December 13, 2024

Vanta deepens HITRUST partnership with MyCSF integration

Written by

Herman Errico

Brian Retson

Product Marketing

Reviewed by

Accelerating security solutions for small businesses
‍

Tagore offers strategic services to small businesses.

A partnership that can scale
‍

Tagore prioritized finding a managed compliance partner with an established product, dedicated support team, and rapid release rate.

Standing out from competitors
‍

Tagore's partnership with Vanta enhances its strategic focus and deepens client value, creating differentiation in a competitive market.

As the security expectations of customers grow and the regulatory landscape gets more complex, businesses are recognizing the value of investing in and demonstrating security. As the demand for proving compliance grows, so does the demand for HITRUST, given its reputable assessment process.

‍

Achieving HITRUST certification involves demonstrating compliance with a detailed set of controls designed to manage and mitigate information security risks. The HITRUST CSF consolidates multiple regulatory and industry requirements, such as HIPAA, GDPR, and ISO 27001, into a unified framework that organizations can use to standardize their security practices.

‍

The process is supported by MyCSF, HITRUST's platform for managing assessments. MyCSF centralizes control requirements, evidence collection, and certification tracking, providing a structured approach to meet HITRUST standards.

‍

Today, we’re excited to announce our HITRUST MyCSF integration. With this two-way integration, you can sync controls and evidence seamlessly between the two platforms, eliminating the need to duplicate efforts or make updates in multiple places. This increases efficiency, accuracy, and leads to a faster attainment of HITRUST e1, i1, or r2.

‍

This announcement builds upon the existing capabilities made possible by Vanta’s industry-first partnership with HITRUST. Vanta’s HITRUST solution automates up to 80% of its requirements by including guidance around requirements, documents and policy templates, and automated evidence collection. Vanta is the first and only automated compliance platform to automate evidence gathering and feed it directly into HITRUST’s MyCSF platform.

‍

‍

Effectively perform HITRUST assessments in Vanta

Here’s what the new and improved process for getting certified looks like using this Vanta and HITRUST MyCSF integration:

Import HITRUST controls: Automatically import e1, i1, or r2 controls from HITRUST MyCSF into Vanta for streamlined compliance tracking. Vanta will automatically populate controls with Vanta tests and documents to help you get set up quickly and easily.
Manage your compliance program in Vanta: Take advantage of all of the efficiencies and automation Vanta provides when implementing controls and preparing for your audit.
Leverage cross-mapping for similar controls: Reduce duplicative work by using Vanta’s cross-mapping capabilities to obtain other frameworks with similar controls, such as SOC 2 or ISO 27001.
Collaborate seamlessly with your auditor: Reach audit readiness and have your auditor validate and accept the evidence directly within Vanta.
Export evidence to HITRUST MyCSF: Move your auditor-approved evidence from Vanta into HITRUST MyCSF with a single click, ensuring all your records are correctly captured in the HITRUST portal.
Stay informed on control updates: Get automatic updates about new or changes to HITRUST controls to ensure you maintain compliance easily.

‍

‍

Get started with HITRUST today

HITRUST e1, i1, and r2 are now generally available within the Vanta platform and the MyCSF integration is included at no additional charge. If you’re a current Vanta customer interested in obtaining your HITRUST certification, reach out to your Customer Success Manager or Account Executive to learn more. To see how Vanta helps companies demonstrate comprehensive security measures with HITRUST, request a demo today.

Access Review Stage	Content / Functionality
Across all stages	Easily create and save a new access review at a point in time View detailed audit evidence of historical access reviews
Setup access review procedures	Define a global access review procedure that stakeholders can follow, ensuring consistency and mitigation of human error in reviews Set your access review frequency (monthly, quarterly, etc.) and working period/deadlines
Consolidate account access data from systems	Integrate systems using dozens of pre-built integrations, or “connectors”. System account and HRIS data is pulled into Vanta. Upcoming integrations include Zoom and Intercom (account access), and Personio (HRIS) Upload access files from non-integrated systems View and select systems in-scope for the review
Review, approve, and deny user access	Select the appropriate systems reviewer and due date Get automatic notifications and reminders to systems reviewer of deadlines Automatic flagging of “risky” employee accounts that have been terminated or switched departments Intuitive interface to see all accounts with access, account accept/deny buttons, and notes section Track progress of individual systems access reviews and see accounts that need to be removed or have access modified Bulk sort, filter, and alter accounts based on account roles and employee title
Assign remediation tasks to system owners	Built-in remediation workflow for reviewers to request access changes and for admin to view and manage requests Optional task tracker integration to create tickets for any access changes and provide visibility to the status of tickets and remediation
Verify changes to access	Focused view of accounts flagged for access changes for easy tracking and management Automated evidence of remediation completion displayed for integrated systems Manual evidence of remediation can be uploaded for non-integrated systems
Report and re-evaluate results	Auditor can log into Vanta to see history of all completed access reviews Internals can see status of reviews in progress and also historical review detail