As part of our commitment to safeguarding our clients sensitive data, PCI Booking has been assessed, rated and certified by HITRUST (The Health Information Trust Alliance).
What does PCI Booking’s HITRUST certification mean to your business?
By engaging a HITRUST-certified business such as PCI Booking, you are adopting a service which enables you to manage confidential data in a secure and industry-compliant manner. Thus, reducing risk of exposure to breach, and increasing confidence within your organisation, and clients.
What is HITRUST?
HITRUST is a not-for-profit organization whose mission is to champion programs that safeguard sensitive information and manage information risk for organizations across all industries and throughout the third-party supply chain. In collaboration with privacy, information security and risk management leaders from both the public and private sectors, HITRUST develops, maintains and provides broad access to its widely adopted common risk and compliance management and de-identification frameworks; related assessment and assurance methodologies; and initiatives advancing cyber sharing, analysis and resilience.
HITRUST actively participates in many efforts in government advocacy, community building and cybersecurity education.
What is the HITRUST CSF?
The HITRUST Common Security Framework (CSF) was developed to address the multitude of security, privacy and regulatory challenges facing organisations. By including federal and state regulations, standards and frameworks, and incorporating a risk-based approach, HITRUST helps organisations address these challenges through a comprehensive and flexible framework of prescriptive and scalable security controls.
The required controls for certification in the HITRUST CSF reflect the controls needed to mitigate the most common sources of breaches for the industry. An organisation must achieve a level of 3+ for each assessment domain (control area) to qualify for certification - a benchmark that PCI Booking well exceeded.
HITRUST CSF v9 Evaluation Criteria:
- Information Protection Program
- Endpoint Protection
- Portable Media Security
- Mobile Device Security
- Wireless Security
- Configuration Management
- Vulnerability Management
- Network Protection
- Transmission Protection
- Password Management
- Access Control
- Audit Logging & Monitoring
- Education, Training & Awareness
- Third Party Assurance
- Incident Management
- Business Continuity & Disaster Recovery
- Risk Management
- Physical & Environmental Security
- Data Protection & Privacy
For more information about HITRUST, the HITRUST CSF and other HITRUST offerings and programs, visit www.HITRUSTalliance.net.