HITRUST Compliance with INRY and our QSA partner HITRUST Compliance with INRY and our QSA partner
Security & Risk Whitepaper

HITRUST Compliance with INRY and our QSA partner

Picture of Anu BulusuAnu Bulusu

Share On Twitter Share on LinkedIn Share on Facebook

INRY helps organizations streamline HITRUST compliance and risk through the effective implementation of ServiceNow® Policy and Compliance Management and Risk Management applications.

We assist with grouping and cross-referencing HITRUST objectives, control references and specifications to import them into ServiceNow.

Our solution design is sustainable by business and information security users, minimizing the need to involve IT for routine updates to the HITRUST environment within ServiceNow. Most importantly, we understand the need to import and maintain different implementation levels, organizational and regulatory factors for HITRUST control specifications and have an approach that works.

Qualified Security Assessor Partnership

INRY has partnered with a Qualified Security Assessor (QSA) to support our customers with annual assessments and certifications. INRY has extensive experience implementing ServiceNow security, governance, risk and compliance and understand the unique needs of organizations from different industries. Our QSA partner has extensive experience in HITRUST compliance services and their methodology provides additional value to our mutual customers.

Our implementation services are designed with a consultative approach and quickly enable clients to start using ServiceNow as an integrated system for monitoring, identifying, and taking swift action on risks associated with security and compliance related to HITRUST.

(HITRUST is a registered trademark of HITRUST Alliance. INRY has partnered with a Qualified Security Assessor (QSA) to provide gap analysis, certification and compliance advice. Clients need to procure CSF content from HITRUST Alliance. INRY does not provide any CSF content.)


Click here to Download the PDF or continue reading below.


  • Central Repository

    One central location for all your HITRUST data, evidence and other artefacts
  • Integrated Risk & Compliance

    Risk based integrated system for HITRUST with real-time insights and visibility
  • Streamlined Processes

    Workflows and alerts to assign tasks, drive collaboration and track progress
  • Track Remediation Tasks

    Prioritize remediation tasks and exceptions, trigger notifications when tasks are due
  • Our QSA partner’s Assess Once, Comply Many Methodology

    Map controls from multiple regulatory authorities to efficiently comply with many
  • Efficient Testing

    Automate control testing and build indicators to flag exceptions, create automated alerts

INRY Services

  • Solution & Strategy

    Targeted workshops to build roadmaps; perform gap analysis and recommend next steps
  • Targeted Implementation

    Drive specific outcomes related to compliance with workflows, notifications and SLAs
  • Streamlined Processes

    Manage complex requirements, including integrations with other apps and test automation
  • Enablement & Adoption

    Customized program to enable both power users and end users to drive adoption and success
  • Training

    Hands on training to use ServiceNow effectively for end-to-end compliance management
  • Continuous Compliance with our QSA partner

    Turn-key solutions from content and analysis to periodic assessments by our QSA partner
  • Content Packs

    Pre-built ServiceNow content packs for regulations like SOC, SOX , GDPR, PCI, ISO 27001, etc.
  • Enhancements

    Ongoing enhancements to an existing ServiceNow GRC Policy & Compliance implementation
  • Upgrades

    Upgrade to the latest version of ServiceNow and leverage new features and functionality


  • Import and set-up HITRUST categories, controls, assessment objects into ServiceNow’s authority documents, citations, controls and profiles (data to be provided by the client)
  • Establish controls and external assessment questionnaires in ServiceNow
  • Automate GRC indicators leveraging data available in ServiceNow
  • Embed controls into Service Management activities and produce real-time reports; receive alerts for exceptions and deviations
  • Indicator-based continuous control management

Related Insights