262 results found
-
2 votes
-
SSO through OIDC or SAML
SSO through OIDC or SAML. For a framework that places a heavy emphasis on role-based access controls and centralized identity management it seems only fitting that HITRUST implemented either OIDC or SAML.
11 votes -
Required CAP Analytics Options
Currently there doesn't seem to be a single report that can be run that would filter all requirements needing a CAP AND the assessor comments. This may overlap with upcoming offline CAP worksheets, but currently is a manual process to create something incorporating all the information internal stakeholders want to see.
3 votes -
Selecting filtered inheritance requests should not select ALL inheritance requests
Steps to reproduce: Filter on rejected inheritance requests. Click "select All". Click on "remove" to delete the rejected requests. Poof! All your inheritance requests, even those already approved, will be gone. You can verify this without actually deleting them by clicking over to other views and observing all inheritance requests are selected after just selecting the rejected requests. Recovering from this bug is a manual, time consuming process.
1 vote -
Issue with offline upload
Hello, I'm having issues uploading the offline assessment to Opt1 – Shearwater Health 2022 Validated Assessment. It's saying 0 rows saved and 0 blank rows were skipped, but not updating the scores
2 votes -
Bulk Deletion
This is especially relevant to cloned assessments in my experience, but it would be nice if MyCSF had a feature to bulk-delete uploaded documents in the "Documents" section.
5 votes -
RDS
Add RDS button to the top panel - not intuitive as to how to get back to the options page
2 votes -
Adding a "LINKAGE" sheet in uploaded Excel workbooks tells MyCSF where to link the sheet throughout the assessment
Linking evidence throughout an assessment is time-consuming. To make it a tiny bit easier, and specifically when adding an Excel file as evidence, MyCSF should look for a LINKAGE worksheet in the uploaded workbook. If found, MyCSF should use the contents of that LINKAGE sheet to know where to link the workbook throughout the assessment.
The contents of the linkage sheet could be as simple as:
• column A: BUID or CVID of the requirement to link the workbook to
• column B: Link to the Policy level (Yes/No)
• column C: Link to the Process level (Yes/No)
• column…1 vote -
Display unsent External Inheritance Requests in Assessor view also
Can you add the External Inheritance status to the main page for the Assessor view also? The status is displayed on our client's view and it would be good to have the same status in the Assessor view so that we can track and ensure our clients indeed submitted the inheritance requests to the external entity.
6 votes -
Ability to inherit just the policy level (or just the policy and process levels)
Add the ability to inherit specific control maturity levels (e.g., just policy, just policy and process). This will be very helpful for internal inheritance, for situations where the same policies are used by the whole organization.
1 vote -
Group assessments
Group assessments by year
3 votes -
Add some way to identify when a control is required to be sampled.
Peer the test plan requirement, is there any way within MyCSF where the assessor can note this is SAMPLED requirement, so then the client does not submit evidence that cannot be used since the control request sampling?
18 votes -
Feedback Forum Usability
Feedback Forum Access not intuitive - trying to get to the main feedback forum page but there is no link and accessing the feedback feature does not allow the user to actually navigate to the broader feedback forum itself. Usability overall for Feedback and CAPs is an issue that results in highly inefficient time usage.
1 vote -
michael.frederick@hitrustalliance.net
When an interim is generated it should also pull the documentation that was linked into the document library for the assessment and show the names of the documents within the expanded control requirement statement window. This will allow for all work to be done from within the interim versus having to hop between it and its associated full assessment. It would not link the documents, just pull them into the library and provide the listing. Links can be added once documents are updated for most current version.
4 votes -
When viewing the linked documents for a particular Requirement Statement, each document should show the date that it was linked .
When viewing the linked documents for the Requirement Statements, each document should show the date that it was linked without having to go through the document repository especially in situations where we request for additional evidence from the assessor. From some assessments I have done so far, I noticed the assessors do not make reference to the newly linked documents so we have to go to the repository to check the date for all documents to see if any was added outside their testing period. This would really help to save time during QA review.
6 votes -
Drop Down for Contact and Interviewed Names
Have the ability to have once place where interviewed names would be captured and then when populating the control artifacts, you have the ability to select from a drop down of pre-populated names and titles, instead of having to type each persons name and title for each and every control. This would save time.
2 votes -
Preserve state when tree-traversing to Linked Documents for the Upper-Left 'Back-Arrow' Button
Having traversed four tree levels from the Assessment Selection level to a particular Linked Document in MyCSF and (subsequently) reviewed it, use of the Back-Arrow Button in the upper left of the window results in being immediately returned to the Assessment selection level (i.e. back four levels; out of the Assessment altogether) rather then the more intuitive expectation of stepping back one level at a time in the reverse of how one arrived at the Linked Document. Additionally, the "Close" button (which does follow the more expected path of closing the document and beginning the step-wise reverse traversal) may not…
1 vote -
Allow External Assessors to view the Inheritance panel
Currently, only Subscribers can view the dedicated Inheritance screen. This includes the "Download CSV" button allowing for export of Inheritance data. This data is crucial to be available for test plan development for External Assessors outside of MyCSF. Beyond that, Subscribers look to their External Assessors to guide and assist them in using inheritance, which is difficult when we do not have access to that panel. Please consider allowing External Assessor roles to view and export all inheritance information and screens within MyCSF
20 votes -
Assessors shouldn't have to do anything on "not started" CAPs at interim
It would be nice that if a CAP is not started that MyCSF would be aware of such and not expect the assessor to do anything at interim. This would include attaching documentation since there is technically nothing for them to review. It is not user friendly to have to attach a document because the old score warrants it when there has not been any work done it.
1 vote -
Copy mapping from evidence items to others.
When uploading evidence for controls often one piece of evidence is used for multiple controls or there are multiple evidence items supporting the same control stage (policy, procedure, implemented). The ability to copy the mapping from one item to another would be a huge time saver.
4 votes
- Don't see your idea?