The HITRUST scoring methodology uses five maturity levels: Policy, Procedure, Implemented, Measured, and Managed. However, not every requirement statement includes Measured and Managed maturity elements. These two levels are applied selectively, particularly to requirements that lend themselves to performance monitoring and ongoing governance. For example, requirements involving logging, monitoring, and reporting often include “Measured” and “Managed” dimensions, while policy-only requirements may not. In r2 assessments, assessors should review the applicable requirement statements in MyCSF to see which maturity levels are required. This ensures that maturity scoring is accurate and aligned with HITRUST’s intent. Therefore, the statement that Measured and Managed can be scored for some but not all requirements in r2 is True.
[References: HITRUST Scoring Rubric – “Maturity Level Scoring”; CCSFP Study Guide – “Application of Measured and Managed Levels.”, , ]
Contribute your Thoughts:
Chosen Answer:
This is a voting comment (?). You can switch to a simple comment. It is better to Upvote an existing comment if you don't have anything to add.
Submit