306 results found
-
Return single domain or control to correct inheritance
HITRUST should create a feature to allow inheritance by domain/control rather than the whole assessment being returned for a single control/domain inheritance request.
21 votes -
Make unique IDs readily apparent throughout MyCSF and within Reports and Analytics.
Unique IDs should be apparent throughout MyCSF and within all reports and analytic tools. For example, a user should not have the click on the "Expand" button within the Assessment to view the unique IDs. Unique IDs should also be available when linking documents, rather than trying to match up the statement language. All reports and analytic tools should reference unique IDs when presenting material by requirement statement.
46 votes -
Submit Individual Questions that are reverted to External Assessor
Capability that allows a user to submit a reverted Question to their External Assessor without waiting for the Domain and/or Assessment to be completed.
10 votes -
Flag for zero-occurrence / 0-pop requirements
HITRUST's guidance allows zero-population requirements to be scored at fully compliant on the implemented level IF a well-defined policy and procedure exists for the assessed entity to observe should the related activity occur. However, MyCSF doesn't currently do a good job of allowing assessed entities and assessors to efficiently communicate this scenario. Because MyCSF requires that evidence be linked to a scored implemented PRISMA level, assessors are often forced to tag the policy or procedure documents to the implemented PRISMA level in this scenario. To remedy, MyCSF should offer a flag (e.g., a checkbox) which can be used to communicate…
10 votes -
2 votes
-
All fields that appear in the final report should be indicated as such with an icon on the page
Within an Assessment, the tool should clearly indicate/label inputs that are included in the HITRUST issued Report.
16 votes -
Messaging Center within MyCSF
MyCSF should have a messaging center to allow individuals with access to an object (customers, assessors, HITRUST) to send and receive messages securely.
Message recipients would receive an email notification that would indicate: You have received a new message from <Entity> regarding <Assessment Object>. Please login to MyCSF and go to your message center to retrieve this message.
Additional Fields:
1. Object – allows selection of object based on those that you have access to.
2. Response Required – Checkbox used for SLA tracking purposes
3. CC – Multiselect restricted to those with access to selected object.
4. Attachment –…3 votes -
Show # of Assigned Users, Inheritance Requests, and Diary Entries in Header
Like there is for the Linked Documents modal, the header of the modal for Assigned Users, Inheritance Requests, and Diary Entries should indicate the count of the respective items.
2 votes -
Ability to store assessment documentation in the customer's cloud environment
An option to configure an assessment's documentation (workpapers, audit evidence) to reside in the client's cloud hosting provider instead of in MyCSF's default storage location, such as:
- Client's box.com
- Client's S3 bucket
- Client's Google drive
- Client's SharePointThis would require the client to grant the MyCSF application access into a specific area in their cloud environment. This would be very beneficial to customers who don't want to allow assessment documentation to leave their controlled environments.
This would also require MyCSF to store assessment documentation in a folder structure that can be navigated with something like Windows…
40 votes -
Ability to upload, access, and edit assessment documentation using something other than the Web interface
MyCSF should support common file handling protocols to manage assessment documentation. This should operate similar to how Web applications such as media servers (Plex, Ombi) and online document repositories (livelink, sharepoint) work... these allow the upload and accessing of files using a alternate protocols such as SAMBA, SCP, and SFTP. Any file and folder changes made using supported protocols are reflected in the Web application front-ends. MyCSF should function in a similar fashion.
If this existed, users wouldn't have to upload each and every file using our Web front-end nor would they have to manually associate each artifact to the…
4 votes -
Ability to automatically associate documents with requirement statements and PRISMA levels during bulk upload using a folder structure
When doing a bulk upload of documents (screenshots, workpapers, etc.) via a compressed zip archive using the bulk upload functionality, users should be able to automatically associate documents with requirement statements and PRISMA levels (e.g., policy) using a defined folder structure within the archive.
The folder structure can be something like this:
-- domain
--- requirement statement ID
---- policy
---- process
---- implemented
---- measured
---- managedDocuments present in these folders would be (a) uploaded, (b) associated with the requirement statement, and (c) tagged to the PRISMA levels
9 votes -
Users should be able to add documents to an assessment using email
Users should be able to add documents (e.g., screenshots, workpapers, validated report agreement, participation letter) by simply emailing a MyCSF email address, similar to what TripIt lets you do with travel itineraries. There should be a way to specify in the email body and/or subject which assessment, CSF requirement statement(s), and PRISMA levels that the document should be linked to.
3 votes -
External assessor timesheet should have drop-downs on the name fields
- Name fields on the external assessor timesheet should be drop-downs pre-populated with all of the assessor’s users who have access to that object (with the option to still manually type in a name if not in MyCSF).
- When selected, the CCSFP numbers should auto-populate as well.
7 votes -
Custom Reporting
Users should have the ability to write custom reports, build custom charts, and save these for later usage. Something similar to Microsoft PowerBI or an equivalent product.
28 votes -
Option to disable test environment notifications.
Allow notifications from test environments to be turned off.
11 votes -
tool tips
Create "tool tips" pop up information showing features in MyCSF. Would be a lightbulb or similar icon highlighting when new functionality is added, and when all tips are viewed, goes to a sleep state. New functionality would cause the indicator to go back to a highlighted state. Should also be searchable like other process documents.
4 votes -
Search all attached documents for keyword(s)
MyCSF should allow users to perform a keyword search throughout all attached documents. While this obviously wont search screenshots and non-OCR'd PDFs, the ability to do a mass search of all uploaded documents in one run would be valuable.
21 votes -
Draft report automatic removal
MyCSF will automatically delete the draft report files 7 days after the final reports are posted.
5 votes -
Data Localization
Ability for an Organization to select what locale (Americas, Europe, and Asia) to where their data is hosted.
4 votes -
Date of Submission should be when HT approves Assessment
Date of Submission should be when HT approves Assessment
9 votes
- Don't see your idea?