skip to Main Content

The most rigorous and successful approach to obtaining your Information Security Goals

As the leading HITRUST CSF Assessor Organization, BEYOND HC LLC brings together its experience and knowledge with the HITRUST CSF methodology to streamline and accelerate the certification process whether you choose the i1 or the r2 certification. Our approach embraces the certification requirements and protocols defined by HITRUST while formalizing a program that overcomes the intricacies and challenges of a complex process. Becoming HITRUST Certified whether it be the e1, i1 or r2 should not be a burden on your team or your budget. At BEYOND, we will walk with you through the process, and provide the assistance as required by you and your team. The BEYOND business model is a proven approach that results in 100% success. We look forward to working with you and your team.

The BEYOND HC LLC Difference

Established project management // All Team Members CCSFP // Phased approach that reduces cost, time and complexities
Pre-determined quality assurance checkpoints that safeguards the prospect for on-time certification
Assessment program that harmonizes similar control objectives // Continuous status reporting through the HITRUST journey


Phase 1 – Readiness Assessment
(Learn what needs to be fixed)

A point-in-time review to determine if your company is ready to complete Validated Assessment for the HITRUST e1, i1, or r2 certification. BEYOND will work with you to identify gaps within your existing environment that could prevent a HITRUST certification and provide a detailed report that includes recommendations, guidance, and timeline for developing your Information security program.

Phase 2 – CIO Security Services | “GAP Remediation”
(Now you know…let’s fix it)

This phase is based on the Readiness Assessment results (see Phase 1) and the work that needs to be corrected, created and/or implemented prior to conducting the HITRUST Validated Assessment. The overall goal is to remediate the Gaps to allow for a seamless and successful HITRUST Validation.

Phase 3 – e1, i1 or r2 Validated Assessment | Bridge Assessment
(Let’s get certified)

The BEYOND validation team (all CCSFP certified) will help your organization navigate the HITRUST e1, i1, or r2 Validation process. BEYOND builds each assessment program to serve the unique needs and scoped environment of your organization. Through carefully outlined steps, BEYOND will conduct the assessment using our expertise and knowledge of HITRUST to obtain your goal of certification.

Phase 4 – Interim Assessment | ISP Maturity
(Maintaining the certification)

This phase is the mid-review and maintenance that takes place within a year after the HITRUST Certification is received. There are different steps for the i1 or the r2, and BEYOND can lead you to continued success no matter which validation you obtained.

What is new with BEYOND and in the HITRUST world

Need to transition from HITRUST v9.x to v11.x…BEYOND can help
With the release of the HITRUST v11x – there are many changes from testing under v9.x version to the new v11x. How will you know where to start…what to update in your ISP, timeline to complete the transition, how to prepare for the new version? BEYOND can help you. We will put together a program designed for your organization that will help you transition from your current version to allow you to test successfully under the MyCSF v11.x. One trick to success…begin this process ASAP. So reach-out to BEYOND and let’s have a discussion on how we can partner with you on the next step of your HITRUST journey.

HITRUST i1 Rapid Recertification…is coming your way
In 2024 HITRUST will roll out the Rapid “Recert” option for i1. This recertification will allow BEYOND to evaluate a sample of requirement statements that were scored in the original i1 Assessment….and our clients will be permitted to roll forward scores from their certified i1 Assessment for the remaining requirement statements – thus reducing the amount of testing required to complete the assessment. Of course there are some additional details and qualifiers to the program…to learn more about the i1 Certification and the Rapid Recertification option, reach out to BEYOND at or

HITRUST CSF e1, i1 and r2…here are the details
The HITRUST e1 certification provides an entry into the HITRUST certification stage. For our clients with a low security risk, this certification can provide a solid security program. For our clients that require more, the e1 can be the first of many certifications to obtain…a stepping stone to the i1 and r2 certifications.

The HITRUST i1 Validated Assessment leverages a proven set of 182 Assessment requirement statements from the CSF v11 library. The i1 Assessment provides reliable assurances against current and emerging cyber threats to help implement a strong and broad cybersecurity program. The i1 can also be used as a foundation in obtaining the r2 certification.

The HITRUST r2 Validated Assessment demonstrates that an organization is taking the most proactive “expanded practices” approach to data protection and information risk mitigation. This top tier HITRUST certification demonstrates a high level information security program and adherence to the industry’s tough security standards.


BEYOND HC LLC is an SBA woman-owned business with a focus to create programs specialized to each of our clients goals. We work with all size companies from startups to established organizations. Our purpose is to help your company innovate, transform and obtain success in achieving your information security objectives. BEYOND HC LLC is first and foremost a HITRUST Assessor Organization. This specialization offers clients the kind of expertise and attention that streamlines the process and delivers cost and time efficient solutions for your company.

We are a team of IT, IS and HITRUST professionals with over 30 years of experience in risk, audit, information security and regulatory administration. The BEYOND team are all CCSFP Practitioners who focus includes:

  • ei, i1, and r2 HITRUST Readiness Assessments
  • GAP Remediation
  • Policy | Procedure Documentation
  • CISO | Security Advisory Services
  • ei, i1, and r2 HITRUST Validated Assessments
Giving back to our community

BEYOND continues to look for ways to support our local community. This year our focus has been Holy Cross Lutheran Academy (HCLA) of Sanford Fl and Clearbrook of Arlington Heights, IL. Below are some of the highlights.

Our donations in the fall went towards sprucing up the front of HCLA
Benefactor to Clearbrook Shining Star Ball
Title Sponsor for the HCLA Evening Under the Stars
Upcoming | Recent Events

HITRUST Collaborate – Grapevine, Texas                                                                                                                                                                                                                    October 3-5, 2023                                                                                                                                                                                                                                                              Come join BEYOND as we are a Silver Sponsor for HITRUST Collaborate 2023. We will be on site at Booth 19 in the Expo Hall to talk about effective methods for achieving and maintaining your HITRUST certification; the latest HITRUST trends in certification; and to  help you decide which certification is best for you.

October 3, 9:05 AM – 9:55 AM CT, Grapevine Ballroom C-D                                                                                                                                                                                                CEO, Cathlynn Nigh, will participate in a panel discussion: Understanding How to Share Control Responsibility in the Cloud                                                              When it comes to the cloud…assurance and compliance are either key success factors or contributors to disaster. Without a common language and well-worn paths, cloud adoption can be stifled by debate regarding which controls are applicable, who is responsible for them, and how often they should be validated.

October 3, 11:45 AM – 12:45 PM CT, Austin 4                                                                                                                                                                                                                        CEO, Cathlynn Nigh, will participate in a panel discussion: Intimate Conversation with Women in HITRUST.                                                                                          During this panel our CEO, Cathlynn Nigh, will be joined by top women in their fields to discuss the importance of women in Internet Technology / Internet Security. They will review the importance of supporting other women, how to navigate in this industry, as well as ways to help women that are already in the IT/IS industry grow and advance.


HIMSS 2024 – Orlando, FL
March 11-15, 2024                                                                                                                                                                                                                                                         BEYOND will be in attendance at HIMSS 2024 to discuss the new HITRUST certification offerings with assessment levels geared toward low, moderate and high security assurance: e1, i1 and r2, respectively. Learn all about the HITRUST assessments and how BEYOND can assist in your success.


Understanding Assurance Mechanisms for Data Security and Trust

BEYOND HC LLC & HITRUST Portfolio Education Program - Understanding Assurance Mechanisms for Data Security…

Read more

Power of the Portfolio

By Robert Booker, Chief Strategy Officer, HITRUST HITRUST Focus on Continuous Improvement HITRUST has been…

Read more

HITRUST redesigns CSF in v11 to increase efficiencies and cyber threat-adaptive assurances

Updated CSF can reduce certification efforts by up to 45% FRISCO, Texas, December 20, 2022–…

Read more

Ray Biondo Promoted to Executive Vice President and CIO for BEYOND HC LLC

Chicago Illinois, Orlando FL, Denver CO; January 4, 2021 – BEYOND HC LLC, a woman…

Read more

Cathlynn Nigh

Founder / CEO
Ms. Nigh is the CEO of BEYOND HC LLC. BEYOND is a woman owned and operated consulting firm that is specific to performing HITRUST Assessments. BEYOND provides their clients a personalized “one to one” approach to the highest level of service and quality...
Read more

Ray Biondo

Executive Vice President Chief Information Officer (CIO)
Mr. Biondo is Executive Vice President, Chief Information Officer for BEYOND HC LLC. Ray is a senior IT executive with over 30 years of experience in the specialized field of Information Technology. He has led application development teams...
Read more

The Health Information Trust Alliance (HITRUST) was born out of the belief that information security should be a core pillar of, rather than an obstacle to, the broad adoption of health information systems and exchanges.

HITRUST, in collaboration with healthcare, business, technology and information security leaders, has established the HITRUST CSF, a certifiable framework that can be used by any and all organizations that create, access, store or exchange personal health and financial information.

The CSF is an information security framework that harmonizes the requirements of existing standards and regulations, including federal (HIPAA, HITECH), third party (PCI, COBIT) and government (NIST, FTC). As a framework, the CSF provides organizations with the needed structure, detail and clarity relating to information security tailored to the healthcare industry.

Whether your organization deals directly or indirectly with the health care industry, HITRUST certification is good for your business:

  • Helps you manage regulatory compliance and risk management
  • Opens access to prospective clients who require their vendors to be HITRUST Certified
  • Once in place, certification can be renewed, budgeted and managed

Download #1 – Audit Once Use Many

We need a new way to drive consistency on how to identify risks and controls, how to conduct assessment in an efficient way, how to leverage the outputs and finally what should be communicated to stakeholders and third-party partners. We call this idea smart…using results for many purposes from one undertaking.


Download #2 – Understanding Assurance Mechanisms for Data Security and Trust

Discover the importance of adopting a widely accepted assurance mechanism to establish trust, differentiate between the mechanisms available for organizations across industries, and learn how earning a HITRUST certification through BEYOND HC LLC provides a superior level of assurance.

    Fill in your information below and select which download you would like to receive.

    PHASE 1: BEYOND Readiness Assessment

    BEYOND will identify gaps in your existing environment that could prevent HITRUST certification. BEYOND will provide detailed information on the findings, recommendations, strategy, and timeline for developing your Information Security Program “ISP” to meet the current HITRUST framework.

    A readiness assessment is an essential part of any organizational change management program and should be completed before you launch technical implementation and update or recreate your documentation.

    • Determine the scope of the assessment.
    • Questionnaire / Interviews are completed.
    • Constant contact – frequent communication / status meetings throughout.
    • BEYOND will review, conduct analysis and develop a working draft report.
    • BEYOND will review findings and draft report with the client.

    PHASE 2: Security Services | GAP Remediation

    Let’s put BEYOND’s CIO executive leadership and security knowledge to work for your organization.  Our security services offer you access to a team of professionals that provide the required subject matter expertise to help you strengthen your “ISP”.

    As a team we can develop your security program.  We will quickly work with you to gain knowledge and build a strategy on addressing your security gaps.  With our vast knowledge of the security environment, we will go to work to solve these problems for you with results that you can rely on.

    This work can include:

    • Implementation of products / managed services
    • Internal processes such as BC/DR Plan | Data Classification | Incident Response | IT Vendor Management | Risk Management | Teleworking (WFH) | vCISO Services
    • The creation of necessary documents (Policy / Procedure Guides) that are written to communicate each step clearly and developed to meet your compliance needs.

    PHASE 3: Validated Assessment | Bridge Assessment

    • Team introductions | assignments | status meetings.
    • Pre-Validation Meetings
      • PreAssessment Checklist Meeting
      • Population | Evidence Review Meeting
    • Validation Testing – evaluation of the level of security compliance to the required HITRUST controls associated with the Client control environment by reviewing documentation, interviewing key stakeholders and testing to validate the controls are implemented.
    • QA | Submission of evidence to HITRUST.
    • Work with HITRUST during the QA process.
    • Review HITRUST findings | report with Client.
    • Final Validation Review Document
      • Process Improvements

    PHASE 4: Interim Assessment | ISP Maturity

    i1 only: The Rapid Recertification for the i1 assessments provides an accelerated way to recertify. The Rapid Recertification allows Assessed Entities and their External Assessors to evaluate a sample of requirement statements that were scored in the original i1 Assessment. Upon successfully demonstrating that the control environment has not materially degraded, the Assessed Entity is permitted to roll forward scores from their certified i1 Assessment for the remaining requirement statements – thus reducing the amount of testing required to complete the assessment.

    R2 only: The Interim Assessment follows the same guidance as the Validated Assessment, with a reduced number of requirements. Leading up to the Interim Assessment, The BEYOND Security Team will work with you to ensure you are ready for the Interim Assessment.

    • Policy | Procedure Documentation maintained and updated
    • CAPS (if applicable) addressed
    • Continued maturity of your ISP
    • The mid-certification review will then be conducted by the BEYOND Validation Team and follows the same process as the Validated Assessment (see Phase 3 Validated Assessment).
    Years of Healthcare Experience
    Companies Helped
    in the Industry