When partially inheriting a requirement statement score from an external cloud service provider, the weighting applied to the score is determined primarily by the assessed entity and the service provider. [0190]
The weighting of partially inherited scores in HITRUST is determined by HITRUST’s methodology, not by mutual agreement between the assessed entity and service provider.
Organizations may identify which portions of a requirement are inherited vs. managed internally, but the actual scoring mechanics are controlled by the HITRUST CSF Assurance methodology to ensure consistency.
Weighting for partial inheritance is calculated using HITRUST’s scoring methodology, not negotiated between entities.
Contribute your Thoughts:
Chosen Answer:
This is a voting comment (?). You can switch to a simple comment. It is better to Upvote an existing comment if you don't have anything to add.
Submit