-
assessor agree
for N/A requirements, change to a single "agree with N/A"
6 votes -
Sort requirements by Unique ID
It would be great if there was an option to sort/filter requirements based on the Unique ID, not just the level or control.
25 votes -
Rep Letter Upload Requirement
Remove edit check that requires client to upload a rep letter in order to submit a domain to the assessor. This is too early in the process to provide a rep letter - currently, clients must upload a fake / placeholder document as a workaround.
2 votes -
All fields that appear in the final report should be indicated as such with an icon on the page
Within an Assessment, the tool should clearly indicate/label inputs that are included in the HITRUST issued Report.
14 votes -
Introduce the notion of CHQP (Assessor firm internal QA) start and end times
There are times when the addition of assessor team quality review pushes past the 90-day window. We get backlogged the same way you do. We always adhere to the 90-day window for accepting and reviewing evidence, and we can demonstrate that reasonably. But it would be helpful if there was some flexibility around the submission date. If we plug in the real dates of assessment, and then submit 91 days after we started testing, the system errors due to >90.
Introducing the notion of the defined assessment window of 90 days, and the CHQP review period (stated dates) might help…
2 votes -
Date of Submission should be when HT approves Assessment
Date of Submission should be when HT approves Assessment
9 votes -
Flag for zero-occurrence / 0-pop requirements
HITRUST's guidance allows zero-population requirements to be scored at fully compliant on the implemented level IF a well-defined policy and procedure exists for the assessed entity to observe should the related activity occur. However, MyCSF doesn't currently do a good job of allowing assessed entities and assessors to efficiently communicate this scenario. Because MyCSF requires that evidence be linked to a scored implemented PRISMA level, assessors are often forced to tag the policy or procedure documents to the implemented PRISMA level in this scenario. To remedy, MyCSF should offer a flag (e.g., a checkbox) which can be used to communicate…
8 votes -
Draft report automatic removal
MyCSF will automatically delete the draft report files 7 days after the final reports are posted.
5 votes -
Reservation-based QA
QA times should be reservation-based instead of the current first come, first served model.
10 votes -
[BL] Control Reference labeled on Statements
Can we add an enhancement to add the control reference to the requirement statements layout. Like the below. People have a hard time of telling what the requirements are related to without the name. Example is the constant confusion on 09.x and 09.y controls. They are all e-commerce and online transaction but some of them do not have either of those terms within the statement so people think it is just a standalone control.
09.x Electronic Commerce Services
!1579275197061-0.png!9 votes -
Provide assessors the ability to revert entire domains back to clients
Provide assessors the ability to revert entire domains back to clients- even if the feature was only available when the status of the domain is "assessor review pending". This would avoid needing to request HITRUST to revert domains if clients accidentally hit submit too early.
7 votes -
Submit Individual Questions that are reverted to External Assessor
Capability that allows a user to submit a reverted Question to their External Assessor without waiting for the Domain and/or Assessment to be completed.
7 votes -
Custom Tagging for Requirement Statements
The ability for customers to create their own tags on the Requirement Statements and sort/filter based upon their custom tags.
7 votes -
Add Multi-Select of Requirements for Delegating Responsibilities
There needs to be a half-way point between the requirement statement and domain level for delegating responsibilities. It would be nice to have the ability to select multiple requirement statements within a domain and then delegate those statements rather than completing each one individually.
2 votes -
[BL] Edit/Delete Diary Entries
Feature allowing a user to edit or remove a diary entry
6 votes -
Make the "Expand All" button a toggle button
Make the "Expand All" button a toggle button. Currently the "Expand All" button can only be used to expand all of the requirements in the active domain. I'd like for it to change to "Collapse All" after it has been pressed, allowing the users to collapse all of the requirements in the domain.
5 votes -
[BL] Allow Notifications via the Diary
Allow users to subscribe to an Assessment's Diary entries so that they are notified when they are entered. Subscribe either at the Assessment or Statement level.
4 votes -
Delegation Percentage indicator
delegation percentage graph
1 vote -
Show internal assessor scoring
show indication of who entered customer scoring- customer or internal assessor
1 vote -
Both assessor and customer must approve submission
I'd like to see the submission to HITRUST workflow be expanded to require that both the external assessor AND the customer approve the submission of the assessment object to HITRUST.
3 votes
- Don't see your idea?