MyCSF

JUMP TO ANOTHER FORUM

  • Hot ideas
  • Top ideas
  • New ideas
  • My feedback
  1. For External Inheritance

    I suggest someone at HITRUST look into changing the External Inheritance workflow. The current process is extremely cumbersome. When a control is identified the entire assessment has to be flipped back to the entity being assessed. Why not make this process unique & independent? Make each control able to be sent for External Inheritance separately.

    Currently we are in the QA process & our external assessor is reaching out to us due to HITRUST stating a single control needs to be assigned for External Inheritance. Only problem is it looks as though the entire assessment will have…

    5 votes
    Sign in
    (thinking…)
    Sign in with:
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Inheritance & Shared Responsibility  ·  Flag idea as inappropriate…  ·  Admin →
  2. Currently, there is no way for users to remove inheritance or inheritance requests once submitted. If the auditor tests it, and finds that inheritance is not appropriate, there needs to be an easier way to remove inheritance rather than requesting from HITRUST support.

    19 votes
    Sign in
    (thinking…)
    Sign in with:
    Signed in as (Sign out)

    We’ll send you updates on this idea

    2 comments  ·  Inheritance & Shared Responsibility  ·  Flag idea as inappropriate…  ·  Admin →
  3. For requirements involving inheritance, there should be a button where the external assessors can either agree with the selected inheritance weight or disagree and suggest a new inheritance weight, similar to what exists for the maturity level scores. Rejecting the weight would send the requirement back to the client.

    2 votes
    Sign in
    (thinking…)
    Sign in with:
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Inheritance & Shared Responsibility  ·  Flag idea as inappropriate…  ·  Admin →
  4. 3 votes
    Sign in
    (thinking…)
    Sign in with:
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Inheritance & Shared Responsibility  ·  Flag idea as inappropriate…  ·  Admin →
  5. Integrate the Shared Responsibility Matrix (SRM) into the inheritance selection process. Currently, it is feasible for a subscriber to select inheritance for a requirement that is categorized as not inheritable in the SRM. Recently, a customer submitted inheritance, which was ultimately rejected. Upon further research, HITRUST support indicated that the requirement was not inheritable, as described in the SRM. A subscriber should not be able to select inheritance for those requirements defined as not inheritable.

    4 votes
    Sign in
    (thinking…)
    Sign in with:
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Inheritance & Shared Responsibility  ·  Flag idea as inappropriate…  ·  Admin →
  6. Please allow users to edit the Shared Responsibility Matrix spreadsheets.
    The value of this content comes from organizations utilizing it to manage their HITRUST programs.
    We need to be able to filter, sort, remove rows, add columns to document our environment and current state, etc.
    With the content locked down I currently need to cut your content from the SRM spreadsheet, then paste it to a new spreadsheet, and then re-format every column again.
    I understand your spreadsheet states that it must be used and distributed in your format but that is impossible when you lock it down.

    1 vote
    Sign in
    (thinking…)
    Sign in with:
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Inheritance & Shared Responsibility  ·  Flag idea as inappropriate…  ·  Admin →
  7. When the just released SRM spreadsheets are downloaded so we can use it as a working document there are problems.
    When columns are filtered the data in Columns A-L all disappears and is replaced with "Name?"
    Please fix these spreadsheets so that I can eliminate the out of scope controls and then focus further on "Inheritable" controls through the use of filters while keeping all of the original content.

    1 vote
    Sign in
    (thinking…)
    Sign in with:
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Inheritance & Shared Responsibility  ·  Flag idea as inappropriate…  ·  Admin →
  8. After deciding that a control was inheritable, we saw the link in the bottom left menu, but when the page displayed there was no active buttons and nothing to indicate that the request had not been submitted to the cloud service provider.

    After our inheritance requests sat in pending status for 3 days, we checked with HITRUST support to discover that we must select the Created link at the top, first, and then select the Submit to Vendor button that appears only after the create step in order to properly send the request.

    There is an opportunity to eliminate some…

    8 votes
    Sign in
    (thinking…)
    Sign in with:
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Inheritance & Shared Responsibility  ·  Flag idea as inappropriate…  ·  Admin →
  9. HITRUST should create a feature to allow inheritance by domain/control rather than the whole assessment being returned for a single control/domain inheritance request.

    7 votes
    Sign in
    (thinking…)
    Sign in with:
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Inheritance & Shared Responsibility  ·  Flag idea as inappropriate…  ·  Admin →
  10. The system shall allow Internal Inheritance from any CSF Version.

    In QA, currently the system only allows you to apply Internal Inheritance on an Assessment Statement if both Assessment's has the same CSF Version. The system should allow you to apply the inheritance if the CSF Version is different- like External Inheritance.

    9 votes
    Sign in
    (thinking…)
    Sign in with:
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Inheritance & Shared Responsibility  ·  Flag idea as inappropriate…  ·  Admin →
  11. creating an inbox where customers and CSP providers can communicate within MyCSF for all matters related to the inheritance requests.

    3 votes
    Sign in
    (thinking…)
    Sign in with:
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Inheritance & Shared Responsibility  ·  Flag idea as inappropriate…  ·  Admin →
  12. Capability to mask the Client and Assessor comments from being shared in an applied Inheritance Request.

    A potential capability that lets them add an inheritance comment to a Statement and that is shared instead

    4 votes
    Sign in
    (thinking…)
    Sign in with:
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Inheritance & Shared Responsibility  ·  Flag idea as inappropriate…  ·  Admin →
  13. For controls that are shared between the CSP and the customer, HITRUST should add the controls specification related to each requirement, and have the customer list which controls specification is the CSP provider responsible for implementing. The percentage (weight) of the inheritance request will be based on the number of controls specification that the CSP is responsible for implementing relative to the total controls specifications associated with the requirement.

    1 vote
    Sign in
    (thinking…)
    Sign in with:
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Inheritance & Shared Responsibility  ·  Flag idea as inappropriate…  ·  Admin →
  14. The system shall add the Final Report Date when selecting External Inheritance.

    The External Inheritance selection should be updated to include the Assessments Final Report Date. When selecting an Assessment for External Inheritance the dropdown list should read: “Subscriber (Vendor Name) / Assessment Name / Final Report Date”.

    Once the Assessment has been selected the modal should include a new column for the Final Report Date.
    !1571845056820-0.png!

    1 vote
    Sign in
    (thinking…)
    Sign in with:
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Inheritance & Shared Responsibility  ·  Flag idea as inappropriate…  ·  Admin →
  15. Statements reverted to the client from Assessor should be able to adjust the inheritance weights.

    1 vote
    Sign in
    (thinking…)
    Sign in with:
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Inheritance & Shared Responsibility  ·  Flag idea as inappropriate…  ·  Admin →
  16. 0 votes
    Sign in
    (thinking…)
    Sign in with:
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Inheritance & Shared Responsibility  ·  Flag idea as inappropriate…  ·  Admin →
  • Don't see your idea?