Skip to main content


Why Does SKYGEN Maintain HITRUST CSF® Certification?

It’s National Data Privacy Week, and SKYGEN is transparent about its commitment to protecting sensitive data and information.

data security

About a year ago, we announced our Enterprise System Software as a Service (SaaS) Benefit Administration solution had again earned Certified status in accordance with HITRUST CSF certification criteria. SKYGEN’s certification is at HITRUST’s highest level and is intended for large enterprises. The two-year certification is renewable after one year.

For years we’ve continued to maintain certification with HITRUST’s globally recognized standards because it’s evidence that we walk alongside our dental and vision clients in keeping members’ personally identifiable information (PII) and protected health information (PHI) private and secure.  

hitrust program


What is HITRUST Certification?

HITRUST develops and gives businesses access to data security and privacy management frameworks that are widely adopted worldwide. To establish these frameworks, HITRUST uses nationally and internationally accepted security and privacy-related regulations, standards, and frameworks such as ISO, PCI, COBIT, HIPAA, HITECH, and NIST. The aim is twofold: to help businesses be prepared for existing and emerging security and privacy risks and regulations, and to validate their readiness through certification. The HITRUST CSF can be downloaded at no charge

HITRUST’s onsite assessment of the organization’s data protection includes interviewing key employees, reviewing processes, and testing and scanning for vulnerability. The entire certification process can take up a to a year to complete. Businesses must pursue recertification annually, even if they earn the two-year certification. HITRUST has different levels of certification for companies in various sectors and of different sizes.

Security is at the Heart of SKYGEN’s Culture

HITRUST CSF Certification is an essential component of our approach to security. In fact, SKYGEN security controls are based on the HITRUST CSF because it ensures we remain at the forefront of industry best practices for information risk management and compliance. We utilize HITRUST controls for security enterprise-wide, from physical security and environmental security to security policy and risk management to communications and operations management. 

Our multipronged approach for the security of our systems in our data centers and our secure development processes also includes best practices for compliance with and enforcement of security requirements, internal and external measurement, and regular review and revision. 

Taken all together, it means security is central to everything we do at SKYGEN – it’s never an afterthought. Our dental and vision clients, their members, providers and brokers can be certain that whether they’re using our SaaS solution, one of our self-service digital portals, our Member Mobile app, or we’re handling dental or vision plan administration for them, we’re operating according to the highest standards of data protection. 

Personal healthcare information is among the most sensitive types of data in the world. Our transparency, our multipronged approach and our ongoing dedication to HITRUST CSF Certification are vital in maintaining the trust our clients have in us, and the trust their members have in them.
Mike Gardipee, Director of Software Development, describes SKYGEN’s multipronged approach to security in this short video. Watch now.

Update as of November 15, 2023: SKYGEN’s Enterprise System SaaS platform and data centers meet the HITRUST CSF® v9.3 Risk-based, 2-year (r2) certification criteria. Please click here for more information.

Learn how you can transform the delivery of health benefits with SKYGEN.