New HITRUST® Program to Help Start-Ups with Information Privacy and Security

RightStart Program™ to ensure information privacy and security is foundational element of start-ups’ core infrastructure

FRISCO, Texas--()--HITRUST is helping start-up companies make information privacy and security a foundational component while still focusing on growing their business with the introduction of the RightStart Program™. The newly introduced program helps start-ups accelerate their adoption of the most comprehensive risk management, compliance, privacy and security suite of services in the marketplace.

As a leading security and privacy standards development and accreditation organization, HITRUST is bundling and pricing its programs to align with rapidly-growing small businesses ensuring management and customers that effective information privacy and security programs are a core tenet of the start-up firm’s operations.

“Navigating risk management and compliance requirements can be costly, a strain on internal resources and can be daunting for any company, but it can be compounded in start-ups that are focusing on bringing their vision to market,” says Mike Parisi, HITRUST’s vice president of Assurance Strategy & Community Development. “The RightStart Program will ensure dedicated programs managing risk, compliance, security and privacy are foundational practices within a start-up by embedding these security standards into their evolving business models.”

Meeting these requirements should not be a barrier to business growth but too often start-up companies try to institute the proper programs in an ad hoc manner only to lose valuable time and money and in the end, not improving their risk posture.

“The RightStart Program gives us the ability to adopt a security framework that will scale with our organization and provide brand name peace of mind to our customers, partners and investors, says Hoala Greevy, CEO of Paubox, an email encryption company. “HITRUST provides us with the tools for secure, compliant growth needed to increase our bottom line. Our customer focus demands we have security, compliance, and risk management in place by design and not as an afterthought.”

Designed for start-ups that have been in business for less than three years, have fewer than 50 employees and have less than $10 million in annual revenue, the program offers a comprehensive risk management solution. The Right Start Program streamlines the adoption of HITRUST’s best-in-class suite of services, including:

The HITRUST CSF allows organizations to perform assessments and report against its comprehensive privacy and security controls or any one of the thirty-five authoritative sources included in the framework, such as the NIST Cybersecurity Framework, HIPAA and GDPR.

The HITRUST CSF Assurance Program provides a simplified and consistent approach to assessments and reporting against the HITRUST CSF. Since the HITRUST CSF synthesizes numerous standards and frameworks into a single comprehensive and harmonized framework, it negates the need for multiple assessments with an ‘Assess Once, Report Many’ approach.

The HITRUST MyCSF Assessment Platform makes it easier and more cost-effective for an organization to manage information risk and meet international, federal and state regulations concerning privacy and security.

The HITRUST Academy offers the only training courses designed to educate security professionals about information protection and the utilization of the HITRUST CSF to manage risk.

Click here to register for the HITRUST webinar on November 13th discussing the benefits of the program featuring Hoala Greevy, CEO of Paubox.


Founded in 2007, HITRUST Alliance is a not-for-profit organization whose mission is to champion programs that safeguard sensitive information and manage information risk for organizations across all industries and throughout the third-party supply chain. In collaboration with privacy, information security and risk management leaders from both the public and private sectors, HITRUST develops, maintains and provides broad access to its widely adopted common risk and compliance management and de-identification frameworks; related assessment and assurance methodologies; and initiatives advancing cyber sharing, analysis, and resilience.

HITRUST actively participates in many efforts in government advocacy, community building, and cybersecurity education. For more information, visit


Kevin Lightfoot, 469-269-1117


Kevin Lightfoot, 469-269-1117