333 results found
-
Evaluative Elements Report
Create a report that shows a list of the Evaluative Elements for each requirement statement similar to the Illustrative Procedures report - this will help both assessors and assessed entities with ensuring that they are meeting the EEs when working in offline testing workbooks without clicking into each requirement statement within MyCSF.
15 votes -
Deminar screenshots visibility
The screenshots in deminar are not visible
0 votes -
New Environment test
Azure test
1 vote -
Include dates when files are uploaded
It would be nice to see if we could have dates of when files are uploaded. It can be very confusing when evidence is similar and there is no reference date of when it got uploaded.
1 vote -
Map CSF to COSO Principles
Map CSF controls to COSO Principles in the HITRUST CSF Authoritative Sources Cross Reference
1 vote -
Have Salesforce publish an SRM
It appears that Salesforce does not have an SRM available. As a widely used product it may benefit many subscribers if they published an SRM for use.
2 votes -
HITRUST Assessment Markup Language
This would allow an assessed entity or assessor to highlight and mark test in documents and automatically create a link to the control requirement statement from which it was accessed and allow them to select the maturity domain that the highlighted text supports. This could also be granular enough to allow it to tie to requirement criteria as defined in illustrative procedures and listed in MyCSF.
1 vote -
collaboration
Very confusing whether multiple people can work in an assessment at one time or not. Sometimes save works, sometimes it doesn't and reverts to previous states. Make it clear how it works with clear UX like in google docs.
2 votes -
Include the HITRUST requirement ID in the Reports
Please re-configure the Reports under Analytics to ensure that Requirement ID is part of the data pull. We manage this work at a requirement level and currently, every report that we run we have to do a cross-reference to pull in the requirement ID.
26 votes -
Update "Change / Cancellation Policy" section on the Reservation tab
Can you update the "Change / Cancellation Policy" section on the Reservation tab to include the requirement that your submission date cannot be less than 2 weeks before the QA block selected. This requirement is not written out anywhere online but is enforced.
1 vote -
Make it easier to recall or reverse and assessment
It is difficult to reverse an assessment if a domain has been submitted. I am proposing making it easier for a submitter to reverse an assessment if it was submitted in error. Or add functionality so that organizational information can be updated even if a domain has been submitted for an external assessor review.
1 vote -
Allow submission of assessments prior to renewal date without changing annual renewal date
Currently, if we want to maintain our annual reassessment date, we need to submit our assessment on that specific date (i.e., we cannot submit an assessment earlier if it is ready). We should be able to submit at any point and mark the date of the submission, or simply keep the annual assessment date unless a different date is requested.
9 votes -
Allow select-all for Facilities in Platforms/Systems table
When selecting the facilities where a platform/system is running, have the option to select all facilities rather than needing to go one-by-one.
2 votes -
Applications & Databases are mandatory fields in the Platforms/Systems table, mark them as such when the table is being filled out.
When completing the Platforms/Systems table, some fields are marked mandatory. The Applications & Databases fields are not. However, HITRUST QA requires something to be included here. Please mark these fields as mandatory up front to minimize these QA tasks/findings.
2 votes -
Move Illustrative Procedures Link to Main Control Page for Easier Access
Move the linked illustrative procedures button/link to the main expanded view of the individual control, as oppose to having to click "More Info".
10 votes -
Selecting filtered inheritance requests should not select ALL inheritance requests
Steps to reproduce: Filter on rejected inheritance requests. Click "select All". Click on "remove" to delete the rejected requests. Poof! All your inheritance requests, even those already approved, will be gone. You can verify this without actually deleting them by clicking over to other views and observing all inheritance requests are selected after just selecting the rejected requests. Recovering from this bug is a manual, time consuming process.
1 vote -
Organize compliance factors by type
It would be helpful to organize the various authoritative sources on the factors page by type, similar to how the sources are organized in Microsoft's Trust Center. See pic for their example.
2 votes -
Adding a "LINKAGE" sheet in uploaded Excel workbooks tells MyCSF where to link the sheet throughout the assessment
Linking evidence throughout an assessment is time-consuming. To make it a tiny bit easier, and specifically when adding an Excel file as evidence, MyCSF should look for a LINKAGE worksheet in the uploaded workbook. If found, MyCSF should use the contents of that LINKAGE sheet to know where to link the workbook throughout the assessment.
The contents of the linkage sheet could be as simple as:
• column A: BUID or CVID of the requirement to link the workbook to
• column B: Link to the Policy level (Yes/No)
• column C: Link to the Process level (Yes/No)
• column…1 vote -
5 votes
-
API for External Assessor
Similar to the customer's offline assessment, the external assessors would like to have this ability as well.
2 votes
- Don't see your idea?