How is the sample of Requirement Statements within an interim assessment selected for testing?

During an interim assessment for r2 certifications, only a subset of Requirement Statements is retested. This sample is not determined manually by assessors or clients but is systematically generated by MyCSF. The tool ensures randomness and fairness while including mandatory items such as:

Requirement Statements with open gaps from the prior validated assessment.

Requirement Statements with active Corrective Action Plans (CAPs).

A random selection of additional requirements to confirm continued control performance.

This approach balances efficiency and assurance. It ensures that areas of previously identified weakness are re-examined while still sampling across the broader control set. By automating sample selection, HITRUST prevents bias and ensures consistency across interim reviews.