-
Configurable alerts in the QA reservation system of newly available QA blocks
Can a module and/or alerting capability be built in the QA reservation system to allow External Assessors to see available QA blocks without having to “Modify” an existing customers reservation. This would assist in project planning with prospect HITRUST clients and allow Assessors to see new openings if we are trying to improve a clients QA reservation.
3 votes -
Related Requirements
suggest related requirements that may be met with an uploaded document.
For example, a policy is loaded to support 00.a. A dropdown or picklist would be populated with other 00.a control requirements.3 votes -
2 votes
-
2 votes
-
CAP Usability Issues
When using the Filter on CAPs there are some serious usability issues. First, the filter does not dynamically update so when you, for example, filter on Status of "Not Started" and then update said status you are returned to the list with the newly updated CAPs which now have a status of "Started - On Track" displayed in the list, so it requires the user to navigate down every time they enter a new status update for a different record.
Furthermore, the list is limited so you must click the "Load More" button. So after filtering you are presented with…2 votes -
Data Clean Up
remove acccess to previous subscriber's data if non renewal
2 votes -
open support incident via standalone button
Add a button/option to the top menu bar (or in the "need help" pop-out to start a support incident. Currently customers need to either chat, email, or call in a support incident and there is no way to directly start a support incident.
2 votes -
SSO through OIDC or SAML
SSO through OIDC or SAML. For a framework that places a heavy emphasis on role-based access controls and centralized identity management it seems only fitting that HITRUST implemented either OIDC or SAML.
9 votesUnder Specification · 2 comments · Administration & Security · Flag idea as inappropriate… · Admin → -
Selecting filtered inheritance requests should not select ALL inheritance requests
Steps to reproduce: Filter on rejected inheritance requests. Click "select All". Click on "remove" to delete the rejected requests. Poof! All your inheritance requests, even those already approved, will be gone. You can verify this without actually deleting them by clicking over to other views and observing all inheritance requests are selected after just selecting the rejected requests. Recovering from this bug is a manual, time consuming process.
1 vote -
Add field in Assessment Report to show if requirement statement has been inherited
Add field in Assessment Reports and Custom Dashboards to show if a requirement statement has been inherited.
2 votes -
Inheritance - verify before removal
Under inheritance section, can a notice be populated to request user's confirmation to verify and confirm the removal of inheritance before removing inheritance, regardless of status. This will help avoid accidental removal of applicable approved inheritance.
2 votes -
When viewing the linked documents for a particular Requirement Statement, documents should download with the original file name.
Linked documents, when downloaded from the linked documents pop-up, are first previewed in the new document preview window, and when downloaded, are presented with a guid-style file name instead of the original name.
3 votes -
When partial inheritance is utilized MyCSF should display the client score, inherited score, and aggregate score
When the client and assessor are viewing requirement statements for which partial inheritance is utilized, it is extremely hard to tell what score is being displayed and how it was calculated. Depending on the state of the requirement statement, you may be seeing the client's score or the aggregate score after the inherited portion of the score was averaged in. MyCSF does not indicate which score you are seeing.
Instead of only displaying the aggregate score, MyCSF should display the client's score, inherited score, and aggregate score. This will increase transparency into the inheritance calculation that is happening automatically and…
42 votes -
Organize compliance factors by type
It would be helpful to organize the various authoritative sources on the factors page by type, similar to how the sources are organized in Microsoft's Trust Center. See pic for their example.
1 vote -
How
There is no clear way to create a help desk ticket. When I open the "Need Help?" window there are links to suggest resolving an issue but if the problem isn't listed there's no further link or instructions on how to open and create a ticket for someone to get back to me. You need to make this option available and intuitive.
2 votes -
RDS
Add RDS button to the top panel - not intuitive as to how to get back to the options page
2 votes -
Adding a "LINKAGE" sheet in uploaded Excel workbooks tells MyCSF where to link the sheet throughout the assessment
Linking evidence throughout an assessment is time-consuming. To make it a tiny bit easier, and specifically when adding an Excel file as evidence, MyCSF should look for a LINKAGE worksheet in the uploaded workbook. If found, MyCSF should use the contents of that LINKAGE sheet to know where to link the workbook throughout the assessment.
The contents of the linkage sheet could be as simple as:
• column A: BUID or CVID of the requirement to link the workbook to
• column B: Link to the Policy level (Yes/No)
• column C: Link to the Process level (Yes/No)
• column…1 vote -
CAP Management is far too time consuming
CAP management, especially when creating cloned objects to simply run hypothetical scenarios or to plan for a future, is far too inefficient.
There needs to be the ability to "select" via a check box all of the "links" to a CAP and delete them all at once.
There also needs to be the ability to do the same at the CAP level so that they can be deleted en masse.
It should not take anywhere from 10-80 (!!!) individual clicks and actions to simply delete a CAP.2 votesThis is an excellent idea, and it's actually already included in a CAP handling and reporting improvement initiative slated for roll-out a little later this year. I attached a screenshot of the mock-up. Thanks for the feedback and for your patience as we continue to improve the CAP functionality in MyCSF. If you're interested, we're happy to have a call to walk you through the rest of the CAP enhancements included in the initiative.
-
API for External Assessor
Similar to the customer's offline assessment, the external assessors would like to have this ability as well.
1 vote -
Ability to inherit just the policy level (or just the policy and process levels)
Add the ability to inherit specific control maturity levels (e.g., just policy, just policy and process). This will be very helpful for internal inheritance, for situations where the same policies are used by the whole organization.
1 vote
- Don't see your idea?