techUK Ltd.

06/09/2025 | News release | Distributed by Public on 06/09/2025 03:11

AI Risk Management and AI Security Certification: What’s the Difference

Industry views
09 Jun 2025

AI Risk Management and AI Security Certification: What's the Difference?

As AI continues to gain momentum, organisations face new risks, challenges, and security concerns. In response, HITRUST launched two comprehensive AI assurance solutions in 2024.

1. HITRUST AI Risk Management Assessment

2. HITRUST AI Security Assessment and Certification

Let's explore.

Common features

Before diving into each solution's unique attributes, it's important to note that both AI Risk Management and AI Security Assessments share several foundational HITRUST capabilities.

  • Prescriptive, harmonised controls

    Each AI assessment leverages HITRUST's rigorous, prescriptive controls built on a harmonised framework that reflects leading standards such as ISO/IEC 23894:2023, NIST RMF, and more.

  • Cyber threat-adaptive framework

    HITRUST regularly updates control sets to address evolving AI threats. This continuous refinement ensures that both AI assessments stay current with emerging risks.

  • Powered by MyCSF

    Both solutions use HITRUST's SaaS platform, MyCSF, enabling organisations to efficiently manage assessments and securely share results and reports with stakeholders.

  • Credibility and reliability

    HITRUST has an established track record in cybersecurity assurance, providing globally recognised methodologies that organisations of all sizes can trust.

HITRUST AI Risk Management Assessment

Purpose

The HITRUST AI Risk Management Assessment is designed for organisations seeking a targeted evaluation of their AI risk management practices.

Key features

  • Non-certified solution: Evaluates AI risk management without the formalities of a certification process
  • 51 AI-specific controls: Focuses on AI risks based on 51 controls, helping you pinpoint vulnerabilities and prioritise improvements
  • Self-evaluation: Allows flexibility to perform a standalone self-assessment or engage a HITRUST External Assessor for independent testing
  • Cost-effective entry point: Offers a cost-effective way to begin identifying and addressing AI-related risks
  • AI RM Insights Report: Delivers clear, detailed scoring mapped to ISO/IEC 23894:2023 and NIST RMF v1.0, including color-coded scorecards, gap analysis, and next-step recommendations

Ideal for

  • AI users and producers looking for a flexible approach to assess AI risks
  • Organisations wanting a low-barrier, targeted way to identify AI gaps
  • Teams looking to create or refine an AI risk management program but not yet ready to pursue formal certification

HITRUST AI Security Assessment and Certification

Purpose

The HITRUST AI Security Assessment and Certification is a higher-level assurance solution that validates the security of AI systems in a formal manner.

Key features

  • Certified validation: Results in a HITRUST AI certification that demonstrates the highest level of security assurance to stakeholders
  • 44 security controls: Focuses on the security and privacy of AI platforms with 44 controls, which can be tailored based on specific use case scenarios
  • Independent, centralised quality review: Includes third-party validation and centralised quality review, demonstrating rigorous testing and reliable results
  • Inheritance: Allows to inherit AI controls from cloud service providers and other vendors that already have HITRUST-certified systems
  • Seamless add-on to HITRUST cybersecurity assessments: Can be added to any of HITRUST's core assessments (e1, i1, r2), ensuring comprehensive coverage of both cybersecurity and AI security in a unified approach

Ideal for

  • AI developers and deployers seeking a formal certification that can be shared with customers, regulators, and partners
  • Organisations looking to align AI security controls with recognised frameworks (e.g., NIST, ISO/IEC, OWASP) and consolidate compliance efforts
  • Teams that proactively want to stay ahead of new AI security threats

Which one is right for you?

If you're exploring AI risks, processes, and gaps, choose the HITRUST AI Risk Management Assessment to gain deep insights without the pressure of achieving certification. This approach offers an entry point to identify AI risks and build a roadmap for improvement cost-effectively.

If you need formal recognition, choose the HITRUST AI Security Assessment and Certification to showcase a validated, independently reviewed AI security posture. This ensures your stakeholders have the assurance they need regarding your organisation's AI security readiness.

Bottom line

HITRUST's AI assurance addresses the evolving landscape of AI risk, compliance, and security. You will benefit from HITRUST's proven framework, advanced tools, and industry-leading approach whether you opt for the AI Risk Management Assessment or the AI Security Assessment.

HITRUST's flexible solutions help ensure AI technologies are deployed responsibly, securely, and with optimal risk management no matter your organisation's sise or AI maturity. Choose the solution that best aligns with your goals - risk-focused or security-focused - to confidently navigate the complexities of AI adoption while meeting stakeholder expectations for transparency and assurance.

Visit the HITRUST AI Hub for more information on how HITRUST can help you secure, manage, and certify your organisation's AI systems.

techUK - Seizing the AI Opportunity

The UK is a global leader in AI innovation, development and adoption.

The economic growth and productivity gain that AI can unlock is vast, but to fully harness this transformative opportunity, immediate action is required. Our aim is to ensure the UK seizes the opportunities presented by AI technology and continues to be a world leader in AI development.

Get involved: techUK runs a busy calendar of activities including events, reports, and insights to demonstrate some of the most significant AI opportunities for the UK. Our AI Hub is where you will find details of all upcoming activity. We also send a monthly AI newsletter which you can subscribe to here.

Upcoming AI events

10 June 2025

AI Assurance in Financial Services

Online Webinar
17 June 2025

techUK Industrial AI sprint campaign: scaling Industrial AI (panel & meetup)

19 June 2025

AI Assurance in Education

Webinar

Latest news and insights

09 Jun 2025

AI Risk Management and AI Security Certification: What's the Difference?

Industry views
06 Jun 2025

Why UK Tech Companies Are Betting Big on Offshore Teams in India, and Why You Should Too

London Tech Week blog from Praveen Kumar DK, Co-founder of InsourceIndia

Industry views
06 Jun 2025

Britain can shape the AI track through integrity and innovation

London Tech Week blog from Fay Cooper, Chief Product Officer, Scrumconnect Consulting

Industry views

Subscribe to our AI newsletter

AI and Data Analytics updates

Sign-up to our monthly newsletter to get the latest updates and opportunities from our AI and Data Analytics Programme straight to your inbox.

Contact the team

Usman Ikhlaq

Programme Manager - Artificial Intelligence, techUK

×
Usman Ikhlaq Programme Manager - Artificial Intelligence, techUK Usman joined techUK in January 2024 as Programme Manager for Artificial Intelligence. He leads techUK's AI Adoption programme, supporting members of all sizes and sectors in adopting AI at scale. His work involves identifying barriers to adoption, exploring solutions, and helping to unlock AI's transformative potential, particularly its benefits for people, the economy, society, and the planet. He is also committed to advancing the UK's AI sector and ensuring the UK remains a global leader in AI by working closely with techUK members, the UK Government, regulators, and devolved and local authorities. Since joining techUK, Usman has delivered a regular drumbeat of activity to engage members and advance techUK's AI programme. This has included two campaign weeks, the creation of the AI Adoption Hub (now the AI Hub), the AI Leader's Event Series, the Putting AI into Action webinar series and the Industrial AI sprint campaign. Before joining techUK, Usman worked as a policy, regulatory and government/public affairs professional in the advertising sector. He has also worked in sales, marketing, and FinTech. Usman holds an MSc from the London School of Economics and Political Science (LSE), a GDL and LLB from BPP Law School, and a BA from Queen Mary University of London. When he isn't working, Usman enjoys spending time with his family and friends. He also has a keen interest in running, reading and travelling. Email: [email protected] LinkedIn: https://uk.linkedin.com/in/usman-ikhlaq,https://uk.linkedin.com/in/usman-ikhlaq

Visit our AI Hub - the home of all our AI content:

Return to listing
techUK Ltd. published this content on June 09, 2025, and is solely responsible for the information contained herein. Distributed via Public Technologies (PUBT), unedited and unaltered, on June 09, 2025 at 09:11 UTC. If you believe the information included in the content is inaccurate or outdated and requires editing or removal, please contact us at support@pubt.io