You have achieved HITRUST Certification. Great! But now the real hard part comes: adhering to your new policy. Do not underestimate the importance of this.
HITRUST Certification follows a validated assessment every two years with an interim assessment in between. While much of your initial certification may have been improving policy and fixing gaps, the recertification process will be validating that you are continuing to do what you said you would do all along.
A lot of your new IT Policy will have tasks that require a certain frequency of completion. Daily, weekly, monthly, quarterly, and annually. For example, you may have a daily infrastructure checklist for a Network/Server Admin. You may also require Penetration Testing annually. Or you may need to Patch Servers monthly. You will probably have 25 to 35 tasks that will need to be completed regularly. Much more, it will need to be documented that you completed them per your policy.
One of our Apps within Healthcare ERP is what is called "Scheduled Task." While not exclusively for HITRUST Certification, it certainly helps as it does just about everything you need to make sure all tasks are getting completed on time and documented.
All tasks are assigned a title, control number, a responsibility, an escalation hierarchy, frequency, and start date. The automation then takes it from there based on start date and frequency. It takes the standing task and creates a specific assigned task with a due date and emails it to the assigned party. This specific task has a place for notes and a place for uploaded documentation. If tasks are not completed by the assigned party by the due date, the first chain of escalation is alerted via email. If after 15 days it still isn't done, the second layer of escalation is notified. And if still not complete a month after the due date, the third layer of escalation is notified.
Whether you use our Schedule Task app or not, you need a game plan on how you plan on adhering to your policy. I promise if this isn't given serious thought you will find yourself during your next assessment with either a lot of gaps which risk losing certification or a lot of work to prove you have adhered to your policy. Neither is a good scenario to be in.
We would love to talk to you about how you can maintain your HITRUST Certification, save time, and possibly prevent the need for a whole IT position.