The Health Information Trust Alliance (HITRUST) has established a Common Security Framework (CSF) that can be used by all organizations that create, access, store, or exchange sensitive and/or regulated data.
The HITRUST CSF was developed to address the multitude of security, privacy, and regulatory challenges facing organizations. By including federal and state regulations, standards, frameworks, and incorporating a risk-based approach, the HITRUST CSF helps organizations address these challenges through a comprehensive and flexible framework of prescriptive and scalable security and privacy controls.

VISION ISO Provides consultancy services which covers:
• Includes, harmonizes, and cross-references existing, globally recognized standards, regulations, and business requirements, including ISO, EU GDPR, NIST, and PCI
• Scales controls according to type, size, and complexity of an organization
• Provides prescriptive requirements to ensure clarity
• Follows a risk-based approach offering multiple levels of implementation requirements determined by specific risk thresholds
• Allows for the adoption of alternate controls, when necessary
• Evolves according to user input and changing conditions in the standards and regulatory environment on an annual basis and
• Provides a unified approach for managing data protection compliance.