43 results found
-
Sort requirements by Unique ID
It would be great if there was an option to sort/filter requirements based on the Unique ID, not just the level or control.
33 votes -
All fields that appear in the final report should be indicated as such with an icon on the page
Within an Assessment, the tool should clearly indicate/label inputs that are included in the HITRUST issued Report.
16 votes -
Submit Individual Questions that are reverted to External Assessor
Capability that allows a user to submit a reverted Question to their External Assessor without waiting for the Domain and/or Assessment to be completed.
11 votes -
[BL] Control Reference labeled on Statements
Can we add an enhancement to add the control reference to the requirement statements layout. Like the below. People have a hard time of telling what the requirements are related to without the name. Example is the constant confusion on 09.x and 09.y controls. They are all e-commerce and online transaction but some of them do not have either of those terms within the statement so people think it is just a standalone control.
09.x Electronic Commerce Services
!1579275197061-0.png!11 votes -
Allow submission of assessments prior to renewal date without changing annual renewal date
Currently, if we want to maintain our annual reassessment date, we need to submit our assessment on that specific date (i.e., we cannot submit an assessment earlier if it is ready). We should be able to submit at any point and mark the date of the submission, or simply keep the annual assessment date unless a different date is requested.
10 votes -
Flag for zero-occurrence / 0-pop requirements
HITRUST's guidance allows zero-population requirements to be scored at fully compliant on the implemented level IF a well-defined policy and procedure exists for the assessed entity to observe should the related activity occur. However, MyCSF doesn't currently do a good job of allowing assessed entities and assessors to efficiently communicate this scenario. Because MyCSF requires that evidence be linked to a scored implemented PRISMA level, assessors are often forced to tag the policy or procedure documents to the implemented PRISMA level in this scenario. To remedy, MyCSF should offer a flag (e.g., a checkbox) which can be used to communicate…
10 votes -
[BL] Edit/Delete Diary Entries
Feature allowing a user to edit or remove a diary entry
10 votes -
Date of Submission should be when HT approves Assessment
Date of Submission should be when HT approves Assessment
9 votes -
assessor agree
for N/A requirements, change to a single "agree with N/A"
8 votes -
Provide assessors the ability to revert entire domains back to clients
Provide assessors the ability to revert entire domains back to clients- even if the feature was only available when the status of the domain is "assessor review pending". This would avoid needing to request HITRUST to revert domains if clients accidentally hit submit too early.
8 votes -
Custom Tagging for Requirement Statements
The ability for customers to create their own tags on the Requirement Statements and sort/filter based upon their custom tags.
8 votes -
Add "Implemented: Sampling" flag to controls in MyCSF where they are missing
Upon review of sample testing required for a v9.5 assessment, I noticed that quite a few controls have illustrative procedures that state "select a sample of . . .", however when you look in MyCSF the control requirement, they don't have the "Implemented: Sampling" flag. Is there a plan to ensure the flag is evident for all control requirements in MyCSF that require sample testing per IP?
5 votes -
5 votes
-
Draft report automatic removal
MyCSF will automatically delete the draft report files 7 days after the final reports are posted.
5 votes -
Make the "Expand All" button a toggle button
Make the "Expand All" button a toggle button. Currently the "Expand All" button can only be used to expand all of the requirements in the active domain. I'd like for it to change to "Collapse All" after it has been pressed, allowing the users to collapse all of the requirements in the domain.
5 votes -
[BL] Diary Tagging
Functionality for someone to either select recipients or use the "@" symbol to quick search for them like Outlook. Any individuals tagged would be notified of a Diary concerning them.
The capability should also be present at the general Assessment level without being associated with an Assessment Statement.
External people should be able to @ HITRUST users that have commented previously in the chain.
5 votes -
Add checkblock for evaluative element completion
break out the evaluative elements with a checkblock for completion. Also, add the ability for evaluative elements to be assigned to different users.
4 votes -
Electronic Signature for Auditors
For timesheets and QA Sheets - it would be best to have this done electronically. Especially since we are remote - it's easier to have Executive and QA use the same document and electronically sign/initial.
4 votes -
Rep Letter Upload Requirement
Remove edit check that requires client to upload a rep letter in order to submit a domain to the assessor. This is too early in the process to provide a rep letter - currently, clients must upload a fake / placeholder document as a workaround.
4 votes -
[BL] Auto-Save Statements when Values change
Phase I: Saving at the requirement level is extremely tedious. Please look into automatically saving when you navigate to the next requirement in the domain. Otherwise users will have to click save on every single requirement independently.
configurable by users above assessment check box.
4 votes
- Don't see your idea?