HITRUST, the leader in cybersecurity assurance used in risk management and compliance, offers certification programs for the application and validation of security, privacy, and AI controls. Informed by over 50 standards and frameworks, the company's threat-adaptive approach delivers the most relevant and reliable solution, including multiple selectable and traversable assessments and certifications, an ecosystem of over 100 independent assessment firms, centralized quality reviews, reporting and certification, and a powerful SaaS platform enabling its program and process. For over 17 years, HITRUST has led the assurance industry and today is widely recognized as the most trusted solution to establish, maintain, and demonstrate security capabilities for risks management and compliance.
HITRUST Assessment XChange integrates with ServiceNow Third-Party Risk Management (formerly Vendor Risk Management), offering a seamless and efficient experience for HITRUST clients to submit and manage assessments within their ServiceNow instance. Import IRQ templates from the HITRUST API, assign IRQ Questionnares to your employees and vendors during onboarding Due Dilligence or Vendor Risk Tiering, and send questionnaire responses out to the HITRUST API for risk scoring, recommendations, and Corrective Action Plans.
HITRUST Assessment XChange integrates with ServiceNow Third-Party Risk Management, offering a seamless and efficient experience for HITRUST clients to submit and manage assessments through HITRUST systems of record.
- Get up and running quickly with our Guided Setup
- Import Inherent Risk Questionnaire (IRQ) templates from the HITRUST API, assign them to your internal employees, and invite vendors to complete questionnaires in the Third-Party Risk Portal during Due Diligence or Vendor Tiering
- HITRUST IRQ responses are sent automatically to the HITRUST API, then Vendor Risk Scores, recommendations and Corrective Action Plans are returned and imported to inform your decision-making process
- Request HITRUST assessments from vendors directly from the Vendor Risk Managemeent Workspace; Vendors can share HITRUST Assessments automatically over the API
- Instead of relying on PDF exports, import HITRUST assessments in a relational table structure for unprecedented reporting, analysis, and decision-making for Vendor Risk Management
Version 2.0.0
This release includes the following major enhancements:
- For HITRUST Assessment XChange managed customers, a new HITRUST e1 Online Self-Assessment questionnaire has been added to the "Request HITRUST Assessment" process. With this new questionnaire you can submit an e1 Self-Assessment to a managed vendor directly in ServiceNow. Once a vendor completes the questionnaire, the questionnaire is automatically submitted to HITRUST Assessment XChange systems as well to keep both systems in sync.
- For HITRUST Assessment XChange managed customers, HITRUST Inherent Risk Questionnaires (IRQs) are now synchronized from HITRUST Assessment XChange to ServiceNow so that you can transparently see directly in the ServiceNow platform IRQ status updates, answered IRQ questions, and when the IRQ was sent and/or completed and more.
- For HITRUST Assessment XChange managed customers, HITRUST Action Plans are now synchronized from HITRUST Assessment XChange to ServiceNow so that you can transparently see directly in the ServiceNow platform Action Plans, relevant dates for the Action Plans (date submitted, delivered, completed, etc.), action plan notes from HITRUST Assessment XChange, and any MyCSF file attachments will be directly synchronized with ServiceNow.
- For HITRUST Assessment XChange managed customers, updating the "Active" flag on the HITRUST Vendor Map will now be synchronized to HITRUST Assessment XChange directly and will notify the HITRUST Onboarding Specialist team.
- For HITRUST Assessment XChange managed customers, a daily scheduled report email has been added to apprise the HITRUST Assessment XChange Support team of your HITRUST Assessments, CAPs, and Gaps.
- For HITRUST Assessment XChange managed customers, when a Non-HITRUST Third-party risk assessment is completed by a HITRUST-managed vendor, an email notification is triggered to notify HITRUST Assessment XChange Support.
- For HITRUST Assessment XChange managed customers, when "Request HITRUST IRQ" is requested, an additional call has been added to the HITRUST Assessment XChange Create Opportunity API and an email notification will be triggered to notify the HITRUST Assessment XChange team. When the vendor completes the HITRUST IRQ, an additional email notification will be triggered to notify the HITRUST Assessment XChange team.
This release also includes the following minor enhancements:
- HITRUST Document Request names and descriptions have been updated for better clarity.
- "HITRUST i1 Readiness Assessment" Document Request has been added.
- Compatibility update to change the resource paths for the HITRUST Assessments import from /api/assessment to /api/rds/assessment.
- The "Username" label on the HITRUST Connections template has been updated to add "(Limited to 40 chars)".
- The HITRUST Connections templates have been updated to default the Connection URL to the actual URLs (https://app.hitrustax.com/api and https://gateway.mycsf.net/api) to avoid confusion.
- "HITRUST Assessment Request" has now been renamed to "HITRUST IRQ" or "HITRUST Inherent Risk Questionnaire" where applicable.
- On HITRUST Assessments, the "Date completed" field has been relabeled to "Certification date".
This release also includes fixes for the following minor issues:
- Fixed all HITRUST answer choices on the HITRUST Template import from double-space to single-space
Version 1.0.1
This release is Certified for Yokohama compatibility and fixes the following minor issues:
- Fixed certain answer choices on the HITRUST Template import from double-space to single-space
- Removed the "ownership" query parameter from the HITRUST Assessments imports to prevent 403 status code
- Updated RDS Share Token generation business rule so that it is more compatible with RDS-only configuration
Version 1.0.0 - Initial GA Release
ServiceNow Plugin Dependencies
- GRC: Vendor Risk Management Workspace
- Third-party Risk Management
- Third-party Risk Due Diligence
- Integration Commons for CMDB