HITRUST certification explained

Summary

Discover which Ricoh products are HITRUST certified and what HITRUST certification means.

Read time: 3 minutes

For industries where security, privacy, and risk management are top-of-mind, HITRUST certification is one of the most important a company can hold. This achievement places Ricoh in an elite group of organizations worldwide that have earned this certification. 

By including federal and state regulations, standards, and frameworks, and incorporating a risk-based approach, the HITRUST Assurance Program helps organizations address security and data protection challenges through a comprehensive and flexible framework of prescriptive and scalable security controls.

What is HITRUST certification?

The Common Security Framework (CSF) was created in 2007 by the Health Information Trust Alliance (HITRUST Alliance). The organization initially focused on HIPAA, ISO 27001, and similar regulations, and expanded the framework to embrace other industries, such as financial services, information technology, and more.

The framework helps organizations demonstrate their security and privacy through a standardized compliance assessment and certification process.

What does it mean to be HITRUST certified?

HITRUST certification demonstrates that the organization has met key regulations and industry-defined requirements and is appropriately managing risk.

Organizations worldwide use the region- and industry-agnostic control framework, assessment platform, and independent certification program to assure customers, partners, and vendors that their sensitive information is protected.

Ricoh is committed to providing our customers with expertise to assist them in meeting security, compliance, and policy requirements.

Which products are HITRUST certified?

Ricoh obtained HITRUST certification for its Intelligent Business Platform hosted at Amazon Web Services (AWS). Also in scope are desktops located in Ricoh’s processing centers at Rancho Cordova, Cali., and Parma, Ohio. (Read the press release.)

IBP gives customers the tools to convert data into highly valuable insights, workflows, and documents, enabling remote workers to connect without compromising network security, automating manual steps and billing, empowering workers to solve customer issues from anywhere, and more.

Ricoh is committed to providing our customers with the finest technology, services, programs and resources — along with the expertise to assist them in meeting security, compliance, and policy requirements.

With Ricoh, security is not an after-thought or a reaction to a problem. Security-focused thinking extends across the portfolio — from devices to software to professional and managed services.

What are the HITRUST certification requirements?

HITRUST certification requirements incorporate security, privacy, and other regulatory requirements from existing frameworks such as the International Organization for Standardization (ISO) and the Health Insurance Portability and Accountability Act (HIPAA).

The 19 control domains within the HITRUST CSF are:

  1. Information security and protection program

  2. End point protection

  3. Portable media controls

  4. Mobile device security

  5. Wireless access

  6. Configuration and change management

  7. Vulnerability detection and management

  8. Network security protection

  9. Data transmission protection

  10. Password strength and management

  11. Access control to servers and software

  12. Audit logging and monitoring

  13. Employee education, training, and awareness

  14. Third-party contracts and management

  15. Incident response and management

  16. Business continuity and disaster recovery

  17. Risk assessment and management

  18. Data center physical security

  19. Data protection and privacy

The 19 domains of HITRUST certification are broken into 14 control categories:

  1. Information security management program

  2. Access control

  3. Human resources security

  4. Risk management

  5. Security policy

  6. Organization of information security

  7. Compliance

  8. Asset management

  9. Physical and environmental security

  10. Communications and operations management

  11. Information systems acquisition, development, and maintenance

  12. Information security incident management

  13. Business continuity management

  14. Privacy practices

Organizations are audited every two years to determine compliance with stringent HITRUST certification. The oversight is designed to provide peace-of-mind that organizations with HITRUST certification are implementing the strongest standards for security.

Find out more about our commitment to information security

We are committed to helping customers, partners, and vendors achieve regulatory compliance and keep data safe and secured. Contact us or speak with your representative to learn more.

Recommended for you

Why we chose PCI certification over PCI compliance
Why we chose PCI certification over PCI complianceArticles

Why we chose PCI certification over PCI compliance

See the difference between PCI certification and PCI compliance and why we chose PCI certification for many of our offerings.

How Eastern Health Streamlined Operations
How Eastern Health Streamlined OperationsCase Studies

How Eastern Health Streamlined Operations

How Eastern Health streamlined operations to improve patient experience and enable secure remote workers.

What is cybersecurity?
What is cybersecurity?Articles

What is cybersecurity?

Cybersecurity is becoming increasingly important with the recent acceleration of remote work. Learn all about cybersecurity from Ricoh.