International payment solutions provider gains efficiencies to multiple HITRUST® assessments by leveraging inheritance model

Client background

The client is a large public company and an international provider of physical, digital and virtual corporate payment solutions. Baker Tilly engages with the client on a variety of projects, including but not limited to System and Organization Controls (SOC) 1® and SOC 2® reports, as well as National Institute of Standards and Technology (NIST) and HITRUST® assessments.

The business challenge

Due to the organization’s size and their variety of product offerings, the client chose to split their 450+ control requirement HITRUST Validated Assessment into two separate scoping objects. As a result of the large control sets and regulatory factors required for each HITRUST assessment, in conjunction with other ongoing annual projects and initiatives, client stakeholders historically experienced audit fatigue and were required to provide a cumbersome volume of documentation to meet various regulatory deadlines. Management reached out to Baker Tilly to inquire whether the firm could assist in reducing the stakeholder workload required to facilitate the multiple HITRUST assessments. 

Strategy and solution

Baker Tilly chose to leverage HITRUST’s internal inheritance model, which allows for reliance on the testing of previously completed assessments over like systems or processes within the organization, to eliminate redundant requests and create efficiencies in evidence collection. This approach created the following benefits for the organization: 

• Provided complete or partial fulfillment for 63% of HITRUST assessment requests leveraging the HITRUST inheritance model. 
• Reduced evidence collection for HITRUST assessments from two collection cycles to one. 
• Recouping assessment fees to the client that were initially thought to be required to execute the assessment. 
• Increased stakeholder buy-in and improved project morale for the entirety of the HITRUST audit year across engagements. 

Baker Tilly and the client are looking to build upon the internal inheritance model to continue creating value and minimizing stakeholder impact in subsequent assessment years.