274 results found
-
Make unique IDs readily apparent throughout MyCSF and within Reports and Analytics.
Unique IDs should be apparent throughout MyCSF and within all reports and analytic tools. For example, a user should not have the click on the "Expand" button within the Assessment to view the unique IDs. Unique IDs should also be available when linking documents, rather than trying to match up the statement language. All reports and analytic tools should reference unique IDs when presenting material by requirement statement.
44 votes -
Ability to store assessment documentation in the customer's cloud environment
An option to configure an assessment's documentation (workpapers, audit evidence) to reside in the client's cloud hosting provider instead of in MyCSF's default storage location, such as:
- Client's box.com
- Client's S3 bucket
- Client's Google drive
- Client's SharePointThis would require the client to grant the MyCSF application access into a specific area in their cloud environment. This would be very beneficial to customers who don't want to allow assessment documentation to leave their controlled environments.
This would also require MyCSF to store assessment documentation in a folder structure that can be navigated with something like Windows…
39 votes -
Help Context should be linked
Where we have help pages built (eg: Factors) you should be able to click on the factor and see the help information in a sidebar without having to leave the MyCSF page.
34 votes -
Separate discretionary factors from mandatory factors
I'd like to see the scoping factors that are optional / discretionary (namely the regulatory factors) clearly labeled as such, or even moved into their own page containing a disclaimer that they are optional. For the rest of the factors (which MUST be accurate), I'd like to see them clearly labeled as such or on their own page with a tagline describing that they must be accurately entered.
33 votes -
Sort requirements by Unique ID
It would be great if there was an option to sort/filter requirements based on the Unique ID, not just the level or control.
31 votes -
Custom Reporting
Users should have the ability to write custom reports, build custom charts, and save these for later usage. Something similar to Microsoft PowerBI or an equivalent product.
27 votes -
Option to NOT include attachments from previous certification in the next assessment object
When creating a new assessment object AFTER already having been certified (i.e., in a re-certification scenario), MyCSF should have an option to include or NOT include the documentation linkages present in the previous assessment object.
26 votes -
[BL] Update "Process" to "Procedure"
We have definitions for procedure and process in the glossary and they have separate meanings. Currently the tool shows the policy process implemented measure and manage instead of procedure.
26 votes -
Allow External Assessors to view the Inheritance panel
Currently, only Subscribers can view the dedicated Inheritance screen. This includes the "Download CSV" button allowing for export of Inheritance data. This data is crucial to be available for test plan development for External Assessors outside of MyCSF. Beyond that, Subscribers look to their External Assessors to guide and assist them in using inheritance, which is difficult when we do not have access to that panel. Please consider allowing External Assessor roles to view and export all inheritance information and screens within MyCSF
20 votes -
Search all attached documents for keyword(s)
MyCSF should allow users to perform a keyword search throughout all attached documents. While this obviously wont search screenshots and non-OCR'd PDFs, the ability to do a mass search of all uploaded documents in one run would be valuable.
20 votes -
Add some way to identify when a control is required to be sampled.
Peer the test plan requirement, is there any way within MyCSF where the assessor can note this is SAMPLED requirement, so then the client does not submit evidence that cannot be used since the control request sampling?
18 votes -
Offline Inheritance Template / Bulk Inheritance Import via Excel
MyCSF should have a capability that allows user to fill-out an Excel spreadsheet so that users can import it into their Assessment without having to do it one-by-one within the interface.
17 votes -
Ability to sort documents list
The general documents view should allow the user to sort the documents by date uploaded, by document title, and by document description.
17 votes -
Return single domain or control to correct inheritance
HITRUST should create a feature to allow inheritance by domain/control rather than the whole assessment being returned for a single control/domain inheritance request.
17 votes -
Give External Assessors the ability to unlink documents linked by the client
It would be helpful if external assessors could remove files linked by the assessed client in the portal. This would help reduce the chance that superflous documentation is linked or incorrect versions of documnts are attached to requirement statements.
16 votes -
Allow offline work and upload to MyCSF for CAPs
Allow offline work and upload to MyCSF for CAPs
16 votes -
Enumerate policy statements and required areas for illustrative procedures
Specifically enumerate all required policy statements and items for each requirement at the policy and procedure level as a checklist. Hiding specific requirements inside the repetitive narrative of the illustrative procedures makes it extremely difficult to parse-out what is required in policy and procedure documentation. While you're at it, remove the repetitive language all together since it's obvious for each control that "ad hoc or well understood blah blah" is already partially acceptable by your rubric and focus on giving more examples of acceptable language or implementations or links to relevant information.
16 votes -
Give assessors an easy way to "reject" evidence linked to a requirement statement by the assessed entity
If a document was identified as associated with a requirement statement or requirement statement's PRISMA attribute(s), the assessor should be given an easy way to flag items as irrelevant to the PRISMA attribute and to the requirement statement. Its common for the customer to link files that may be related to other requirements but not necessarily to the requirement statement at hand.
16 votes -
Include the HITRUST requirement ID in the Reports
Please re-configure the Reports under Analytics to ensure that Requirement ID is part of the data pull. We manage this work at a requirement level and currently, every report that we run we have to do a cross-reference to pull in the requirement ID.
15 votes -
Assigning External Assessor access
Now that Engagement Executive is being formally defined in the object, can we give that user the ability to grant assessor access to those defined in the assessor list? Today, we must reach out to the client each time to get additional access.
15 votes
- Don't see your idea?