Aptible is HITRUST CSF Certified. If you are pursuing your own HITRUST CSF Certification, you may request that Aptible assessment scores be incorporated into your own assessment. This process is referred to as HITRUST Inheritance.

While it varies per customer, approximately 30%-40% of controls can be fully inherited, and about 20%-30% of controls can be partially inherited.

01: Preparation

To comply with HITRUST, you must first:

02: Requesting HITRUST Inheritance

🏳️ HITRUST Inheritance is only available on the Enterprise Plan.

The process for requesting HITRUST Inheritance from Aptible is as follows:

  • Navigate to Aptible’s HITRUST Shared Responsibility Matrix (SRM) to obtain a list of controls you can submit for HITRUST Inheritance. This document provides a list of all controls you can inherit from Aptible. To obtain the list of controls:

    • Read and agree to the general terms and conditions stated in the HITRUST Shared Responsibility Matrix License agreement.

    • Complete the form that appears, and you will receive an email within a few minutes after submission. Please check your spam folder if you don’t see the email after a few minutes.

    • Click the link to the HITRUST Shared Responsibility Matrix for Aptible in the email, and the list of controls will download to your computer.

  • Using the list from the previous step, select which controls you would like to inherit and submit your request through MyCSF (Please note: Controls must be in “Submitted” status, not “Created”)

  • Contact Aptible Support to let us know about your request in MyCSF. Note: This is the only way for us to communicate details to you about your request (including reasonings for rejections). Once you submit the inheritance request, our Support team will review and approve accordingly within MyCSF.

Related resources:

HITRUST’s Inheritance Program Fact Navigating the MyCSF Portal (See 8.2.3 for more information on Submitting for Inheritance)

O3: Show off your compliance (optional)

Add a Secured by Aptible badge and link to the Secured by Aptible page to show all the security & compliance controls implemented: