HITRUST, the leader in cybersecurity assurance used in risk management and compliance, offers certification programs for the application and validation of security, privacy, and AI controls. Informed by over 50 standards and frameworks, the company's threat-adaptive approach delivers the most relevant and reliable solution, including multiple selectable and traversable assessments and certifications, an ecosystem of over 100 independent assessment firms, centralized quality reviews, reporting and certification, and a powerful SaaS platform enabling its program and process. For over 17 years, HITRUST has led the assurance industry and today is widely recognized as the most trusted solution to establish, maintain, and demonstrate security capabilities for risks management and compliance.
HITRUST Assessment XChange integrates with ServiceNow Third-Party Risk Management (formerly Vendor Risk Management), offering a seamless and efficient experience for HITRUST clients to submit and manage assessments within their ServiceNow instance. Import IRQ templates from the HITRUST API, assign IRQ Questionnares to your employees and vendors during onboarding Due Dilligence or Vendor Risk Tiering, and send questionnaire responses out to the HITRUST API for risk scoring, recommendations, and Corrective Action Plans.
HITRUST Assessment XChange integrates with ServiceNow Third-Party Risk Management, offering a seamless and efficient experience for HITRUST clients to submit and manage assessments through HITRUST systems of record.
- Get up and running quickly with our Guided Setup
- Import Inherent Risk Questionnaire (IRQ) templates from the HITRUST API, assign them to your internal employees, and invite vendors to complete questionnaires in the Third-Party Risk Portal during Due Diligence or Vendor Tiering
- HITRUST IRQ responses are sent automatically to the HITRUST API, then Vendor Risk Scores, recommendations and Corrective Action Plans are returned and imported to inform your decision-making process
- Request HITRUST assessments from vendors directly from the Vendor Risk Managemeent Workspace; Vendors can share HITRUST Assessments automatically over the API
- Instead of relying on PDF exports, import HITRUST assessments in a relational table structure for unprecedented reporting, analysis, and decision-making for Vendor Risk Management
Version 2.1.1
This release is Certified for Australia compatibility and includes the following minor enhancements and fixes:
- Enhanced messages / field labels / module labels to align with new Third-party Risk Management application verbiage updates (e.g. "Internal assessment" and "External assessment" instead of "IRQ assessment" and "Third-party risk assessment")
- Enhanced error messaging for IRQ Scoring failures to include the failed request body for further investigation.
- Fix for IRQ Scoring issue with Custom templates that have multiple selection questions
- Fix for Action Plans import issue that was preventing import when the system property x_hitru_hitrust_tp.last_import_time was populated
- Fix for issue with "Request HITRUST IRQ" process when a customer has multiple organizations so that if an organization is not selected, the dialog does not progress until an organization is selected.
- Fix for "Request HITRUST Assessment" so that it opens the External assessment in "HITRUST" view if not in Vendor Management Workspace
- Fix for "Request HITRUST IRQ" when selecting Tiering in Vendor Management Workspace for better workspace compatibility with the link redirects for Tiering / External assessment
- Fix for SAE-enabled customers to ensure that when a HITRUST IRQ External assessment SAE questionnaire is completed by a third-party contact, a HITRUST IRQ is triggered
- Due to the vertical tabs update from dependent application "GRC: Vendor Management Workspace", the HITRUST Vendor Management Workspace related lists for "External assessments" a.k.a. "Third-party risk assessments" ("HITRUST IRQs", "HITRUST Recommendations", "HITRUST Share Tokens") have been deprecated to remain compatible with the dependent application. Instead, please navigate to the Lists in Vendor Management Workspace under "HITRUST Assessment XChange" section to find the appropriate record.
- In the Guided Setup, "Configure Vendor Management Workspace properties" step has been deprecated/deactivated as that step is no longer required. If customers have previously completed this step, you may revert this change by navigating to the viewRuleConfigId UX Page Property (https://<instance_name>.service-now.com/nav_to.do?uri=sys_ux_page_property.do?sys_id=fd8552f0530320104f80ddeeff7b120c) and revert the "Value" field back to its original value using the "Versions" related list, reverting to the "Common Vendor Core" source version. See additional guidance in the Install Guide in section 3.1 under "Guidance for existing customers installing Version 2.1.1".
- Australia Release compatibility with "enforce_dot_walk_cross_scope_access" across all HITRUST Assessment XChange scoped tables enabled and all appropriate dot-walk cross scope privileges that are required by the application have been included.
ServiceNow Plugin Dependencies
- GRC: Vendor Risk Management Workspace
- Third-party Risk Management
- Third-party Risk Due Diligence
- Integration Commons for CMDB
HITRUST API Key