Editions   North America | Europe | Magazine


RR Donnelley Receives Attestation of Compliance with HITRUST CSF Information Security Framework

Press release from the issuing company

CHICAGO - R. R. Donnelley & Sons Company (NYSE:RRD), a leader in integrated multichannel marketing and business communications, announced today that it is among the first companies to have successfully leveraged and integrated the HITRUST Common Security Framework (CSF) program into the annual SOC2 audit process. HITRUST CSF is an information security framework created to meet the specific needs of the healthcare industry. The completed SOC2+CSF report attests to RR Donnelley’s compliance with the HITRUST CSF controls and three of the AICPA Trust Principles.

“RR Donnelley has always emphasized the importance of data security for all of the customers that we serve across a broad range of industries, including healthcare,” said Dan Knotts, RR Donnelley’s President & Chief Executive Officer. “We are pleased to have the opportunity to provide yet another example of our commitment to ensuring the confidentiality of the sensitive information that our customers entrust us to handle on a daily basis.”

RR Donnelley was an early supporter of and is committed to the integration of the SOC2 reporting process with the HITRUST CSF controls, and serves as a founding member on the HITRUST Business Associate Council. RR Donnelley was also one of the first companies to complete the SAS70 on data security more than a decade ago, and then one of the first companies to adopt the AT101 SOC2 when it replaced the SAS70.

“Our security and compliance program is built on the AICPA Trust Principles of Data Security, Data Confidentiality, and Data Availability, so integrating the HITRUST CSF controls was a natural evolution for us,” said Dr. Pete Tiemeyer, RR Donnelley’s Chief Information Security Officer.

“We are pleased to be positioned as early adopters of this new framework, recognizing that HITRUST CSF is widely relied upon by the healthcare industry to ensure the protection and confidentiality of their information. It’s important to the Company that we continue to invest in areas that make a difference to the security of all of our customers.”



Join the discussion Sign In or Become a Member, doing so is simple and free