Richard Rieben

For organizations beginning their HITRUST® adoption and certification journey, the path forward often looks complex. The single most critical first step? A comprehensive readiness assessment. In this guide, we will cut through the noise and cover: Assessment Types: The different forms of readiness assessments, and which one fits your specific needs. Common Pitfalls: The specific [...]

The auditing world used to be, well, boring. It was the land of beige walls, green eyeshades, and partners who stayed at the same firm for 40 years before retiring with a gold watch and a modest pension. It was built on the “partnership model”—a slow, steady, and independent way of doing business. In this [...]

“There is hardly anything in the world that someone cannot make a little worse and sell a little cheaper, and the people who consider price alone are that person’s lawful prey. It’s unwise to pay too much, but it’s worse to pay too little. When you pay too much, you lose a little money — [...]

Founded in 2007, HITRUST® issues certifications to businesses and organizations that are independently assessed for compliance with its Common Security Framework (CSF®). This guide will walk you through the HITRUST certification process, explain all available assessment types (e1, i1, r2), introduce newer offerings tailored to AI systems, and provide guidance on maintaining certification over time. [...]

The 2025 HITRUST® Trust Report is more than just a retrospective on certification trends—it is a reflection of where cybersecurity assurance is heading. In a landscape where compliance complexity is growing and AI is rapidly transforming risk dynamics, the HITRUST ecosystem stands out as a scalable, rigorous, and data-driven model for building trust. Whether you’re [...]

Globally, the advent of AI systems and technologies is leading massive innovations. For example: The AI market in the U.S. was valued at $50.16 billion in 2024 and is projected to grow at a compound annual growth rate (CAGR) of 28.30%, reaching $223.70 billion by 2030. In 2023, investments in generative AI surged to $25.2 [...]

On March 11, 2024, the Cybersecurity & Infrastructure Security Agency (CISA) and the Office of Management and Budget (OMB) introduced a new form for secure software development attestations. After working closely with various industry groups, a standard form was released to make certain software companies working with the federal government use basic secure development methods [...]

Large Language Models (LLMs) and Generative AI are cutting-edge technologies in the field of artificial intelligence that are rapidly evolving in the business landscape. LLMs are a subset of Generative AI, focusing specifically on language-related tasks. While related, LLMs refer to AI systems capable of understanding and generating human-like text based on large datasets. Generative [...]

Over the past several years, the concept of Zero Trust has transitioned from an industry buzzword to a pillar of information security. In this blog post, we will break down what zero trust means in the industry, what the pillars of zero trust are, and how zero trust concepts impact auditing activities and other factors [...]

Our firm has been a HITRUST® External Assessor Organization since 2017, and in that time we have successfully helped dozens of organizations obtain and maintain HITRUST certifications. We have identified common pitfalls and other barriers to success and we’ve also learned some keys to success. In this article, I’ll break down some of the most [...]