Enumerate policy statements and required areas for illustrative procedures
Specifically enumerate all required policy statements and items for each requirement at the policy and procedure level as a checklist. Hiding specific requirements inside the repetitive narrative of the illustrative procedures makes it extremely difficult to parse-out what is required in policy and procedure documentation. While you're at it, remove the repetitive language all together since it's obvious for each control that "ad hoc or well understood blah blah" is already partially acceptable by your rubric and focus on giving more examples of acceptable language or implementations or links to relevant information.
-
Louis Seefried commented
Why is there not an easy method to see the illustrative procedures that are required to be assessed by the auditor within the CSF standard documentation?
I am new to HiTrust and our company is almost done with an assessment, so I downloaded the CSF information packet only to find out that the information is incomplete.
I have spent all day on chat with the help desk trying to get the information that i need without success.