A common question our advisors receive is, what is the difference between SOC 2 and HITRUST? While SOC 2 is a framework set forth by the AICPA that lists broad criteria for companies to meet based on their own service commitments and system requirements, the HITRUST CSF set forth by the HITRUST Alliance contains a precise list of specified requirements that an organization’s information security program needs to meet to be able to achieve a defined level of compliance.
Watch this short video as Forvis Mazars Principal Ryan Boggs dives into the differences of each.