HITRUST unveils AI Risk Management Assessment solution
HITRUST launched its AI Risk Management (AI RM) Assessment, a comprehensive assessment approach for AI risk management processes in an organization.
The HITRUST AI Risk Management Assessment ensures that governance associated with implementing AI solutions is in place and can be effectively communicated by companies to management teams, boards of directors and others.
The HITRUST approach is based on AI risk management expectations and outcomes through a clearly understandable approach to guide AI adopters and their leaders in their risk management efforts that also aligns with standards issued by both NIST and ISO/IEC.
The HITRUST AI RM Assessment is fully supported by a complete assessment approach, SaaS platform, and eco-system that AI adopting companies can use to demonstrate that AI risk management outcomes are met. The offering provides an essential toolkit for benchmarking and reporting on the AI risk management efforts for any organization using or deploying AI-based technologies such as ML and LLMs, and addresses an essential step for organizations seeking to validate and communicate a comprehensive approach and leadership in addressing AI Risk Management.
“Standards for AI risk management are evolving rapidly, and it is crucial for companies to address these principles with a thoughtful and comprehensive approach. Governance of this important and powerful capability is vital to unlocking the potential that AI offers, and risk management is critical to implementing AI responsibly.” said Robert Booker, Chief Strategy Officer with HITRUST.
“HITRUST has applied over 15 years of practical experience and a best in class assurance methodology to AI risk management. The result is an approach that organizations can use to demonstrate that they have established appropriate governance structures and meet essential risk management principles,” added Booker.
The HITRUST AI Risk Management Assessment is the second in a series of AI assurance solutions designed to address AI risk management and security. This comprehensive approach helps companies meet their governance responsibilities at any stage of AI deployment and is strongly recommended as a key starting point.
Additionally, HITRUST will release its AI Security Certification Program in Q4 2024, which will include AI-specific control specifications incorporated in the HITRUST CSF and enhancements to the company’s assurance methodologies, systems, and ecosystem.
The AI security certification will deliver a highly trusted security assurance solution for AI-specific systems. Together, these two offerings are designed to complement each other, with AI RM serving as the ideal starting point, followed by AI security certification for specific AI deployments.
All adopters of AI, including early adopters, need to demonstrate that they have effectively considered and managed the risks associated with AI. Until now, to address this critical need, governance and risk management teams have had to consider standards and references from numerous sources such as ISO/IEC and NIST to understand the risk management principles needed for AI governance and to then consider how to address and confirm those requirements.
Understanding AI risk management expectations and associated control requirements is foundational to implementing and documenting numerous risk management outcomes. The management lifecycle of these efforts is complex, as companies also often develop multiple and different approaches to socialize the risk management requirements across their organizations; to assemble information from different risk management teams; and to provide meaningful reports that identify the completion and maturity of those requirements.
The HITRUST AI Risk Management Assessment leverages the proven HITRUST assessment platform and reporting capabilities to support clear understanding of the risk management requirements and outcomes, and generate reports for internal or external teams to demonstrate the requirements are met.
“The total effort to address risk management at scale can take weeks or months of labor just to design and maintain an assessment approach, socialize that approach, and to prepare for the assessment work itself,” said Bimal Sheth, EVP Standards Development & Assurance Operations at HITRUST. “Even then, there can be questions about completeness and quality and the work can be exhausting where the organization wishes to align to multiple industry standards.”
As an accelerator for AI risk management, HITRUST has created an approach consisting of 51 comprehensive control requirements and a mapping to both NIST and ISO/IEC to illustrate coverage to the different standards and to address the recommendations of both.
HITRUST has bundled the AI risk management control requirements with a 1-year subscription to MyCSF, HITRUST’s powerful assessment SaaS platform tool, and a report credit for a HITRUST AI Risk Management Insights Report describing the state of AI Risk Management aligned with the language and recommendations of both standards. The HITRUST approach and solution provides an effective, efficient, and no-compromise solution to AI risk management requirement.
“HITRUST has leveraged its years of experience in information risk, security and compliance assurances to tackle AI risk management, providing a reliable foundation for organizations at any stage of their AI journey. We believe this should be the essential starting point for any organization engaging with AI and have designed it to be comprehensive and cost-effective for every organization,” said Jeremy Huval, Chief Innovation Officer with HITRUST.
“The AI RM solution can be used as a self-assessment and benchmarking tool, or companies can engage one of over 100 HITRUST external assessor firms to validate and verify implementation. Finally, existing HITRUST customers can access the capability with a simple report credit to their existing subscriptions to MyCSF,” concluded Huval.