As the world continues to become more technologically interconnected, a wide range of businesses find themselves in possession of, and required to defend, sensitive data that could be used to identify or contact their members, patients and customers (I.e. PHI or PII). Handling of this protected data creates a variety of compliance requirements across jurisdictions and is a major target of cyber attacks. Having robust controls, policies and cybersecurity measures in place is critical to reduce risk, achieve compliance and ensure the safety of your business. The HITRUST CSF is a security and privacy framework that is primarily based on ISO 27001 and NIST Cybersecurity Framework. Although influenced by HIPAA, international laws, and other frameworks, HITRUST CSF was created to establish common controls to comply with healthcare regulations.