HITRUST, the leader in cybersecurity assurance used in risk management and compliance, offers certification programs for the application and validation of security, privacy, and AI controls. Informed by over 50 standards and frameworks, the company's threat-adaptive approach delivers the most relevant and reliable solution, including multiple selectable and traversable assessments and certifications, an ecosystem of over 100 independent assessment firms, centralized quality reviews, reporting and certification, and a powerful SaaS platform enabling its program and process. For over 17 years, HITRUST has led the assurance industry and today is widely recognized as the most trusted solution to establish, maintain, and demonstrate security capabilities for risks management and compliance.
HITRUST Assessment XChange integrates with ServiceNow Third-Party Risk Management (formerly Vendor Risk Management), offering a seamless and efficient experience for HITRUST clients to submit and manage assessments within their ServiceNow instance. Import IRQ templates from the HITRUST API, assign IRQ Questionnares to your employees and vendors during onboarding Due Dilligence or Vendor Risk Tiering, and send questionnaire responses out to the HITRUST API for risk scoring, recommendations, and Corrective Action Plans.
HITRUST Assessment XChange integrates with ServiceNow Third-Party Risk Management, offering a seamless and efficient experience for HITRUST clients to submit and manage assessments through HITRUST systems of record.
- Get up and running quickly with our Guided Setup
- Import Inherent Risk Questionnaire (IRQ) templates from the HITRUST API, assign them to your internal employees, and invite vendors to complete questionnaires in the Third-Party Risk Portal during Due Diligence or Vendor Tiering
- HITRUST IRQ responses are sent automatically to the HITRUST API, then Vendor Risk Scores, recommendations and Corrective Action Plans are returned and imported to inform your decision-making process
- Request HITRUST assessments from vendors directly from the Vendor Risk Managemeent Workspace; Vendors can share HITRUST Assessments automatically over the API
- Instead of relying on PDF exports, import HITRUST assessments in a relational table structure for unprecedented reporting, analysis, and decision-making for Vendor Risk Management
Version 1.0.1
This release is Certified for Yokohama compatibility and fixes the following minor issues:
- Fixed certain answer choices on the HITRUST Template import from double-space to single-space
- Removed the "ownership" query parameter from the HITRUST Assessments imports to prevent 403 status code
- Updated RDS Share Token generation business rule so that it is more compatible with RDS-only configuration
Version 1.0.0 - Initial GA Release
ServiceNow Plugin Dependencies
- GRC: Vendor Risk Management Workspace
- Third-party Risk Management
- Third-party Risk Due Diligence
- Integration Commons for CMDB