HITRUST CSF gap analysis for a Silicon Valley startup

Featured image

Share this article

HITRUST CSF Gap Analysis for a Startup - Tyler
Tyler Dornenburg reviewing the HITRUST CSF Portal with Jeff Pochily

As part of our journey on the HITRUST RightStart program, Jeff Pochily visited our office in San Francisco today.

The RightStart program is aimed at giving start-ups the tools needed to make information security and compliance easier to establish and manage. The newly introduced program helps startups like us accelerate adoption of the most comprehensive risk management, compliance, privacy and security suite of services in the marketplace.

Jeff Pochily is an Information Security Auditor at KirkpatrickPrice LLC and is our HITRUST assessor. He’ll be with us for the next three days as we get a handle on HITRUST.

HITRUST CSF Gap Analysis Takeaways

HITRUST CSF Gap Analysis for a Startup - Jeff Pochily
Jeff Pochily pointing us in the right direction for HITRUST

Here are some of my takeaways from our first day with Jeff Pochily.

  • There are approximately 320 control statements to be addressed
  • Document everything
  • “How do your vendors demonstrate HIPAA compliance?”
  • What is in HITRUST scope for Paubox?
  • Where is the data stored? Where is it processed? What systems transmit data?
  • Anything that affects the security of the system is in scope
  • What kinds of risk assessments have been done so far? Have they been scored?
  • The word formal is another way of saying documented
  • Asked about Change Management: What’s in place? How are changes managed?
  • Covered CIS 20 Critical Controls
  • In case you need to deal with it, make sure you know where the data is

About HITRUST

Founded in 2007, HITRUST Alliance is a not-for-profit organization whose mission is to champion programs that safeguard sensitive information and manage information risk for organizations across all industries and throughout the third-party supply chain.

In collaboration with privacy, information security and risk management leaders from both the public and private sectors, HITRUST develops, maintains and provides broad access to its widely adopted common risk and compliance management and de-identification frameworks; related assessment and assurance methodologies; and initiatives advancing cyber sharing, analysis, and resilience.

Try Paubox Email Suite for FREE today.
Author Photo

About the author

Hoala Greevy

Founder of Paubox. Kayak fishing when I can. Native Hawaiian CEO.

Read more by Hoala Greevy

Get started with
end-to-end protection

Bolster your organization’s security with healthcare’s most trusted HIPAA compliant email solution

The #1-rated email encryption 
and security software on G2

G2 Badge: Email Encryption Leader Fall 2022
G2 Badge: Security Best Usability Fall 2022
G2 Badge: Encryption Momentum Leader Fall 2022
G2 Badge: Security Best Relationship Fall 2022
G2 Badge: Security Users Most Likely to Recommend Fall 2022
G2 Badge: Email Gateway Best Relationship Fall 2022
G2 Badge: Email Gateway Best Meets Requirements Fall 2022
G2 Badge - Users Most Likely to Recommend Summer 2022
G2 Badge: Email Gateway Best Results Fall 2022
G2 Badge: Email Gateway Best Usability Fall 2022
G2 Badge: Email Gateway Best Support Fall 2022
G2 Badge: Email Gateway Easiest To Use Fall 2022
G2 Badge: Email Gateway Easiest Setup Fall 2022
G2 Badge: Email Gateway Easiest Admin Fall 2022
G2 Badge: Email Gateway Easiest to do Business with Fall 2022
G2 Badge: Email Gateway Highest User Adoption 2022
G2 Badge: Email Gateway High Performer Fall 2022
G2 Badge: Email Gateway Momentum Leader Fall 2022
G2 Badge: Email Gateway Most Implementable Fall 2022
G2 Badge: Email Gateway Users Most Likely to Recommend Fall 2022