301 results found
-
New Environment test
Azure test
1 vote -
Include dates when files are uploaded
It would be nice to see if we could have dates of when files are uploaded. It can be very confusing when evidence is similar and there is no reference date of when it got uploaded.
1 vote -
Allow select-all for Facilities in Platforms/Systems table
When selecting the facilities where a platform/system is running, have the option to select all facilities rather than needing to go one-by-one.
2 votes -
Applications & Databases are mandatory fields in the Platforms/Systems table, mark them as such when the table is being filled out.
When completing the Platforms/Systems table, some fields are marked mandatory. The Applications & Databases fields are not. However, HITRUST QA requires something to be included here. Please mark these fields as mandatory up front to minimize these QA tasks/findings.
2 votes -
CAP Management is far too time consuming
CAP management, especially when creating cloned objects to simply run hypothetical scenarios or to plan for a future, is far too inefficient.
There needs to be the ability to "select" via a check box all of the "links" to a CAP and delete them all at once.
There also needs to be the ability to do the same at the CAP level so that they can be deleted en masse.
It should not take anywhere from 10-80 (!!!) individual clicks and actions to simply delete a CAP.6 votesThis is an excellent idea, and it's actually already included in a CAP handling and reporting improvement initiative slated for roll-out a little later this year. I attached a screenshot of the mock-up. Thanks for the feedback and for your patience as we continue to improve the CAP functionality in MyCSF. If you're interested, we're happy to have a call to walk you through the rest of the CAP enhancements included in the initiative.
-
When viewing the linked documents for a particular Requirement Statement, documents should download with the original file name.
Linked documents, when downloaded from the linked documents pop-up, are first previewed in the new document preview window, and when downloaded, are presented with a guid-style file name instead of the original name.
7 votes -
Organize compliance factors by type
It would be helpful to organize the various authoritative sources on the factors page by type, similar to how the sources are organized in Microsoft's Trust Center. See pic for their example.
2 votes -
Map CSF to COSO Principles
Map CSF controls to COSO Principles in the HITRUST CSF Authoritative Sources Cross Reference
1 vote -
Have Salesforce publish an SRM
It appears that Salesforce does not have an SRM available. As a widely used product it may benefit many subscribers if they published an SRM for use.
1 vote -
HITRUST Assessment Markup Language
This would allow an assessed entity or assessor to highlight and mark test in documents and automatically create a link to the control requirement statement from which it was accessed and allow them to select the maturity domain that the highlighted text supports. This could also be granular enough to allow it to tie to requirement criteria as defined in illustrative procedures and listed in MyCSF.
1 vote -
Additional feedback to Enumerate Illustrative Procedures...
Illustrative Procedures are presented in 'narrative' form. Given that the number of 'elements' in an Illustrative Procedure factors into the scoring formula, might not be optimum as ambiguous results can arise based on individual interpretation of the number of elements (not everyone is a champion sentence parser). Ergo, suggestions for revised Illustrative Procedures could be:
1) Bulletized elements with a numeric count provided; or
2) Embedded numbering (e.g. 01, _02, 03, etc.) to identify each salient element again with a numeric count.Additionally, dynamically providing enough blank fields (i.e. # of elements * 5 maturities) in client response areas…
6 votes -
collaboration
Very confusing whether multiple people can work in an assessment at one time or not. Sometimes save works, sometimes it doesn't and reverts to previous states. Make it clear how it works with clear UX like in google docs.
1 vote -
Data Clean Up
remove acccess to previous subscriber's data if non renewal
3 votes -
Implement a "Preview" CAPs option
Implement a "Preview" CAPs option before a "Generate" CAPs once the assessment is complete to enhance the QA process, allowing for the client to vet the caps and make sure they are confirmed allowing for more completeness, accuracy and integrity to the overall process.
5 votes -
Update "Change / Cancellation Policy" section on the Reservation tab
Can you update the "Change / Cancellation Policy" section on the Reservation tab to include the requirement that your submission date cannot be less than 2 weeks before the QA block selected. This requirement is not written out anywhere online but is enforced.
1 vote -
Make it easier to recall or reverse and assessment
It is difficult to reverse an assessment if a domain has been submitted. I am proposing making it easier for a submitter to reverse an assessment if it was submitted in error. Or add functionality so that organizational information can be updated even if a domain has been submitted for an external assessor review.
1 vote -
SSO through OIDC or SAML
SSO through OIDC or SAML. For a framework that places a heavy emphasis on role-based access controls and centralized identity management it seems only fitting that HITRUST implemented either OIDC or SAML.
12 votes -
API for External Assessor
Similar to the customer's offline assessment, the external assessors would like to have this ability as well.
2 votes -
2 votes
-
Required CAP Analytics Options
Currently there doesn't seem to be a single report that can be run that would filter all requirements needing a CAP AND the assessor comments. This may overlap with upcoming offline CAP worksheets, but currently is a manual process to create something incorporating all the information internal stakeholders want to see.
3 votes
- Don't see your idea?