skip to Main Content

The most rigorous and successful approach to obtaining your Information Security Goals

As the leading HITRUST CSF Assessor Organization, BEYOND HC LLC brings together its experience and knowledge with the HITRUST CSF methodology to streamline and accelerate the certification process whether you choose the i1 or the r2 certification. Our approach embraces the certification requirements and protocols defined by HITRUST while formalizing a program that overcomes the intricacies and challenges of a complex process. Becoming HITRUST Certified whether it be the e1, i1 or r2 should not be a burden on your team or your budget. At BEYOND, we will walk with you through the process, and provide the assistance as required by you and your team. The BEYOND business model is a proven approach that results in 100% success. We look forward to working with you and your team.

The BEYOND HC LLC Difference

Established project management // All Team Members CCSFP // Phased approach that reduces cost, time and complexities
Pre-determined quality assurance checkpoints that safeguards the prospect for on-time certification
Assessment program that harmonizes similar control objectives // Continuous status reporting through the HITRUST journey


Phase 1 – Readiness Assessment
(Learn what needs to be fixed)

A point-in-time review to determine if your company is ready to complete Validated Assessment for the HITRUST e1, i1, or r2 certification. BEYOND will work with you to identify gaps within your existing environment that could prevent a HITRUST certification and provide a detailed report that includes recommendations, guidance, and timeline for developing your Information security program.

Phase 2 – CIO Security Services | “GAP Remediation”
(Now you know…let’s fix it)

This phase is based on the Readiness Assessment results (see Phase 1) and the work that needs to be corrected, created and/or implemented prior to conducting the HITRUST Validated Assessment. The overall goal is to remediate the Gaps to allow for a seamless and successful HITRUST Validation.

Phase 3 – e1, i1 or r2 Validated Assessment | Bridge Assessment
(Let’s get certified)

The BEYOND validation team (all CCSFP certified) will help your organization navigate the HITRUST e1, i1, or r2 Validation process. BEYOND builds each assessment program to serve the unique needs and scoped environment of your organization. Through carefully outlined steps, BEYOND will conduct the assessment using our expertise and knowledge of HITRUST to obtain your goal of certification.

Phase 4 – Interim Assessment | ISP Maturity
(Maintaining the certification)

This phase is the mid-review and maintenance that takes place within a year after the HITRUST Certification is received. There are different steps for the i1 or the r2, and BEYOND can lead you to continued success no matter which validation you obtained.

What is new with BEYOND and in the HITRUST world

HITRUST Portfolio Education Program
BEYOND has been chosen to participate in the HITRUST Portfolio Education Program. This elite program is limited to only 5 External Assessor Organization. With HITRUST, we will be focusing on driving the adoption of the HITRUST Portfolio throughout the community. The goal is to raise awareness of the newly expanded HITRUST Assessment Portfolio, including the launch of the e1 through changes with the i1 and r2 – very exciting. Stay tuned for more updates on the whitepaper and the webinars that will be offered.

HITRUST CSF e1, i1 and r2…here are the details
The HITRUST e1 certification provides an entry into the HITRUST certification stage. For our clients with a low security risk, this certification can provide a solid security program. For our clients that require more, the e1 can be the first of many certifications to obtain…a stepping stone to the i1 and r2 certifications.

The HITRUST i1 Validated Assessment leverages a proven set of 182 Assessment requirement statements from the CSF v11 library. The i1 Assessment provides reliable assurances against current and emerging cyber threats to help implement a strong and broad cybersecurity program. The i1 can also be used as a foundation in obtaining the r2 certification.

The HITRUST r2 Validated Assessment demonstrates that an organization is taking the most proactive “expanded practices” approach to data protection and information risk mitigation. This top tier HITRUST certification demonstrates a high level information security program and adherence to the industry’s tough security standards.

BEYOND is growing…
We are pleased to announce that we now have a Project Manager who will help oversee the Validation process to ensure we meet our timeline and goals. Our new Project Manager will be there to assist our top-notch Validation Team in continuing to offer a high level of customer service while maintaining our 100% HITRUST success. You can always reach her at

Additional Note…
With so many changes happening in our everyday world, please reach out to us with any questions you may have or any guidance you may need. We want to be part of your team as you successfully obtain (or maintain) your HITRUST certification.


BEYOND HC LLC is an SBA woman-owned business with a focus to create programs specialized to each of our clients goals. We work with all size companies from startups to established organizations. Our purpose is to help your company innovate, transform and obtain success in achieving your information security objectives. BEYOND HC LLC is first and foremost a HITRUST Assessor Organization. This specialization offers clients the kind of expertise and attention that streamlines the process and delivers cost and time efficient solutions for your company.

We are a team of IT, IS and HITRUST professionals with over 30 years of experience in risk, audit, information security and regulatory administration. The BEYOND team are all CCSFP Practitioners who focus includes:

  • ei, i1, and r2 HITRUST Readiness Assessments
  • GAP Remediation
  • Policy | Procedure Documentation
  • CISO | Security Advisory Services
  • ei, i1, and r2 HITRUST Validated Assessments
Giving back to our community

BEYOND continues to look for ways to support our local community. This year our focus has been Holy Cross Lutheran Academy (HCLA) of Sanford Fl and Clearbrook of Arlington Heights, IL. Below are some of the highlights.

Our donations in the fall went towards sprucing up the front of HCLA
Benefactor to Clearbrook Shining Star Ball
Title Sponsor for the HCLA Evening Under the Stars
Upcoming | Recent Events

HITRUST Collaborate – Grapevine, Texas
Dates: October 3-5, 2023
Come join BEYOND as we again sponsor HITRUST Collaborate 2023. We will be on site to discuss and share information on effective methods for achieving and maintaining your HITRUST certification. We will discuss the latest HITRUST trends in certification…and help you decide which certification is best for you.

HIMSS 2024 – Orlando, FL
March 11 – 15, 2024
BEYOND will be in attendance at HIMSS 2024 to discuss the new HITRUST certification offerings with assessment levels geared toward low, moderate and high security assurance: e1, i1 and r2, respectively. Learn all about the HITRUST assessments and how BEYOND can assist in your success.


Power of the Portfolio

By Robert Booker, Chief Strategy Officer, HITRUST HITRUST Focus on Continuous Improvement HITRUST has been…

Read more

HITRUST redesigns CSF in v11 to increase efficiencies and cyber threat-adaptive assurances

Updated CSF can reduce certification efforts by up to 45% FRISCO, Texas, December 20, 2022–…

Read more

Ray Biondo Promoted to Executive Vice President and CIO for BEYOND HC LLC

Chicago Illinois, Orlando FL, Denver CO; January 4, 2021 – BEYOND HC LLC, a woman…

Read more

BEYOND HC LLC Facilitates another HITRUST Community Extension Program Event hosted by Aim Specialty Health and Blue Cross Blue Shield Association

Chicago Illinois, January 23, 2019 – BEYOND HC LLC, a woman owned HITRUST CSF Assessor…

Read more

Cathlynn Nigh

Founder / CEO
Ms. Nigh is the CEO of BEYOND HC LLC. BEYOND is a woman owned and operated consulting firm that is specific to performing HITRUST Assessments. BEYOND provides their clients a personalized “one to one” approach to the highest level of service and quality...
Read more

Ray Biondo

Executive Vice President Chief Information Officer (CIO)
Mr. Biondo is Executive Vice President, Chief Information Officer for BEYOND HC LLC. Ray is a senior IT executive with over 30 years of experience in the specialized field of Information Technology. He has led application development teams...
Read more

The Health Information Trust Alliance (HITRUST) was born out of the belief that information security should be a core pillar of, rather than an obstacle to, the broad adoption of health information systems and exchanges.

HITRUST, in collaboration with healthcare, business, technology and information security leaders, has established the HITRUST CSF, a certifiable framework that can be used by any and all organizations that create, access, store or exchange personal health and financial information.

The CSF is an information security framework that harmonizes the requirements of existing standards and regulations, including federal (HIPAA, HITECH), third party (PCI, COBIT) and government (NIST, FTC). As a framework, the CSF provides organizations with the needed structure, detail and clarity relating to information security tailored to the healthcare industry.

Whether your organization deals directly or indirectly with the health care industry, HITRUST certification is good for your business:

  • Helps you manage regulatory compliance and risk management
  • Opens access to prospective clients who require their vendors to be HITRUST Certified
  • Once in place, certification can be renewed, budgeted and managed

Download #1 – Audit Once Use Many

We need a new way to drive consistency on how to identify risks and controls, how to conduct assessment in an efficient way, how to leverage the outputs and finally what should be communicated to stakeholders and third-party partners. We call this idea smart…using results for many purposes from one undertaking.

    Fill in your information below and select which download you would like to receive.

    PHASE 1: BEYOND Readiness Assessment

    BEYOND will identify gaps in your existing environment that could prevent HITRUST certification. BEYOND will provide detailed information on the findings, recommendations, strategy, and timeline for developing your Information Security Program “ISP” to meet the current HITRUST framework.

    A readiness assessment is an essential part of any organizational change management program and should be completed before you launch technical implementation and update or recreate your documentation.

    • Determine the scope of the assessment.
    • Questionnaire / Interviews are completed.
    • Constant contact – frequent communication / status meetings throughout.
    • BEYOND will review, conduct analysis and develop a working draft report.
    • BEYOND will review findings and draft report with the client.

    PHASE 2: Security Services | GAP Remediation

    Let’s put BEYOND’s CIO executive leadership and security knowledge to work for your organization.  Our security services offer you access to a team of professionals that provide the required subject matter expertise to help you strengthen your “ISP”.

    As a team we can develop your security program.  We will quickly work with you to gain knowledge and build a strategy on addressing your security gaps.  With our vast knowledge of the security environment, we will go to work to solve these problems for you with results that you can rely on.

    This work can include:

    • Implementation of products / managed services
    • Internal processes such as BC/DR Plan | Data Classification | Incident Response | IT Vendor Management | Risk Management | Teleworking (WFH) | vCISO Services
    • The creation of necessary documents (Policy / Procedure Guides) that are written to communicate each step clearly and developed to meet your compliance needs.

    PHASE 3: Validated Assessment | Bridge Assessment

    • Team introductions | assignments | status meetings.
    • Pre-Validation Meetings
      • PreAssessment Checklist Meeting
      • Population | Evidence Review Meeting
    • Validation Testing – evaluation of the level of security compliance to the required HITRUST controls associated with the Client control environment by reviewing documentation, interviewing key stakeholders and testing to validate the controls are implemented.
    • QA | Submission of evidence to HITRUST.
    • Work with HITRUST during the QA process.
    • Review HITRUST findings | report with Client.
    • Final Validation Review Document
      • Process Improvements

    PHASE 4: Interim Assessment | ISP Maturity

    i1 only: The Rapid Recertification for the i1 assessments provides an accelerated way to recertify. The Rapid Recertification allows Assessed Entities and their External Assessors to evaluate a sample of requirement statements that were scored in the original i1 Assessment. Upon successfully demonstrating that the control environment has not materially degraded, the Assessed Entity is permitted to roll forward scores from their certified i1 Assessment for the remaining requirement statements – thus reducing the amount of testing required to complete the assessment.

    R2 only: The Interim Assessment follows the same guidance as the Validated Assessment, with a reduced number of requirements. Leading up to the Interim Assessment, The BEYOND Security Team will work with you to ensure you are ready for the Interim Assessment.

    • Policy | Procedure Documentation maintained and updated
    • CAPS (if applicable) addressed
    • Continued maturity of your ISP
    • The mid-certification review will then be conducted by the BEYOND Validation Team and follows the same process as the Validated Assessment (see Phase 3 Validated Assessment).
    Years of Healthcare Experience
    Companies Helped
    in the Industry