← All generators
🏥

HITRUST CSF Readiness Assessment

Assess your readiness for HITRUST CSF certification across all three levels — e1 (Essentials), i1 (Implemented), and r2 (Risk-Based). Built for healthcare SaaS founders, digital health companies, and health IT vendors who need to demonstrate security to enterprise buyers.

HITRUST e1HITRUST i1HITRUST r2HIPAA IntegrationHealthcare SaaS

HITRUST Certification Levels

e1 — Essentials

44 controls. Entry-level. Addresses fundamental cybersecurity hygiene. Fastest to achieve (~6-12 months). Best for early-stage healthcare SaaS entering enterprise sales.

i1 — Implemented

182 controls. Mid-tier. Required by most healthcare enterprise buyers. Addresses HIPAA and broader security controls. ~12-18 months to certify.

r2 — Risk-Based

375+ controls. Full HITRUST framework. Required by payers, large health systems, and federal healthcare programs. ~18-24 months. Most rigorous certification in healthcare.

1Organization & Certification Details
2Control Readiness Assessment

Organization Information

Certification Target

Which HITRUST level are you targeting? Controls shown in Step 2 will be filtered accordingly.

System in Scope

Data Types Processed

Select all data types your system processes or stores.

Existing Compliance Frameworks

Select frameworks already in place — HITRUST CSF inherits from many of these.

Assessor Details