Walking the walk: Thoropass’s compliance and audit software is now HITRUST i1 certified!

Thoropass is excited to announce its compliance and audit automation software recently achieved HITRUST Implemented, 1-year (i1) Certification to manage data protection and mitigate cybersecurity threats. 

HITRUST’s i1 certification validates that Thoropass is operating leading security practices to protect sensitive information by leveraging a set of curated controls to protect against current and emerging threats. The HITRUST i1 Validated Assessment and Certification will help Thoropass address cybersecurity challenges and remain cyber resilient over time while keeping customers’ sensitive data safe and secure. 

Read on to learn more about Thoropass’s journey to HITRUST i1.

Walking the walk: Why pursue HITRUST i1 certification?

As a HITRUST-approved External Assessor firm, we know the importance of maintaining security and building trust with our customers. Since we ‘walk the walk,’ it was important for us to achieve and obtain the HITRUST i1 certification to demonstrate our commitment to the security of our customers.

The External Assessment: Assessing the Assessor

Every company pursuing HITRUST certification will need to select a HITRUST approved third-party auditor (or a validated HITRUST External Assessor). But what happens when a validated External Assessor needs to be assessed? 

For this stage of certification, we turned to CyberCrest Compliance to help us complete our External Assessment and reach the finish line for i1. First, Thoropass conducted an in-depth internal readiness assessment. The information gathered from our self-assessment included a comprehensive mapping of the i1 external controls to the internal Thoropass controls along with relevant documentation. This gave CyberCrest a very strong starting point. That, along with the Thoropass team’s internal subject matter expertise, helped the external assessment go off without a hitch and streamline the overall certification process.

Selecting an External Assessor who shared the same experience and knowledge of the HITRUST CSF was critical. Working with another experienced Validated Assessor, like CyberCrest, felt like working with an extension of our team.

“The team was very responsive with evidence requests and we were able to complete the assessment in a timely manner without quality issues due to the team’s understanding of both Thoropass internal controls and the HITRUST i1 controls and certification process,” Arti Shala, Compliance Manager for CyberCrest explains.”

Two months to i1: How Thoropass streamlined its HITRUST journey

Thoropass started its External Assessment with CyberCrest towards the beginning of April 2024. Evidence collection is a big part of the Assessment process and it took only 2 months (from start to finish) to complete. 

The journey to HITRUST i1 was extremely smooth for a handful of reasons:

Deep internal expertise and experience with the HITRUST CSF

The team has been working on HITRUST i1 (along with other attestations/certifications) over the last year. Thoropass has extensive in-house  HITRUST expertise to lean on, including Zach Rutz, our HITRUST expert and a Senior Manager of Infosec Assurance. 

The Thoropass platform

We were able to leverage our own proprietary multi-framework capabilities, which use Unified Controls and multi-framework action items to eliminate duplicate work and significantly cut down the time it takes to scale a compliance program. For example, we had already obtained ISO 27001 (information security management system) certification, which brought us about 80% of the way to HITRUST i1 Certification.

The smart automation within the Thoropass platform itself creates mappings of Thoropass internal controls, evidence artifacts, policies, and procedures to the HITRUST i1 control requirements by unique ID as well as other information security control frameworks. 

Centralized communication

Since all stakeholders were using the Thoropass platform to centralize communication, we were able to respond to CyberCrest’s evidence requests in a very timely manner, which significantly reduced the assessment timeline. 

As Arti explains, “The Thoropass team was well prepared to describe their control implementation and quickly provide relevant evidence artifacts and documentation linked in the Thoropass platform.”

Leading by example, now and in the future

Thoropass is thrilled to add the HITRUST i1 badge to our website and we’d like to send a special thank you to the CyberCrest Compliance team for supporting our external assessment so masterfully. 

As industry leaders, we will continue to go beyond what’s considered ‘table stakes’ in the world of information security and regulatory compliance. This new achievement truly raises the bar and shows our customers how dedicated we are to protecting their sensitive data.  

Share this post with your network:

Related Posts

Understanding the NIST AI Risk Management Framework: A complete guide

Artificial intelligence (AI) is transforming industries at a rapid pace, offering countless opportunities, but also introducing unique risks. Organizations must ensure their AI systems are safe, ethical, and compliant with...
Read Article icon-arrow

How ISO 42001 training can help create a culture of compliance and ethical AI

As more industries worldwide adopt more sustainable practices, ISO 42001 training is becoming crucial for businesses seeking to build and integrate artificial intelligence (AI) responsibly.  In particular, fintech, health tech,...
Read Article icon-arrow