HITRUST requires thatall assessorsworking on validated assessments be affiliated with an approved External Assessor organization, and each engagement must havea CCSFP-certified resource involved. However, there isno formal percentage requirementdictating how many hours must be performed by a CCSFP. Instead, HITRUST mandates that CCSFP professionals oversee, guide, and ensure proper application of the CSF methodology. Junior or non-certified staff may assist with evidence gathering, documentation, or technical testing under supervision. Ultimately, CCSFP-certified individuals are accountable for quality and methodology adherence, but HITRUST allows assessor firms flexibility in resourcing. The absence of a percentage standard accommodates varying project sizes and team compositions.
[References:HITRUST External Assessor Program Requirements – “Staffing Standards”; CCSFP Practitioner Guide – “Role of CCSFPs in Assessments.”, ]
Contribute your Thoughts:
Chosen Answer:
This is a voting comment (?). You can switch to a simple comment. It is better to Upvote an existing comment if you don't have anything to add.
Submit