313 results found
-
Add a HITRUST ID column to the HITRUST QA Task Listing in MyCSF (where applicable)
It would help assessors if the unique ID was visible for each task presented in the QA Task List. Currently, we need to drill into each task to uncover what control needs to be addressed. There are tasks related to something not related to a control (i.e. "Scope of the Assessment"), so obviously those would not display a control ID and would show as a empty field value.
1 vote -
Fine-Grain Assessment Object Reversion
I suggest implementing fine-grain assessment object reversion when subscriber changes (e.g., to requirement scores, NA statements, CAPs, and external inheritance requests) are needed post-submission. Under the current system, it seems that such changes require reversion of the entire object, which then calls for revalidating all requirements (rather than just the updated ones). Fine-grain reversion would support greater assessment efficiency, less rework, and less frustration for subscribers. Also, MyCSF would more accurately reflect workflow status, without resetting the status of previously completed phases/tasks.
1 vote -
Quarterly MyCSF Release Notes
I suggest that HITRUST publishes a quarterly release note digest to summarize changes for users. Under the Release Notes section of MyCSF Help, no new notes have been published since June 2021; yet, MyCSF has changed dramatically (especially regarding workflow and status management) since this time. The digests can be published under the Release Notes section, or (even better) emailed to registered MyCSF users.
1 vote -
change sort order of presets to align with assurance levels
change the left to right sort order of assessment presets to align with assurance provided....r2 should be left, i1 center, e1 right.
1 vote -
Fix Exports so that formatting, particularly numbering, are included in the export
In V11, when exporting controls the language removes all formatting and numbering, making it difficult to trace back actions to the sub-requirements. Given the importance of the list breakdown this should be included ASAP. If the formatting is a challenge due to Excel/CSV, the numbering should still be included.
1 vote -
Configurable alerts in the QA reservation system of newly available QA blocks
Can a module and/or alerting capability be built in the QA reservation system to allow External Assessors to see available QA blocks without having to “Modify” an existing customers reservation. This would assist in project planning with prospect HITRUST clients and allow Assessors to see new openings if we are trying to improve a clients QA reservation.
8 votes -
Have Salesforce publish an SRM
It appears that Salesforce does not have an SRM available. As a widely used product it may benefit many subscribers if they published an SRM for use.
2 votes -
5 votes
-
Add field in Assessment Report to show if requirement statement has been inherited
Add field in Assessment Reports and Custom Dashboards to show if a requirement statement has been inherited.
6 votes -
Inheritance - verify before removal
Under inheritance section, can a notice be populated to request user's confirmation to verify and confirm the removal of inheritance before removing inheritance, regardless of status. This will help avoid accidental removal of applicable approved inheritance.
6 votes -
Related Requirements
suggest related requirements that may be met with an uploaded document.
For example, a policy is loaded to support 00.a. A dropdown or picklist would be populated with other 00.a control requirements.6 votes -
CAP Usability Issues
When using the Filter on CAPs there are some serious usability issues. First, the filter does not dynamically update so when you, for example, filter on Status of "Not Started" and then update said status you are returned to the list with the newly updated CAPs which now have a status of "Started - On Track" displayed in the list, so it requires the user to navigate down every time they enter a new status update for a different record.
Furthermore, the list is limited so you must click the "Load More" button. So after filtering you are presented with…6 votes -
How
There is no clear way to create a help desk ticket. When I open the "Need Help?" window there are links to suggest resolving an issue but if the problem isn't listed there's no further link or instructions on how to open and create a ticket for someone to get back to me. You need to make this option available and intuitive.
6 votes -
New Environment test
Azure test
1 vote -
Include dates when files are uploaded
It would be nice to see if we could have dates of when files are uploaded. It can be very confusing when evidence is similar and there is no reference date of when it got uploaded.
1 vote -
Allow select-all for Facilities in Platforms/Systems table
When selecting the facilities where a platform/system is running, have the option to select all facilities rather than needing to go one-by-one.
2 votes -
Applications & Databases are mandatory fields in the Platforms/Systems table, mark them as such when the table is being filled out.
When completing the Platforms/Systems table, some fields are marked mandatory. The Applications & Databases fields are not. However, HITRUST QA requires something to be included here. Please mark these fields as mandatory up front to minimize these QA tasks/findings.
2 votes -
CAP Management is far too time consuming
CAP management, especially when creating cloned objects to simply run hypothetical scenarios or to plan for a future, is far too inefficient.
There needs to be the ability to "select" via a check box all of the "links" to a CAP and delete them all at once.
There also needs to be the ability to do the same at the CAP level so that they can be deleted en masse.
It should not take anywhere from 10-80 (!!!) individual clicks and actions to simply delete a CAP.6 votesThis is an excellent idea, and it's actually already included in a CAP handling and reporting improvement initiative slated for roll-out a little later this year. I attached a screenshot of the mock-up. Thanks for the feedback and for your patience as we continue to improve the CAP functionality in MyCSF. If you're interested, we're happy to have a call to walk you through the rest of the CAP enhancements included in the initiative.
-
When viewing the linked documents for a particular Requirement Statement, documents should download with the original file name.
Linked documents, when downloaded from the linked documents pop-up, are first previewed in the new document preview window, and when downloaded, are presented with a guid-style file name instead of the original name.
7 votes -
Organize compliance factors by type
It would be helpful to organize the various authoritative sources on the factors page by type, similar to how the sources are organized in Microsoft's Trust Center. See pic for their example.
2 votes
- Don't see your idea?