333 results found
-
Map CSF to COSO Principles
Map CSF controls to COSO Principles in the HITRUST CSF Authoritative Sources Cross Reference
1 vote -
Data Clean Up
remove acccess to previous subscriber's data if non renewal
4 votes -
HITRUST Assessment Markup Language
This would allow an assessed entity or assessor to highlight and mark test in documents and automatically create a link to the control requirement statement from which it was accessed and allow them to select the maturity domain that the highlighted text supports. This could also be granular enough to allow it to tie to requirement criteria as defined in illustrative procedures and listed in MyCSF.
1 vote -
Additional feedback to Enumerate Illustrative Procedures...
Illustrative Procedures are presented in 'narrative' form. Given that the number of 'elements' in an Illustrative Procedure factors into the scoring formula, might not be optimum as ambiguous results can arise based on individual interpretation of the number of elements (not everyone is a champion sentence parser). Ergo, suggestions for revised Illustrative Procedures could be:
1) Bulletized elements with a numeric count provided; or
2) Embedded numbering (e.g. 01, _02, 03, etc.) to identify each salient element again with a numeric count.Additionally, dynamically providing enough blank fields (i.e. # of elements * 5 maturities) in client response areas…
6 votes -
Implement a "Preview" CAPs option
Implement a "Preview" CAPs option before a "Generate" CAPs once the assessment is complete to enhance the QA process, allowing for the client to vet the caps and make sure they are confirmed allowing for more completeness, accuracy and integrity to the overall process.
5 votes -
Update "Change / Cancellation Policy" section on the Reservation tab
Can you update the "Change / Cancellation Policy" section on the Reservation tab to include the requirement that your submission date cannot be less than 2 weeks before the QA block selected. This requirement is not written out anywhere online but is enforced.
1 vote -
Make it easier to recall or reverse and assessment
It is difficult to reverse an assessment if a domain has been submitted. I am proposing making it easier for a submitter to reverse an assessment if it was submitted in error. Or add functionality so that organizational information can be updated even if a domain has been submitted for an external assessor review.
1 vote -
SSO through OIDC or SAML
SSO through OIDC or SAML. For a framework that places a heavy emphasis on role-based access controls and centralized identity management it seems only fitting that HITRUST implemented either OIDC or SAML.
12 votes -
API for External Assessor
Similar to the customer's offline assessment, the external assessors would like to have this ability as well.
2 votes -
2 votes
-
Required CAP Analytics Options
Currently there doesn't seem to be a single report that can be run that would filter all requirements needing a CAP AND the assessor comments. This may overlap with upcoming offline CAP worksheets, but currently is a manual process to create something incorporating all the information internal stakeholders want to see.
3 votes -
Selecting filtered inheritance requests should not select ALL inheritance requests
Steps to reproduce: Filter on rejected inheritance requests. Click "select All". Click on "remove" to delete the rejected requests. Poof! All your inheritance requests, even those already approved, will be gone. You can verify this without actually deleting them by clicking over to other views and observing all inheritance requests are selected after just selecting the rejected requests. Recovering from this bug is a manual, time consuming process.
1 vote -
Issue with offline upload
Hello, I'm having issues uploading the offline assessment to Opt1 – Shearwater Health 2022 Validated Assessment. It's saying 0 rows saved and 0 blank rows were skipped, but not updating the scores
2 votes -
Bulk Deletion
This is especially relevant to cloned assessments in my experience, but it would be nice if MyCSF had a feature to bulk-delete uploaded documents in the "Documents" section.
5 votes -
RDS
Add RDS button to the top panel - not intuitive as to how to get back to the options page
2 votes -
Adding a "LINKAGE" sheet in uploaded Excel workbooks tells MyCSF where to link the sheet throughout the assessment
Linking evidence throughout an assessment is time-consuming. To make it a tiny bit easier, and specifically when adding an Excel file as evidence, MyCSF should look for a LINKAGE worksheet in the uploaded workbook. If found, MyCSF should use the contents of that LINKAGE sheet to know where to link the workbook throughout the assessment.
The contents of the linkage sheet could be as simple as:
• column A: BUID or CVID of the requirement to link the workbook to
• column B: Link to the Policy level (Yes/No)
• column C: Link to the Process level (Yes/No)
• column…1 vote -
Display unsent External Inheritance Requests in Assessor view also
Can you add the External Inheritance status to the main page for the Assessor view also? The status is displayed on our client's view and it would be good to have the same status in the Assessor view so that we can track and ensure our clients indeed submitted the inheritance requests to the external entity.
6 votes -
support needed
having errors when clicking on details view for myCSF HITRUST controls and details. Please advise if you can see that in logs and how I can document the error.
1 vote -
Ability to inherit just the policy level (or just the policy and process levels)
Add the ability to inherit specific control maturity levels (e.g., just policy, just policy and process). This will be very helpful for internal inheritance, for situations where the same policies are used by the whole organization.
1 vote -
Group assessments
Group assessments by year
3 votes
- Don't see your idea?