HITRUST certification explained
Summary
Discover which Ricoh products are HITRUST certified and what HITRUST certification means.
Read time: 3 minutes
For industries where security, privacy, and risk management are top-of-mind, HITRUST certification is one of the most important a company can hold. This achievement places Ricoh in an elite group of organizations worldwide that have earned this certification.
By including federal and state regulations, standards, and frameworks, and incorporating a risk-based approach, the HITRUST Assurance Program helps organizations address security and data protection challenges through a comprehensive and flexible framework of prescriptive and scalable security controls.
What is HITRUST certification?
The Common Security Framework (CSF) was created in 2007 by the Health Information Trust Alliance (HITRUST Alliance). The organization initially focused on HIPAA, ISO 27001, and similar regulations, and expanded the framework to embrace other industries, such as financial services, information technology, and more.
The framework helps organizations demonstrate their security and privacy through a standardized compliance assessment and certification process.
What does it mean to be HITRUST certified?
HITRUST certification demonstrates that the organization has met key regulations and industry-defined requirements and is appropriately managing risk.
Organizations worldwide use the region- and industry-agnostic control framework, assessment platform, and independent certification program to assure customers, partners, and vendors that their sensitive information is protected.
Which products are HITRUST certified?
Ricoh obtained HITRUST certification for its Intelligent Business Platform hosted at Amazon Web Services (AWS). Also in scope are desktops located in Ricoh’s processing centers at Rancho Cordova, Cali., and Parma, Ohio. (Read the press release.)
IBP gives customers the tools to convert data into highly valuable insights, workflows, and documents, enabling remote workers to connect without compromising network security, automating manual steps and billing, empowering workers to solve customer issues from anywhere, and more.
Ricoh is committed to providing our customers with the finest technology, services, programs and resources — along with the expertise to assist them in meeting security, compliance, and policy requirements.
With Ricoh, security is not an after-thought or a reaction to a problem. Security-focused thinking extends across the portfolio — from devices to software to professional and managed services.
What are the HITRUST certification requirements?
HITRUST certification requirements incorporate security, privacy, and other regulatory requirements from existing frameworks such as the International Organization for Standardization (ISO) and the Health Insurance Portability and Accountability Act (HIPAA).
The 19 control domains within the HITRUST CSF are:
Information security and protection program
Portable media controls
Wireless access
Configuration and change management
Vulnerability detection and management
Data transmission protection
Password strength and management
Access control to servers and software
Audit logging and monitoring
Employee education, training, and awareness
Third-party contracts and management
Incident response and management
Business continuity and disaster recovery
Risk assessment and management
Data center physical security
Data protection and privacy
The 19 domains of HITRUST certification are broken into 14 control categories:
Information security management program
Access control
Human resources security
Risk management
Security policy
Organization of information security
Compliance
Asset management
Physical and environmental security
Communications and operations management
Information systems acquisition, development, and maintenance
Information security incident management
Business continuity management
Privacy practices
Organizations are audited every two years to determine compliance with stringent HITRUST certification. The oversight is designed to provide peace-of-mind that organizations with HITRUST certification are implementing the strongest standards for security.
Find out more about our commitment to information security
Recommended for you
Why we chose PCI certification over PCI compliance
See the difference between PCI certification and PCI compliance and why we chose PCI certification for many of our offerings.
How Eastern Health Streamlined Operations
How Eastern Health streamlined operations to improve patient experience and enable secure remote workers.
What is cybersecurity?
Cybersecurity is becoming increasingly important with the recent acceleration of remote work. Learn all about cybersecurity from Ricoh.