February 9, 2022 | Robert
This week, Aridhia is delighted to announce that we have received the HITRUST Common Security Framework 2-year certification for our Digital Research Environment hosted on Microsoft Azure.
The Health Information Trust Alliance (HITRUST) CSF is a certifiable framework which allows organizations to measure their security compliance.
The benefit to Aridhia and our customers is that HITRUST combines many security regulations and standards from GDPR, ISO 27001, NIST, HIPAA, HITECH and others into one framework. This harmonization of over 40 different standards into one, allows HITRUST certified organisations to demonstrate alignment across multiple privacy and security regulations.
For Aridhia’s customers, HITRUST certification alongside our ISO 27001 certification provides assurance that the FAIR and Workspace services they consume from our DRE comply to the highest levels of information security standards for healthcare and biomedical research.
Aridhia’s customers run both national and international trusted data sharing networks to better understand the impact and the nature of multiple conditions from Covid-19 through Alzheimer’s and Cancer. They rely on us to assure access to and the use of highly privileged datasets to deliver their research and their outcomes for patients.
Working with a third party auditor as well as the HITRUST organisation itself, Aridhia went through an initial readiness assessment followed by a lengthy validated assessment period. This looked at 19 different domains in areas such as configuration management, access control, data protection and third party assurance. Over a 12 month period, approximately 330 specific controls were measured, with each requiring a policy, a procedure and evidence of implementation.
Whilst Aridhia was already an ISO 27001 certified organisation, this level of compliance required a further significant investment in time and resources. We believe however that increased compliance beyond ISO 27001 will increasingly become the norm in our sector and achieving HITRUST CSF certification puts Aridhia into a further level of maturity in this critical domain.
Meanwhile the cybersecurity bar keeps being raised and we are already working towards the next level of certification, the ISO 27701 standard in Privacy Information Management, which we expect to achieve by the summer of this year.