Today, we’re excited to announce that Comply now supports the HITRUST framework, making it easier for healthcare companies to gain certification and build customer trust. We’ve built HITRUST into Comply so that it’s simple to import a “Scope” and manage the compliance process to achieve certification. We have also partnered with NCC Group to create our controls making assessments through them faster and more affordable.


Easily establish HITRUST compliance

Comply makes it easy to prove data security compliance with a HITRUST CSF Validation with Certification by providing a set of illustrative controls and providing automation on some of those controls to remove manual work. Our clear and complete controls cover the entire scope and have been approved by NCC Group for use in an audit. Integrations pull in assets like people, roles, devices, and more and provides the data for the automation of implementing controls.

Expediting assessment with NCC Group

To receive the HITRUST CSF Validation with Certification, companies must demonstrate to an assessor’s satisfaction that all required controls have met certain maturity levels. We’ve partnered with NCC Group, one of the largest auditors, to simplify and expedite the process by integrating the assessors needs into Comply. Companies who use Comply to speed through the assessment process with NCC Group could save as much as $30,000 in assessors fees. Companies who don’t want to use NCC Group have the flexibility within Comply to modify their controls and use the auditor of their choice.

Proving your HITRUST Certification

HITRUST is the most popular third-party audit framework in digital health, used when organizations need to go beyond just attesting to HIPAA compliance. Enterprise customers like big insurers and hospital groups often require a HITRUST CSF Validation with Certification for their most important vendors. After a company has imported their “scope” into Comply, implemented all of the controls, and gone through assessment, they are able to receive a certification from HITRUST which can be put into a Comply Room to easily distribute to their customers.

Get started

Access to the HITRUST framework in Comply is available to customers starting today. Customers will need to obtain a HITRUST MyCSF License* before they can access the HITRUST controls and mappings in Comply. With a MyCSF License they can complete the “Scope” sections of their assessment and export the controls to use in Comply.

If you’d like to achieve HITRUST certification through Comply, contact us.

On August 27th we are hosting a webinar on help companies learn more about building customer trust with HITRUST in Comply, reserve your spot on the webinar today!

* The HITRUST CSF is separately licensed by HITRUST and is not available in Comply by default.