Thoropass Expands Partnership with HITRUST to Directly Integrate with HITRUST MyCSF and Become an Authorized MyCSF Reseller

Thoropass, the leading compliance delivery platform and audit provider, today announced the expansion of its long standing relationship with HITRUST® Services Corp., the leader in cybersecurity assurances and risk management, to fully integrate Thoropass compliance automation with the HITRUST e1, i1, and r2 assessments and certifications. In addition, Thoropass is now an authorized reseller of the HITRUST MyCSF SaaS platform. 

As the only end-to-end compliance automation platform provider that is also an accredited HITRUST Assessor, companies leveraging the HITRUST frameworks for risk management and to demonstrate a commitment to rigorous security and privacy standards are now able to work with a single vendor from procurement, to control automation, through assessment and certification. 

Current Thoropass customers already experience a seamless handoff from the Thoropass assessment process to HITRUST MyCSF. Launching today, Thoropass can now run an integrated access review and privileged access monitor of MyCSF users. This enables customers to automate the necessary access evidence collection for HITRUST and other cybersecurity assessments.

“HITRUST is raising the bar for the outcomes organizations will achieve through strong risk mitigations and leverage into infosec compliance. Since 2022, we have been the first and only compliance automation platform provider that is also an accredited HITRUST Assessor. This relationship enables our joint customers to take full advantage of our complete controls library to automate and streamline the HITRUST assessment process through Thoropass,” said Sam Li, founder and CEO, Thoropass. “As we define the standard for the modern risk, compliance, and audit processes, this integration will further enable our joint customers to improve their organizational efficiency, lower cost, and reduce their overall infosec risk.”

Building on an existing library of over 700 controls that support the HITRUST e1, i1, and r2 Assessments, Thoropass will now integrate directly with MyCSF to sync controls and evidence between the two platforms. Previously, Thoropass would manage this process for its customers, providing them with a seamless handoff between the Thoropass assessment process and MyCSF. This integration streamlines this process further by enabling a two-way sync between the platforms such that controls and evidence are automatically kept current in both platforms. 

Thoropass delivers the following to its customers pursuing the HITRUST certifications: 

  • Complete controls library: Access to a fully integrated library of over 700 controls supporting e1, i1, and r2
  • Automated evidence collection: Automatically upload evidence into MyCSF to maintain complete documentation in both platforms
  • Expanded support for additional frameworks: Leverage the more than 60% crossover of global controls for SOC 2 and ISO 27001 frameworks to accelerate compliance across these frameworks and reduce duplicative effort 
  • Streamlined Assessments: Thoropass provides additional assessment tooling that can accelerate HITRUST assessments by as much as 50% compared to other stand-alone platforms 
  • End-to-end procurement: Purchase compliance automation, HITRUST certification, and HITRUST assessment from a single vendor on a single invoice

“For many years, HITRUST and Thoropass have shared a vision that strong risk management and assurance are key to effectively demonstrating compliance. Through closer integration, we believe that mutual customers will gain efficiencies in their processes while improving relevance and reliability of their assurances” said Blake Sutherland, EVP of Market Engagement, HITRUST. “Bringing a deeper level of integration with industry leaders like Thoropass is key to advancing this vision as we seek to push the boundaries for what is possible for greater and greater efficiency and value for our customers.” 

“Achieving HITRUST certification demonstrates ELEKS’ dedication to meeting the highest security and compliance standards for our current and future healthcare clients. It’s a vital milestone that strengthens our ability to deliver trusted solutions in the competitive healthcare technology industry,” said Andrew Park, Healthcare Technology Lead at ELEKS. “Thoropass has been a true partner, providing clear guidance and setting expectations early throughout our certification process.”

Thoropass has long viewed its own compliance foundation as important as the compliance work our customers are undertaking. Currently, Thoropass is the only compliance automation platform provider that is also HITRUST i1 Certified.

Companies pursuing HITRUST certifications and their underpinning compliance automation platforms may learn more here