By Bimal Sheth Executive Vice President, Standards Development and Assurance Operations, HITRUST
I am excited to announce a suite of enhancements to the HITRUST MyCSF SaaS platform that are designed to accelerate the assessment process by:
- Providing clearer and more relevant communications to users
- Streamlining the administrative aspects of the assessment
- Improving transparency
The development of these enhancements was driven by feedback from the HITRUST Community and tested during an extensive beta evaluation period.
MyCSF Enhancements Include Five Key Features:
New assessment workflows for HITRUST CSF Validated, Interim, Bridge, and Readiness Assessments with defined phases replace legacy assessment states.
- Clarifies the steps required to complete assessments and obtain final reports, interim letters, and bridge certificates
- Improves transparency into the status of an assessment
- Reduces reversions of the assessment during the workflow through the resequencing of phases
Makes it possible to enter organizational and scope information into MyCSF, electronically sign key documents, and allow assessed entities to easily request and track draft report revisions.
- Streamlines and enhances inputting scope for an assessment
- Eliminates the need to scan and upload administrative documents through the use of online signatures
- Introduces new quality check automation and tool tips that provide real time feedback to help avoid common scoping issues
- Helps prevent errors and redundancy, presents scope in a tabular format inclusive of in-scope platforms and facilities
- Simplifies identification of relevant third-party service providers
- Enhances the draft review process with the ability to individually track requested revisions
Notifications that are more informative, clearly communicate action items, identify owners, and remind users when an item has been open for an extended period-of-time.
- Reduces time to completion by sending email notifications to designated owners with specific tasks identified that are needed to move assessments to the next phase
- Helps prevent slowdowns that delay the assessment process with reminders and summaries of open items at configurable frequencies
- Clearly communicates how long items have been open for a group to better define tasks and assist with project management and tracking
QA questions and follow-up items post directly into MyCSF as individual tasks to give assessed entities and their Authorized External Assessor organizations the ability to track and respond to each QA item within MyCSF.
- Eliminates back-and-forth email communications from the HITRUST QA Analyst to Assessed Entities or External Assessors and centralizes all QA feedback within MyCSF
- Automates notifications when tasks are created with specific action item(s) included
- Streamlines the QA process by offering the ability to accept proposed HITRUST changes
- Clearly identifies open items to complete QA that need to be addressed by either Assessed Entity or External Assessor
New status dashboards provide insight into an assessment’s status providing transparency into open action items, their ownership, and next steps in the assessment workflow.
- A Kanban-Style Board displays assessments as they move through each phase of the workflow allowing for users to track progress with colored badges that show responsibility for each action item, time elapsed in current phase, and the HITRUST-assigned point of contact
- The Matrix View provides a spreadsheet-style summary view of milestones and provides transparency by showing the date the assessment entered each phase, along with the number of days the assessment has been in each phase
- The Assessment Details View provides metadata and status information, which is designed as an at-a-glance snapshot that includes assessment scope and key dates along the completion timeline, as well as open items assigned to the Assessed Entity, External Assessor, and HITRUST
Based on the feedback we collected during the beta testing period, we are confident that the HITRUST Community will see enormous benefits in these new features and enhancements.
If you would like to learn more, there is still time prior to the enhancements being enabled on February 15, 2022.
Please review the related Assurance Advisories, register for the upcoming “Overview of HITRUST Assurance MyCSF Enhancements” webinar, or contact our Support Team.
About the Author
Bimal Sheth, Executive Vice President, Standards Development and Assurance Operations, HITRUST
Bimal leads the development of the HITRUST CSF and Assurance program. His teams are responsible for conducting research on information protection practices, enhancing the rely-ability of HITRUST Certifications, and educating the HITRUST community about the CSF through training. Bimal has spent his career working with organizations to provide assurances over their information protection programs.