Contributor: Thomas Weaver | Manager, Cybersecurity Services
A globally recognized professional services firm (the Company) with a growing client base and increasing regulatory demands, sought to strengthen its cybersecurity posture and meet contractual obligations by achieving HITRUST certification. To support this goal, the Company engaged Cherry Bekaert’s Cybersecurity practice to conduct both a HITRUST readiness assessment and HITRUST r2 assessment. As a result, the company successfully attained r2 certification without requiring any corrective actions.
Identifying Certification Roadblocks
Prior to engaging Cherry Bekaert, the Company attempted a HITRUST assessment with another provider but did not achieve certification, receiving only a validated report. Several challenges contributed to this outcome, including difficulties in properly scoping the assessment, managing multiple office locations and integrating key applications into a compliant environment. Additionally, the Company faced the operational complexity of addressing nearly 500 control requirement statements.
Comprehensive Assistance From Readiness to Certification
Cherry Bekaert’s HITRUST advisors began with a readiness assessment and guided the Company through a strategic scope reduction. They recommended the creation of a cloud-based enclave environment. This isolated infrastructure allowed the Company to consolidate systems and virtual desktops. This approach eliminated the need to assess physical locations and devices, significantly streamlining the certification process. The enclave also incorporated the on-premise solution, verifying it was included in the compliant environment and simplifying the overall assessment.
Cherry Bekaert provided comprehensive, hands-on support throughout the Company’s HITRUST readiness assessment. Following the successful readiness assessment, we performed the following for the r2 validated assessment:
- Control testing and validation within the HITRUST MyCSF portal
- Evidence collection and scoring alignment for consistency and accuracy
- Walkthroughs with subject matter experts to clarify control implementation and documentation
- Internal quality assurance (QA) reviews conducted by certified HITRUST professionals
- Coordination with HITRUST to facilitate a smooth path to final certification
Continuing Support
The Company successfully achieved HITRUST r2 certification without the need for any corrective action plans. The implementation of a streamlined infrastructure and compliance framework not only met contractual obligations but also significantly enhanced the firm’s overall security posture.
Following the initial certification, the Company re-engaged Cherry Bekaert to perform an interim assessment and is now preparing for the next full r2 assessment, which includes an expanded set of over 500 controls.
By combining deep technical experience with strategic guidance, Cherry Bekaert’s advisors helped the Company navigate a complex compliance landscape and establish a secure, scalable environment for future growth.
Connect With Us
