HITRUST Unveils Model for Assigning Security, Privacy Responsibility Among Cloud Service Providers

March 4, 2020
Shared Responsibility Program and Matrix seeks to clarify roles and responsibilities regarding ownership and operation of security controls

HITRUST, a cybersecurity standards development and certification organization, has unveiled a common model for communicating and assigning security and privacy responsibility between cloud service providers and their tenants or customers.

Called the Shared Responsibility Program and Matrix Version 1.0, it is part of HITRUST’s Shared Responsibility Program, which was established to address what it calls the growing misunderstandings, risks, and complexities when leveraging service providers.

 IDC has reported that 48 percent of organizations have applications in one public cloud that communicate regularly with applications in a different public cloud. The Matrix will help organizations more easily come to agreements with their cloud service providers as to which party is responsible for individual security and privacy controls, in turn ensuring that all applicable controls are properly addressed.

 The Shared Responsibility Program clarifies the roles and responsibilities regarding ownership and operation of security controls while automating and streamlining the assurance process when privacy and security controls are shared or inherited.

 HITRUST said organizations will benefit from streamlined communication processes as well as reduced inefficiencies and burdens of compliance when leveraging services from cloud providers.

 The Shared Responsibility Program is led by Becky Swain, director of standards development at HITRUST, and supported by a Working Group comprised of representatives of several cloud service providers, including Armor, AWS, Google, Microsoft Azure and Salesforce, as well as enterprise cloud customers, cloud professional services firms, and solution providers.

 “With the continued adoption of cloud services, being able to understand and accurately inherit controls from service providers in an automated manner will be key to an organization’s information risk management and assurance process,” said Swain, in a release. “The next milestone will be HITRUST continuing to work with leading CSPs to ensure they provide the Matrix to their customers.”

Sponsored Recommendations

Improving Workplace Safety and Patient Care in Behavioral Health

In 2023, Vail Health enhanced safety in their behavioral health clinic, but the impact went beyond their expectations. Read their case study to see how prioritizing workplace ...

Transforming Hospital Capacity Through Smarter Patient Progression Strategies

Helping patients move seamlessly through every stage of their care, from admission to discharge, is critical to ensuring patient safety, improving outcomes, and optimizing capacity...

Beyond the AI Buzz: How Clinicians Can Leverage AI for Value-Based Success

Watch on-demand to explore the impact of implementing AI in primary care settings to reduce burnout and thrive in value-based care. Including practical takeaways on driving clinician...

Building the Connected Hospital: Bridging Operational Gaps Through Technology

Join industry leaders to explore how advanced technologies like RFID, AI, EMR, and ERP systems are transforming hospitals into connected ecosystems that enhance efficiency, streamline...