast number of breaches that have hit businesses worldwide have made customers cautious and demanding.
  3. Market variations that impact the compliance needs of organisations while operating in different markets, whether regionally or globally.
  4. Dynamic business models adopted by organisations today which influence the standards that end up applying to them.
  5. Organisational culture.
  6. Increasing Third Party Risk – Managing one's own risk and security posture is no longer enough, especially for large organisations, and this is exemplified by the fact that a large number of data breaches are initiated through the supplier network.
  7. Technical Evolution – With new technologies creating new modes of interconnecting and exchanging of data, the vectors for breaches to occur have also been increasing. In fact the programmatic techniques adopted has been increasing these vectors exponentially.
  8. Growing number of New Threats, and Actors.

These factors and many more combine to raise three main questions. Answers to which will help simplify the life of every CISO and Risk leader. 

  1. Choice of framework: Which is the one framework that will help me address maximum needs. Is there any framework which will address both the security and privacy aspects? Is there a Framework will be easy to adopt and institutionalise across my organisation?
  2. Which assessment: In fact, which and how many assessments should I be doing across my organisation.
  3. How do I meet my reporting needs: How can I meet my current and future needs, some of which I am not even sure about? How can I address the requirements of my stakeholders – both internal and external, whether in-country or geographically dispersed.

These questions, and more, are easily answered by the HTRUST Program which has been successfully helping organisations across the globe in meeting their regulatory, and stakeholder obligations.

One Framework, One Assessment, Globally.

The foundation of all HITRUST programs and services is the HITRUST CSF, a “certifiable” framework that provides organisations with a comprehensive, flexible, and efficient approach to regulatory compliance and risk management. 

Developed in collaboration with data protection professionals, the HITRUST CSF rationalises relevant regulations and standards into a single overarching security and privacy framework. Because the HITRUST CSF is both risk- and compliance-based, organisations of varying risk profiles can customise the security and privacy control baselines through a variety of factors including organisation type, size, systems, and regulatory requirements.

With a deep understanding of data protection compliance and the challenges of assembling and maintaining the many and varied programs, HITRUST’s integrated approach ensures the components are aligned, maintained, and comprehensive in order to support every organisation’s information security management program. This has led to HITRUST CSF becoming a widely adopted security and privacy framework across industries globally.

The HITRUST CSF provides the structure, transparency, guidance, and cross-references to authoritative sources organisations globally need to be certain of their data protection compliance. The initial development of the HITRUST CSF leveraged nationally and internationally accepted security and privacy-related regulations, standards, and frameworks–including ISO, NIST, PCI, HIPAA, and COBIT–to ensure a comprehensive set of security and privacy controls, and continually incorporates additional authoritative sources. It has now grown comprehensively to incorporate the privacy regulations across the globe including CCPA, HIPAA, GDPR and Singapore’s PDPA. The HITRUST CSF standardises these requirements, providing clarity and consistency, and reducing the burden of compliance.

As a HITRUST Assessor Partner, one of the first in the ground partners in Asia, Quantum helps organisations in the adoption and certification of the HITRUST CSF.