AI Risk Management and AI Security Certification: What’s the Difference?
As AI continues to gain momentum, organisations face new risks, challenges, and security concerns. In response, HITRUST launched two comprehensive AI assurance solutions in 2024.
1. HITRUST AI Risk Management Assessment
2. HITRUST AI Security Assessment and Certification
Let’s explore.
Common features
Before diving into each solution’s unique attributes, it’s important to note that both AI Risk Management and AI Security Assessments share several foundational HITRUST capabilities.
-
Prescriptive, harmonised controls
Each AI assessment leverages HITRUST’s rigorous, prescriptive controls built on a harmonised framework that reflects leading standards such as ISO/IEC 23894:2023, NIST RMF, and more.
-
Cyber threat-adaptive framework
HITRUST regularly updates control sets to address evolving AI threats. This continuous refinement ensures that both AI assessments stay current with emerging risks.
-
Powered by MyCSF
Both solutions use HITRUST’s SaaS platform, MyCSF, enabling organisations to efficiently manage assessments and securely share results and reports with stakeholders.
-
Credibility and reliability
HITRUST has an established track record in cybersecurity assurance, providing globally recognised methodologies that organisations of all sizes can trust.
HITRUST AI Risk Management Assessment
Purpose
The HITRUST AI Risk Management Assessment is designed for organisations seeking a targeted evaluation of their AI risk management practices.
Key features
- Non-certified solution: Evaluates AI risk management without the formalities of a certification process
- 51 AI-specific controls: Focuses on AI risks based on 51 controls, helping you pinpoint vulnerabilities and prioritise improvements
- Self-evaluation: Allows flexibility to perform a standalone self-assessment or engage a HITRUST External Assessor for independent testing
- Cost-effective entry point: Offers a cost-effective way to begin identifying and addressing AI-related risks
- AI RM Insights Report: Delivers clear, detailed scoring mapped to ISO/IEC 23894:2023 and NIST RMF v1.0, including color-coded scorecards, gap analysis, and next-step recommendations
Ideal for
- AI users and producers looking for a flexible approach to assess AI risks
- Organisations wanting a low-barrier, targeted way to identify AI gaps
- Teams looking to create or refine an AI risk management program but not yet ready to pursue formal certification
HITRUST AI Security Assessment and Certification
Purpose
The HITRUST AI Security Assessment and Certification is a higher-level assurance solution that validates the security of AI systems in a formal manner.
Key features
- Certified validation: Results in a HITRUST AI certification that demonstrates the highest level of security assurance to stakeholders
- 44 security controls: Focuses on the security and privacy of AI platforms with 44 controls, which can be tailored based on specific use case scenarios
- Independent, centralised quality review: Includes third-party validation and centralised quality review, demonstrating rigorous testing and reliable results
- Inheritance: Allows to inherit AI controls from cloud service providers and other vendors that already have HITRUST-certified systems
- Seamless add-on to HITRUST cybersecurity assessments: Can be added to any of HITRUST’s core assessments (e1, i1, r2), ensuring comprehensive coverage of both cybersecurity and AI security in a unified approach
Ideal for
- AI developers and deployers seeking a formal certification that can be shared with customers, regulators, and partners
- Organisations looking to align AI security controls with recognised frameworks (e.g., NIST, ISO/IEC, OWASP) and consolidate compliance efforts
- Teams that proactively want to stay ahead of new AI security threats
Which one is right for you?
If you’re exploring AI risks, processes, and gaps, choose the HITRUST AI Risk Management Assessment to gain deep insights without the pressure of achieving certification. This approach offers an entry point to identify AI risks and build a roadmap for improvement cost-effectively.
If you need formal recognition, choose the HITRUST AI Security Assessment and Certification to showcase a validated, independently reviewed AI security posture. This ensures your stakeholders have the assurance they need regarding your organisation’s AI security readiness.
Bottom line
HITRUST’s AI assurance addresses the evolving landscape of AI risk, compliance, and security. You will benefit from HITRUST’s proven framework, advanced tools, and industry-leading approach whether you opt for the AI Risk Management Assessment or the AI Security Assessment.
HITRUST’s flexible solutions help ensure AI technologies are deployed responsibly, securely, and with optimal risk management no matter your organisation’s sise or AI maturity. Choose the solution that best aligns with your goals — risk-focused or security-focused — to confidently navigate the complexities of AI adoption while meeting stakeholder expectations for transparency and assurance.
Visit the HITRUST AI Hub for more information on how HITRUST can help you secure, manage, and certify your organisation’s AI systems.
techUK - Seizing the AI Opportunity
The UK is a global leader in AI innovation, development and adoption.
The economic growth and productivity gain that AI can unlock is vast, but to fully harness this transformative opportunity, immediate action is required. Our aim is to ensure the UK seizes the opportunities presented by AI technology and continues to be a world leader in AI development.
Get involved: techUK runs a busy calendar of activities including events, reports, and insights to demonstrate some of the most significant AI opportunities for the UK. Our AI Hub is where you will find details of all upcoming activity. We also send a monthly AI newsletter which you can subscribe to here.
Upcoming AI events
GDS Cloud & Platforms market engagement - FinOps health-check for public sector
Hybrid - techUK Offices and Online Market briefing
Digital transformation and cloud modernisation in UK public sector
techUK Office Conference
Latest news and insights
Subscribe to our AI newsletter
AI and Data Analytics updates
Sign-up to our monthly newsletter to get the latest updates and opportunities from our AI and Data Analytics Programme straight to your inbox.
Contact the team
Usman Ikhlaq
Usman Ikhlaq
Usman joined techUK in January 2024 as Programme Manager for Artificial Intelligence.
He leads techUK’s AI Adoption programme, supporting members of all sizes and sectors in adopting AI at scale. His work involves identifying barriers to adoption, exploring solutions, and helping to unlock AI’s transformative potential, particularly its benefits for people, the economy, society, and the planet. He is also committed to advancing the UK’s AI sector and ensuring the UK remains a global leader in AI by working closely with techUK members, the UK Government, regulators, and devolved and local authorities.
Since joining techUK, Usman has delivered a regular drumbeat of activity to engage members and advance techUK's AI programme. This has included two campaign weeks, the creation of the AI Adoption Hub (now the AI Hub), the AI Leader's Event Series, the Putting AI into Action webinar series and the Industrial AI sprint campaign.
Before joining techUK, Usman worked as a policy, regulatory and government/public affairs professional in the advertising sector. He has also worked in sales, marketing, and FinTech.
Usman holds an MSc from the London School of Economics and Political Science (LSE), a GDL and LLB from BPP Law School, and a BA from Queen Mary University of London.
When he isn’t working, Usman enjoys spending time with his family and friends. He also has a keen interest in running, reading and travelling.
Visit our AI Hub - the home of all our AI content:
