In 2021, Oracle Cloud Infrastructure (OCI) achieved HITRUST Common Security Framework (CSF) certification. This is especially important for customers that handle sensitive data and need assurance that OCI security and privacy controls have been assessed against rigorous standards.  

Over the last year, OCI’s HITRUST program has expanded to include additional capabilities to support customers in achieving their own HITRUST certification using the Shared Responsibility Matrix and Inheritance Program. For OCI customers, the Shared Responsibility Matrix and Inheritance program are important components for defining roles and responsibilities and provide transparency about the controls they can inherit when completing their own HITRUST assessment. The inheritance program enables organizations completing their own HITRUST CSF assessment to import OCI’s Validated Assessment control results and scores for external inheritance.

LuxSci partners with OCI to deliver trusted solutions

Customers like LuxSci, a HIPAA-compliant email, website, and form security services provider, understand the reality of ever-evolving security regulations that can heavily impact their business and their customers. Despite many changes in the healthcare industry legislation, the company has stayed committed to helping its customers navigate these deep—and sometimes uncertain—waters of security and privacy laws. Due to this commitment, LuxSci is now a leader in providing compliant communication services to healthcare customers. Recently, the company leveraged OCI’s HITRUST Inheritance Program to renew its own HITRUST CSF Assessment.

“For LuxSci and its customers, HIPAA compliance and HITRUST certification are fundamental prerequisites for doing business. LuxSci migrated to OCI in part due to its unmatched second-generation and security-first cloud services. However, we would not have been able to choose OCI had they not also been on track to achieve HITRUST certification themselves. Being able to inherit Oracle’s HITRUST security controls simplified the effort we had to expend during our own assessments. This was a win-win for all, especially our customers.”  

-Erik Kangas, CEO of LuxSci

Have more questions about HITRUST?

Q: What is HITRUST?
HITRUST has established a Common Security Framework (CSF) that provides a risk-based approach to security and privacy protection. The CSF spans over 45 authoritative sources, including NIST, HIPAA, the GDPR, and PCI DSS. 

Q: What are the benefits of the Shared Responsibility Matrix?
The OCI Shared Responsibility Matrix helps to provide clarity about which controls organizations can inherit during their HITRUST assessment.

Q: Which OCI services are HITRUST-certified?
71 OCI IaaS and PaaS services and 23 Oracle Cloud data regions are certified against the HITRUST Common Security Framework. OCI undergoes annual assessments as part of the HITRUST program, adding new services and data regions to the scope. 

Q: Is HITRUST only for healthcare organizations?
No. HITRUST can be used as an industry-agnostic framework for regulatory compliance and risk management. 

OCI’s security-first approach can provide a clear path to successful compliance

For some, HITRUST CSF certification may provide the assurance needed to run your most critical workloads on OCI. For others, looking to leverage the HITRUST Assess Once, Inherit Many™ approach, the HITRUST Shared Responsibility Matrix Inheritance program may reduce some burdens related to control inheritance. 

In all cases, the privacy and security of our customer’s data is a top priority for Oracle. For this reason, OCI offers a wide array of global and regional compliance programs. More information can be found at Oracle Cloud Compliance.

If you’re ready to start innovating with cloud infrastructure, contact one of our representatives for more information.