Flag for zero-occurrence / 0-pop requirements
HITRUST's guidance allows zero-population requirements to be scored at fully compliant on the implemented level IF a well-defined policy and procedure exists for the assessed entity to observe should the related activity occur. However, MyCSF doesn't currently do a good job of allowing assessed entities and assessors to efficiently communicate this scenario. Because MyCSF requires that evidence be linked to a scored implemented PRISMA level, assessors are often forced to tag the policy or procedure documents to the implemented PRISMA level in this scenario. To remedy, MyCSF should offer a flag (e.g., a checkbox) which can be used to communicate a 0-population requirement. When this flag is checked, MyCSF should only allow an implemented prisma score of 100% to be entered IF both the policy and procedure PRISMA levels are scored greater than NC / 0%.
![](https://secure.gravatar.com/avatar/7f8412aa1b1f57e64f9a7864dbd10477?size=40&default=https%3A%2F%2Fassets.uvcdn.com%2Fpkg%2Fadmin%2Ficons%2Fuser_70-6bcf9e08938533adb9bac95c3e487cb2a6d4a32f890ca6fdc82e3072e0ea0368.png)
-
Bimal Sheth commented
would modify this such that in v10 for any RS where sample based testing is flagged it requires input of the population and sample size. edit check #1 would make sure that the sample size is appropriate based upon the population. edit check #2 would be as you described for the zero populations.