313 results found
-
Additional feedback to Enumerate Illustrative Procedures...
Illustrative Procedures are presented in 'narrative' form. Given that the number of 'elements' in an Illustrative Procedure factors into the scoring formula, might not be optimum as ambiguous results can arise based on individual interpretation of the number of elements (not everyone is a champion sentence parser). Ergo, suggestions for revised Illustrative Procedures could be:
1) Bulletized elements with a numeric count provided; or
2) Embedded numbering (e.g. 01, _02, 03, etc.) to identify each salient element again with a numeric count.Additionally, dynamically providing enough blank fields (i.e. # of elements * 5 maturities) in client response areas…
6 votes -
1 vote
-
Notification could be in RED Color?
NO VALIDATED ASSESSMENT REPORT CREDITS AVAILABLE ASSESSMENT DOMAINS - This notification could be in RED Color?
1 vote -
Group assessments
Group assessments by year
3 votes -
Drop Down for Contact and Interviewed Names
Have the ability to have once place where interviewed names would be captured and then when populating the control artifacts, you have the ability to select from a drop down of pre-populated names and titles, instead of having to type each persons name and title for each and every control. This would save time.
2 votes -
Bulk Deletion
This is especially relevant to cloned assessments in my experience, but it would be nice if MyCSF had a feature to bulk-delete uploaded documents in the "Documents" section.
5 votes -
Customize User Profile
User ID profile picture
1 vote -
Display unsent External Inheritance Requests in Assessor view also
Can you add the External Inheritance status to the main page for the Assessor view also? The status is displayed on our client's view and it would be good to have the same status in the Assessor view so that we can track and ensure our clients indeed submitted the inheritance requests to the external entity.
6 votes -
michael.frederick@hitrustalliance.net
Allow for offline interim assessments with same features as full assessments.
1 vote -
michael.frederick@hitrustalliance.net
When an interim is generated it should also pull the documentation that was linked into the document library for the assessment and show the names of the documents within the expanded control requirement statement window. This will allow for all work to be done from within the interim versus having to hop between it and its associated full assessment. It would not link the documents, just pull them into the library and provide the listing. Links can be added once documents are updated for most current version.
4 votes -
Report for Illustrative Measurements
Figuring out how to demonstrate and measure proof of compliance was a steep learning curve. The illustrative measurements were extremely helpful, but I spent a lot of time having to dig for them and reformatting them to make them more readable and easier to search. Being able to sort the measurements by unique ID, CSF objective, and system/organizational would be a powerful feature.
3 votes -
Making primary contacts get notified for all assessments a company has
I am the primary contact for my company. The current model requires a client to select me for an assessment or I don't see the assessment. Because of staff turnover I may not have been assigned to a previous assessment. I need to be notified of all assessments my company has and should be a default for all notifications since I am the primary contact.
2 votes -
Sort Corrective Actions Plans By Completion Date
You should be able to sort CAPs by their Scheduled Completion Date.
3 votes -
SSO through OIDC or SAML
SSO through OIDC or SAML. For a framework that places a heavy emphasis on role-based access controls and centralized identity management it seems only fitting that HITRUST implemented either OIDC or SAML.
12 votes -
For assessments using the new webforms, MyCSF should validate email addresses for VRA and rep letter signatures
For assessments using the new webforms, MyCSF should validate email addresses for VRA and rep letter signatures and report back to the user if that email address bounces (e.g., due to a typo). This will let the user know that they shouldn't wait for a validated report agreement or rep letter signature that didn't ever actually make it to the intended recipient for signature.
2 votes -
How do i find out the percentage of Hospitals that have achieved HiTrust Certification? The Percentage that do not?
ow do i find out the percentage of Hospitals that have achieved HiTrust Certification? The Percentage that do not?
1 vote -
When viewing the linked documents for a particular Requirement Statement, each document should show the date that it was linked .
When viewing the linked documents for the Requirement Statements, each document should show the date that it was linked without having to go through the document repository especially in situations where we request for additional evidence from the assessor. From some assessments I have done so far, I noticed the assessors do not make reference to the newly linked documents so we have to go to the repository to check the date for all documents to see if any was added outside their testing period. This would really help to save time during QA review.
6 votes -
Please allow the CSF tool recognize the " ' " character in controls when searching.
When searching for controls the ' character is not read and therefore returns no results for controls with that character in the control language.
3 votes -
Copy mapping from evidence items to others.
When uploading evidence for controls often one piece of evidence is used for multiple controls or there are multiple evidence items supporting the same control stage (policy, procedure, implemented). The ability to copy the mapping from one item to another would be a huge time saver.
4 votes -
Combine HIPAA Compliance Pack Spreadsheets
Combine the spreadsheets in the HIPAA compliance pack into one spreadsheet.
2 votes
- Don't see your idea?