88 results found
-
[BL] Required Fields for CAPs
Specifically, for validated assessments we’d like the tool to prevent a CAP from being saved unless the following fields are populated:
• Name
• Corrective Action
• Status
• Point of Contact / Owner
• Scheduled Completion DateFurther, the tool should prevent a “Scheduled Completion Date” from being greater than 2 years from the management rep. letter date.
If a user tries to hit the confirm button with any of these fields blank, the tool should alert the user about which blank field is preventing them from proceeding.
15 votes -
Automatic email of Assessment Status
The system shall automatically send detailed email notifications of the Assessment Status to Assurance Members, Clients, and External Assessors.
12 votes -
Internal Inheritance should be allowed from any CSF Version
The system shall allow Internal Inheritance from any CSF Version.
In QA, currently the system only allows you to apply Internal Inheritance on an Assessment Statement if both Assessment's has the same CSF Version. The system should allow you to apply the inheritance if the CSF Version is different- like External Inheritance.
11 votes -
Phase out password rotation
I'm re-upping the Declined idea of phasing out password rotation. It's a bad requirement.
The following requirement I believe will eventually be less common as companies are moving away from rotating passwords and might need to be inclusive of all methods going forward as password rotating will probably be slowly phased out.
ID: 1031.01d1System.34510 “The organization changes passwords for default system accounts, at first logon following the issuance of a secure temporary password, when there is a suspected compromise, and no less than every 90 days for regular accounts or 60 days for privileged (i.e., administrator accounts).”
It has been…
2 votesImplemented with latest CSF v9.4 update
-
Reservation-based QA
QA times should be reservation-based instead of the current first come, first served model.
10 votes -
Permit the changing of the Offline Assessment filename
Today, the name of the Offline Assessment file must remain as is. This proposed change would allow the file name to be altered post download. The tool would throw a warning when a file is uploaded with an altered name, but ultimately the user could confirm and the file would be processed.
7 votes -
[BL] Unique ID on the Illustrative Procedures Report
Add the Unique ID to the Illustrative Procedures Report.
9 votes -
Force additional edit checks on CAP's during Interim Assessments
Functionality that requires that the Assessor responds to a CAP's Status.
6 votes -
Google Maps integration
When completing the “Primary Mailing Address” and Facility’s address fields during the Pre-Assessment as well as Management Representation Letter, MyCSF should integrate Google Maps Address Validation to ensure the City/Town, State/Province/Region, Country, and Zip/Postal Codes are accurate
4 votes -
Add feedback textbox to provide a justification as to why an inheritance was rejected
Add two boxes within the inheritance portal that CSP providers can give feedback to the inheritance requests. This will be useful to provide feedback on why an inheritance was rejected. Ideally, there should be two approvals, one for the requirement and one for the weight.
3 votes -
Split HIPAA into Sub-Categories
The existing HIPAA Regulatory Factor is too broad and sometimes causes undesired HIPAA sections to be introduced into an Assessment. Use the new nesting functionality to split HIPAA into its sub-categories.
1 voteImplemented with latest CSF v9.4 update
-
Ability to simulate changes to an assessment
MyCSF should have the capability to take an object and simulate changes in the pre-assessment such as changing factors. The simulation should allow the user to see what requirement statements would be added/subtracted along with the current status of those requirement statements (eg: scored, N/A, validated by assessor, etc).
5 votes -
[BL] Date provided when file is uploaded and updated
I would like to submit a feature request to be able to identify the date a file was uploaded/updated in the Documents screen. That would be extremely helpful in identifying new evidence when performing assessor reviews.
4 votes -
Add controls specifications to each inheritance request to inform on percentage of inheritance
For controls that are shared between the CSP and the customer, HITRUST should add the controls specification related to each requirement, and have the customer list which controls specification is the CSP provider responsible for implementing. The percentage (weight) of the inheritance request will be based on the number of controls specification that the CSP is responsible for implementing relative to the total controls specifications associated with the requirement.
2 votes -
More explanation on the offline documentation spreadsheet's options
The two checkboxes available when using the offline assessment's documentation spreadsheet are not intuitive... how are users to know what "Ignore blank cells" and "Preserve documents" means? Please add more verbose explanations next to the checkboxes describing their purpose and use.
3 votes -
Automated “Acceptance Letter” Generation/compile
When a Validated Assessment is accepted / successfully checked in and enters the state of “Undergoing QA” for the very first time, MyCSF should automatically generate and digitally sign. This letter should automatically be generated and automatically be signed with HITRUST’s signature using a commercial electronic signature API (e.g., Concord Contract Management, DocuSign). In addition to pre-defined / canned text (as specified in Content Management), the following information from the Validated Assessment should be included on this letter:
4 votes -
Move the Offline Assessment to the Assessment Homepage
The Offline Assessment link to initiate, download, and upload an Offline Assessment should be moved to the Assessment Homepage in order to bring more awareness for the functionality.
3 votes -
[BL] Make visible the Participation Agreement and Org Overview for Assessed Entity
Enable the Org Overview Scope as well as the Participation Agreement for the client roles of the Assessment.
4 votes -
[BL] Update Interim Assessor Label
For an Interim Assessment change the Assessor Label from "Assessor Agrees that control requirement is in place and effective." to "Assessor agrees with the client"
2 votes -
[BL] Self-Assessment: Logo and Signature upload to Rep Letter
For Self-Assessments the Rep Letter required document should be modified to remove both the template download as well as the rep letter import field. In their place the tool should have two file attachment inputs that enable them to upload their company's logo as well as the Assessment POC's signature. These two uploads will be used to auto-create the rep letter.
4 votes
- Don't see your idea?