I think the intent here is to note that there may be business requirements about these that affect the security of your business.
For example, if anyone pays you through credit cards, PCI DSS is non-optional. Certain transactions of health information will require Hitrust. Without them, you won't be able to do business, and while they seem large (PCI DSS if you have another company handle the cards, is a very simple self-assessment.)
IME the human time cost and direct expense associated with obtaining HITRUST, even if you've already done SOC2, is roughly in line with buying a Lamborghini.
wglb|4 years ago
For example, if anyone pays you through credit cards, PCI DSS is non-optional. Certain transactions of health information will require Hitrust. Without them, you won't be able to do business, and while they seem large (PCI DSS if you have another company handle the cards, is a very simple self-assessment.)
sk5t|4 years ago
ghiculescu|4 years ago