88 results found
-
[BL] Self-Assessment: Logo and Signature upload to Rep Letter
For Self-Assessments the Rep Letter required document should be modified to remove both the template download as well as the rep letter import field. In their place the tool should have two file attachment inputs that enable them to upload their company's logo as well as the Assessment POC's signature. These two uploads will be used to auto-create the rep letter.
4 votes -
Comment on Factor if Technical/Systematic is No
If a Yes/No factor is set to No, a comment box should render adjacent to the field requiring the user to input justification
4 votes -
Inheritance Color Coding
Once a control is selected for inheritance and the details are entered the inheritance button should change to another color. It would allow users to more easily track what work has already been completed and allow you a feature to develop reporting upon for what is currently selected.
3 votes -
Add feedback textbox to provide a justification as to why an inheritance was rejected
Add two boxes within the inheritance portal that CSP providers can give feedback to the inheritance requests. This will be useful to provide feedback on why an inheritance was rejected. Ideally, there should be two approvals, one for the requirement and one for the weight.
3 votes -
Move the Offline Assessment to the Assessment Homepage
The Offline Assessment link to initiate, download, and upload an Offline Assessment should be moved to the Assessment Homepage in order to bring more awareness for the functionality.
3 votes -
Add more dates to the QA progress report
The QA Progress Report should be updated to show much more dates. See attached suggestion: This basically adds those extra dates into the timeline where they fit, changes the term "assessor" to "external assessor", and (if possible) captures some of the key "done by" names.
3 votesThe assessment details page achieves this idea
-
More explanation on the offline documentation spreadsheet's options
The two checkboxes available when using the offline assessment's documentation spreadsheet are not intuitive... how are users to know what "Ignore blank cells" and "Preserve documents" means? Please add more verbose explanations next to the checkboxes describing their purpose and use.
3 votes -
[BL] Identify Statements that are New since last Assessment
I would like to submit a suggestion for a future revision to MyCSF. Can you add a feature that allows users to identify requirements that are new since their last assessment
3 votesThis is now in place with the newly added preview changes feature available from the factors page
-
[BL] Ability quickly add files to a Document reference
Functionality that supports the importing of files and attaching them to pre-existing reference names.
3 votesThis is achievable today with a combination of the bulk upload and offline assessment template capabilities
-
QA Reminder Email
The system shall automatically send an email notification to Clients and Assessors that HITRUST is waiting for QA.
3 votes -
2 votes
-
Phase out password rotation
I'm re-upping the Declined idea of phasing out password rotation. It's a bad requirement.
The following requirement I believe will eventually be less common as companies are moving away from rotating passwords and might need to be inclusive of all methods going forward as password rotating will probably be slowly phased out.
ID: 1031.01d1System.34510 “The organization changes passwords for default system accounts, at first logon following the issuance of a secure temporary password, when there is a suspected compromise, and no less than every 90 days for regular accounts or 60 days for privileged (i.e., administrator accounts).”
It has been…
2 votesImplemented with latest CSF v9.4 update
-
Add controls specifications to each inheritance request to inform on percentage of inheritance
For controls that are shared between the CSP and the customer, HITRUST should add the controls specification related to each requirement, and have the customer list which controls specification is the CSP provider responsible for implementing. The percentage (weight) of the inheritance request will be based on the number of controls specification that the CSP is responsible for implementing relative to the total controls specifications associated with the requirement.
2 votes -
Custom assessment's library builder has a NULL authoritative source
The custom assessment's library builder has a NULL authoritative source. It's confusing and misleading, as every requirement is tied to at least 1 authoritative source. This NULL option needs to come out. See pic.
2 votes -
Edit checks on "Organization Information" page
MyCSF should enforce edit checks on more fields within the "Organization Information" page within the "Admin & Scoping" area of an assessment. Specifically: (1) "TBD" shouldn't be allowed for any field, (2) The email address field should confirm that it's an email, (3) The phone field should confirm that it's a phone, and (4) the contact name field should confirm that there's at least once space present.
2 votes -
[BL] Add note on Time sheet page
Add the following note at the top when assessor is completing the time sheet Please note that at least 50% of the total testing hours must be completed by a CCSFP
2 votesCompleted via a PQI focusing on this
-
[BL] Increase Character limit within the System & Facility tabs
the characters limits to the system and facility text area inputs should be increased.
front-end change that would throw a warning if someone had exceeded the limit.
2 votesFixed in the new webforms
-
[BL] Update Interim Assessor Label
For an Interim Assessment change the Assessor Label from "Assessor Agrees that control requirement is in place and effective." to "Assessor agrees with the client"
2 votes -
[BL] Update all Assessor label to External Assessor
The system shall update all Assessor labels to instead reference External Assessor within MyCSF
2 votes -
10613 - CAPs Scheduled Completion Date Email
MyCSF should automatically send an email notification to all users permitted to manage CAPs (Account Admins or Manage CAPs == checked) within a MyCSF Account thirty (30) days before a CAPs scheduled completion date.
A content block should be created that allows HITRUST to change the notification. It should include variables for the CAP Id, CAP Name, CAP Scheduled Completion Date, and CAP POC
2 votes
- Don't see your idea?