Skip to content

Securing your data is always Kardin’s top priority

Kardin is committed to protecting the privacy and security of our customers' data. That's why we are proud to be HITRUST certified. HITRUST is a leading information security framework that helps organizations manage risk and comply with industry regulations.

To become HITRUST certified, Kardin had to undergo a rigorous assessment of its security controls. This assessment was conducted by an independent External Assessor Organization (EAO). The EAO found that Kardin has strong security controls in place, and Kardin was granted HITRUST certification. 

Being HITRUST certified demonstrates Kardin’s commitment to security and our dedication to protecting its customers' data.

hitrust-csf

 

Understanding the difference between HITRUST and SOC

Both HITRUST and SOC are industry-standard frameworks assisting organizations in demonstrating their compliance with security and privacy regulations. However, they have distinct emphases and applications.

HITRUST, an originally healthcare-focused comprehensive security framework, is now adopted across many industries. It encompasses a variety of security and privacy regulations, such as HIPAA, ISO-27001, PCI DSS, and NIST 800. A third-party assesses an organization's security controls and risk management practices during HITRUST certification, which is seen as a benchmark for security and compliance.

SOC, developed by the American Institute of Certified Public Accountants (AICPA), focuses on evaluating an organization's internal controls associated with security, availability, processing integrity, confidentiality, and privacy. It's extensively employed in technology and cloud computing industries, and certification entails an independent audit of these internal controls.

In essence, HITRUST offers a broader evaluation of Information Security controls against established frameworks, while SOC centers on reporting and compliance relative to an organization's unique Information Security program. HITRUST also necessitates a more rigorous assessment of an organization's security controls and risk management practices.