40 results found
-
Ability to upload, access, and edit assessment documentation using something other than the Web interface
MyCSF should support common file handling protocols to manage assessment documentation. This should operate similar to how Web applications such as media servers (Plex, Ombi) and online document repositories (livelink, sharepoint) work... these allow the upload and accessing of files using a alternate protocols such as SAMBA, SCP, and SFTP. Any file and folder changes made using supported protocols are reflected in the Web application front-ends. MyCSF should function in a similar fashion.
If this existed, users wouldn't have to upload each and every file using our Web front-end nor would they have to manually associate each artifact to the…
4 votes -
3 votes
-
Apply all button when uploading evidence
When uploading similar evidence to different controls you are presented with 3 options:
"replace this document", "Link to the existing document", & "skip this document"
It would be nice if there was an apply all option that you could click if you plan to link to existing documents for everything you are uploading as opposed to having to click that button 10+ times.
3 votes -
Bulk export and archive of an object
At times our organization has reached our object capacity. We would like to export all of our entire object and reports, but it is currently a manually intensive process. For peace of mind, we want to export everything from a previous object, then archive or delete it. Current the process is manual with reports having to be downloaded one at a time. A bulk download and export feature would be so nice.
3 votes -
allow documents to be tagged as third party assurance reports in interims, bridges, and readiness assessments
Allow documents to be tagged as third party assurance reports in interims, bridges, and readiness assessments. Currently they can only be tagged as such in validated assessments.
3 votes -
Users should be able to add documents to an assessment using email
Users should be able to add documents (e.g., screenshots, workpapers, validated report agreement, participation letter) by simply emailing a MyCSF email address, similar to what TripIt lets you do with travel itineraries. There should be a way to specify in the email body and/or subject which assessment, CSF requirement statement(s), and PRISMA levels that the document should be linked to.
3 votes -
[BL] Document Version Control
Ability to version documents in the tool
3 votes -
Policies and Procedures Template per CSF version
Build a Template Policy and Procedure Set for each MyCSF version. Everyone is wasting time and often misaligned when building policies, procedures, standards, guidelines, and plans to comply with HITRUST. I (and I'm sure others) would value HITRUST creating a compliant set of Policies and Procedures that we can implement with minor changes. Either build in a reference section to each document (that shows the MyCSF control it is addressing) or provide a master index, liked HITRUST and other frameworks. While the policy and procedure sets till needs to be audited and certified, it shifts the focus to certifying at…
2 votes -
Unlock Doc Repository when any Task are created during QA
Unlock Doc Repository when any Task are created during QA
2 votes -
[BL] Data Type Classification for Documents
MyCSF should include the data type classification for documents. Example- if a document type is Classified and/or Confidential then only users within the organization should be able to view that document. Should also be a classification type that is acceptable for Assessors to view.
2 votes -
[BL] Remove required documents from Recreated Certified Assessments
DIsable the check for the Assessment Required Document (e.g. Rep Letter Timesheet etc..) for the Assessment for Interim purposes.
2 votes -
in document descriptions when entering docs into Hitrust it is fine if you link to a document already uploaded but you should be able to add
you should be able to add individual description in different sections of CSF to a document that already exist... as the same document may address different controls.. having to use the same description can be confusing... descriptions for a document should be able to be different in different sections of MYCSF
1 vote -
System Documentation Definition
Define System Documentation in the Glossary of Terms
1 vote -
dennis.palmer@hitrustalliance.net
notifications on document change
1 vote -
Include dates when files are uploaded
It would be nice to see if we could have dates of when files are uploaded. It can be very confusing when evidence is similar and there is no reference date of when it got uploaded.
1 vote -
HITRUST Assessment Markup Language
This would allow an assessed entity or assessor to highlight and mark test in documents and automatically create a link to the control requirement statement from which it was accessed and allow them to select the maturity domain that the highlighted text supports. This could also be granular enough to allow it to tie to requirement criteria as defined in illustrative procedures and listed in MyCSF.
1 vote -
Adding a "LINKAGE" sheet in uploaded Excel workbooks tells MyCSF where to link the sheet throughout the assessment
Linking evidence throughout an assessment is time-consuming. To make it a tiny bit easier, and specifically when adding an Excel file as evidence, MyCSF should look for a LINKAGE worksheet in the uploaded workbook. If found, MyCSF should use the contents of that LINKAGE sheet to know where to link the workbook throughout the assessment.
The contents of the linkage sheet could be as simple as:
• column A: BUID or CVID of the requirement to link the workbook to
• column B: Link to the Policy level (Yes/No)
• column C: Link to the Process level (Yes/No)
• column…1 vote -
Preserve state when tree-traversing to Linked Documents for the Upper-Left 'Back-Arrow' Button
Having traversed four tree levels from the Assessment Selection level to a particular Linked Document in MyCSF and (subsequently) reviewed it, use of the Back-Arrow Button in the upper left of the window results in being immediately returned to the Assessment selection level (i.e. back four levels; out of the Assessment altogether) rather then the more intuitive expectation of stepping back one level at a time in the reverse of how one arrived at the Linked Document. Additionally, the "Close" button (which does follow the more expected path of closing the document and beginning the step-wise reverse traversal) may not…
1 vote -
When no documentation has been added, please add an alert saying 'no documentation has been linked, are you sure you want to proceed?"
Please create a warning alert or prevention function that requires the statement owner to upload the appropriate supporting documentation.
1 vote -
Auto-associating uploaded evidence based on special strings in filenames
When a file is uploaded evidence into an assessment, MyCSF should be able recognize special strings filename to automatically link the file with control maturity levels and/or requirements.
Some examples:
• A document uploaded with a title of "New hire population [Imp].xlsx" would automatically be linked to the requirement's implemented level.
• A file titled "IT security policies [Pol, Pro].pdf" would automatically be linked to the policy and procedure levels.
• An uploaded document with a title of "Termination samples IMP 3334.0.xlsx" would automatically be linked to the implemented level of the requirement with the CVID of 3334.0.This could…
1 vote
- Don't see your idea?