- Operational or Independent measurements no longer need to be associated when linking evidence to the "Measured" maturity value for new Assessments created after 06/24/2021.
- On Validated Assessments, MyCSF will no longer require Corrective Action Plans (CAPs) if the Control Requirement's implemented maturity value is 100%
- Final Validated Reports that are certified can be re-issued if your Assessment contains Control Requirements with CAPs that are fully implemented. For more information, contact HITRUST Sales
- Additional factor rules have been added to prevent conflicting factor responses
- The styling of buttons has been made more consistent throughout MyCSF
- The Platforms modal within the Pre-Assessment will now contain a required Asterisk on the database field if an application has been defined
- The "Days with HITRUST" tile on the Assessment Details page now includes a log of the Assessment history
- The Assessment Details page has been refined with many interface enhancements
- The modal for the QA Tasks has been updated to improve user experience
- External Assessors must now review a Control Requirement if was modified by their client by way of a QA Task
- The "Assessor Review Pending" and "Assessor Review Complete" status colors have been made more legible
- Added a scroll to the "Residing Facility" dropdown in the "Platforms" selection modal
- A bug has been resolved where some CSV files were being downloaded on the "External Inheritance Request" page incomplete
- Resolved an issue where an Assessment could not be created if an Organization was re-activated in MyCSF
- The "Assessment Procedures" report name has been reverted to the "Illustrative Procedures" report
- Fixed a problem where a Bridge Assessment was not being required to be linked to an inflight, open Assessment
- Corrected a misspelling on the Assessment Details page
- An issue with "Average Domains by Maturity Rating" report not loading properly has been resolved
- An issue with "External Assessor Report" not loading properly has been resolved
- An issue with "Illustrative Procedures Report" not loading properly has been resolved
- An issue with "Dashboards Report" not loading properly has been resolved
- An issue with "CSF Library" report not loading properly has been resolved
- Mitigated a problem where some users were unable to pick a QA Block while making a reservation
- A bug causing the bulletin table on the MyCSF homepage to render distorted has been corrected
- Fixed a problem where sometimes a Potential Quality Issue (PQI) would remain on an Assessment despite being derived from a Control Requirement that is "No Longer in Scope"
- MyCSF now supports the removal of External Inheritance requests after they've been applied to your Assessment
- The Kanban Assessment tracking view has gone through several UI improvements to enhance the usability of the board
- The Factors accordion has been removed from the References page for all CSF Libraries
- A bug has been resolved that prohibited an External Assessor from completing a Control Requirement with External Inheritance if measured and managed were removed from the Assessment
- An error output has been clarified if a user attempted to modify a Control Requirement from the offline assessment that was not editable
- A cosmetic problem is resolved that caused smaller screen dimensions to have some of the text from a tooltip to be cut-off
- An issue has been fixed where sometimes clicking the password reset link in an email caused the user to be redirected to the HIRUST Portal Log-in Page
- A bug has been corrected that sometimes loaded another page asset instead of the MyCSF homepage
- Resolved an issue where Interim Control Requirements weren't completing if the risk had been accepted on a CAP
- A bug that presented some users with an Access Denied message when attempting to view the Dashboards within the Analytics module has been closed
- An incorrect count of used Assessment licenses has been resolved in the MyCSF Administration
- Remediated a problem where the Validated Report Agreement was not always sent for e-signature
- Remediated a problem where the Representation Letter was not always sent for e-signature
- A bug has been fixed where not all of the Assessment Options were being required
- An issue has been resolved where a Readiness Assessment could've been accepted prior to a Draft Report having been issued
- New to MyCSF in Release 220.127.116.11, we have implemented a much-improved Assessment process that will streamline all aspects of a Validated Assessment from the Pre-Assessment to Answering the Assessment to Quality Assurance and more effective tracking and communication capabilities. We are currently looking for volunteers to help us Beta test this new process. If you are interested, please contact Support@HITRUSTAlliance.net.
- MyCSF now indicates with a distinct icon from the application Homepage which Assessments have achieved HITRUST CSF Certification
- The Assessment Type has been added to your Assessment List on the MyCSF Homepage
- The "Potential Quality Issues" (PQI) engine within MyCSF has been enhanced to now identify probable anomalies with Linked Documents while limiting further any False Positives across all rules
- Due to popular request, the Offline Assessment file name can be now be modified
- An informational banner has been added to each Assessment that has unresolved Inheritance Requests
- Potentially malicious executable filetypes can no longer be uploaded into MyCSF for security purposes
- A bug has been fixed where legacy inheritance requests would display "NaN" in the Requested field
- Resolved a problem where some Domains would not be properly submitted to an External Assessor and thus could not be edited
- An issue has been addressed where in some cases an Interim Assessment could not be manually generated less than 120 days from its Certification Anniversary
- A bug has been closed where Interim Assessments and Bridge Assessments would not always contain all the randomly selected Requirement Statements necessary
- A UI issue has been corrected where the Date Picker for some Required Documents is concealed for certain screen resolutions
- A bug with the API has been resolved where in certain circumstances a request would return with a blank response body
- A problem with the Inheritance Page filter has been fixed where the "Submit All" button would send items that a user had filtered out
- An issue has been closed where PQI comments input by HITRUST were not always visible
- A performance problem has been resolved where sometimes Assessments would take longer than usual to load
- A unique Bridge Assessment experience and workflow has been added to MyCSF to optimize the completion of this Assessment Type
- The External Inheritance Pages within an Assessment have been augmented to include better sorting, filtering, and searching capabilities
- From the External Inheritance Pages, a subscribing user may now request a CSV download of the contents of the table present in their view
- While reviewing External Inheritance Requests, your Inheritance provider may now leave a "Note" to you describing their approval or rejection
- External Inheritance Requests will now require user consent, if not already captured, prior to it being submitted to your Inheritance Provider
- Assessor Names are now masked on the Name and Security page
- CAPs where the Risk has been accepted will no longer require the user modify the scores of the Requirement Statement as well
- A new API route has been created to consolidate the most frequently requested endpoints for an Assessment
- A bug has been resolved where the Acceptance Letter was not always generating when an Assessment commenced HITRUST QA
- An issue has been fixed where a user could not update a justification for a Technical Factor set as "No"
- A problem with Internet Explorer 11 has been addressed where your Assessment would not always load
- CAP Reminder emails were not regularly firing on time. This bug has been resolved
- An issue has been remediated where sometimes an Interim Assessment would be missing certain Requirement Statements
- MyCSF will now detect the presence of an existing document name and allow you to easily replace the file attachment
- Duplicate document names will now be prevented from being accidentally entered into an Assessment's Document Repository
- When a Validated Assessment is moved into the Quality Assurance queue by HITRUST, an Acceptance Letter will be automatically attached to your CSF Report's Page
- Additional PQI filters have been added to improve clarity around actionable items
- Report Page has been tweaked to remove unnecessary section headers
- A UI issue has been fixed that caused multiple Authoritative Sources to be selected when clicking the border of the selection checkbox
- A UI issue has been resolved where longer Document Names would overlap a Document's Description
- A bug has been addressed where some Account Administrators did not see the Administration option in the Navigation bar
- A problem has been resolved where sometimes the Logout button was not visible under the Profile
- Resolved an error that was preventing users with Custom Roles to access the Dashboards under Analytics
- Fixed a problem where sometimes completed External Inheritance requests would still have a status of Incomplete
- A bug has been addressed where the Next and Back buttons inside a Domain would not function properly if the prior or succeeding Domain was empty to the user
- The External Inheritance Approval Page has been reverted to include again the "Weight" column when approving External Inheritance Requests
- MyCSF no longer allows a user to accept the risk on a CAP associated with an Assessment Statement on a Validated Assessment that scores less than a 62
- The Offline Assessment has been added to the Assessment Sidebar to enable better awareness
- Corrective Actions Plans now have some fields that are required prior to creating or updating
- Due to user request, MyCSF now applies a uniform style to the checkboxes within an Assessment
- Interim Assessments now have improved logic to identify discrepancies between scores and Corrective Action Plans
- Nested Regulatory Factors have now been incorporated into MyCSF to promote better organization and categorization of Regulatory Factors, where appropriate
- All users are now able to filter their notifications from the homepage
- The External Inheritance Weight has been removed from the view of the Organization that you are inheriting from
- For consistency with the comments, the Inheritance views now contain a comment box similar to the User Delegation views
- The Confirmation dialog for Organizations participating in External Inheritance has been refined
- A bug has been resolved where sometimes the search would return an error
- An issue has been addressed that prevented users from adding documentation during an Interim Assessment
- A problem has been corrected where the Document count on an Assessment was incorrect if a established the linkage from the Document Repository occasionally
- Solved an issue where the N/A checkbox was not always properly aligned for an External Assessor
- Hidden rows on an Offline Assessment will now be ignored preventing inadvertent errors
- A bug has been fixed that would sometimes throw an error if you were inheriting from a Statement with Documents linked
- Corrected a problem where some users would receive a blank zipped folder when attempting to download all their Documents in the Repository
- An issue where a user would receive an error while linking a Document from the Repository has been remediated
- A UI problem has been addressed that reduced the margin between certain External Assessor inputs
- Resolved a bug that would occasionally add a blank entry to a Corrective Action Plans log on creation
- Fixed a UI bug that would cause longer filenames to overlap with the document description
- An issue with External Assessors receiving an error when attempting to remove Timesheet entries has been corrected
- A problem has been taken care of that would result in an External Assessor accidentally modifying the Applicability of their Client's Statements
- The typo in "Managed" column header in the Offline Assessment has been resolved
- Removed an issue when a user would enter duplicate Document-to-Requirement mappings invoking an error
- Solved a problem with the UI that would require a user to refresh their page to view the weights applied for External Inheritance
- The feedback button no longer will throw a 404 status when accessing from the Assessment for some users
- Corrected styling issues with the External Inheritance comments that are managed by MyCSF
- A bug that would sometimes not permit a user to view their CAP Dashboards under Analytics has been resolved
- MyCSF has implemented a robust feedback collection module in order to provide users more visibility and influence over the product roadmap.
- Assessments are now checked in real-time for potential issues that could cause possible delays with the processing of your HITRUST Report. These issues would require remediation or justification. Click here to read the HITRUST Advisory HAA 2019-008.
- MyCSF now sends detailed notifications to users when significant events occur within your Assessment.
- Additional error logging and instruction have been added to the Offline Assessment.
- Improvements have been made to the workflow surrounding Assessments that fail HITRUST QA.
- HITRUST individuals responsible for processing your Assessment are now be clearly designated within your Object.
- A bug has been fixed that caused an application timeout when cloning an Assessment.
- Assortment of styling changes have been applied for IE and Edge browsers.
- An issue causing the related Authoritative Sources of a Statement to render blank is resolved.
- Remediated an error that was thrown for some users accessing the CSF Library.
- Addressed a problem where large comments would overflow outside of their reserved element.
- Corrected an error that was periodically thrown saving the External Assessor Timesheet.
- A cosmetic bug has been resolved that caused some Doughnut charts to be off-center.
- Fixed a problem where the CAP logs were being output in a JSON notation.
- Resolved an issue where disabled users still appeared on your Administration's People page.
- A bug that caused the Feedback widget to be hidden in the Portal has been corrected.
- Remediated a bug that rendered the Draft and Final Report fields on Interims.
- An issue in the IP whitelist where the wrong "Current IP" was being logged in the rules table.
- Fixed a problem where the Required Document templates would corrupt on download.
- A bug where not all Required Document templates were visible to a user has been addressed.
- Corrected an Analytics Reports where the Residual Risk rating was being calculated incorrectly.
- Resolved an issue where the tool was not properly replacing uploaded document.
- A bug that was preventing a user with custom role from logging in has been corrected.
- Fixed a bug that prevented users from uploading Documents during an Interim Assessment.
- Remediated an issue that didn't upload certain CAP fields after saving unless the page was refreshed.
- MyCSF has implemented a robust feedback collection module in order to provide users more visibility and influence over the product roadmap.
- The tool has been updated to deliver email notifications to remind users that there are outstanding Requirement Statements needed for Quality Assurance.
- The Pre-Assessment has been updated to permit an Organization to withhold comments from their HITRUST-issued Report.
- MyCSF will now notify users when an active, unaddressed CAP is 30 days from its scheduled completion date.
- The Document Repository has been enhanced to include the date when a file attachment has last been updated.
- All text-based search filters are now focused automatically without a user having to click into it.
- The Library in MyCSF has been modified to now host the HITRUST CSF Glossary and other complementary HITRUST CSF materials.
- The tool has been updated to fill the default scoring values into all Not Started Requirement Statements when clicking the Expand All button in an Assessment Domain.
- A bug has been resolved where users were not able to delete an Assessment if External Inheritance was used.
- A bug has been fixed where documents were unable to be deleted.
- A bug has been resolved where sometimes CAPs did not transfer to a cloned Assessment.
- A problem has been addressed where MyCSF wouldn't let a user change the CSF version of their Assessment.
- An issue has been resolved where the Expand All functionality within an Assessment Domain does not persist if an action button is clicked.
- An issue has been addressed where MyCSF allowed External Assessors to leave their comment empty when disagreeing with a maturity value.
- A bug has been resolved that was preventing some users from being able to click the Type dropdown when creating a Custom Role.
- A problem for Internet Explorer users where some of the views were distorted has been remediated.
- A bug has been resolved where MyCSF was operating slowly when pressing the Expand All button in an Assessment Domain with a substantial number of Requirement Statements.
- An issue has been resolved where Not Applicable Requirement Statements were sometimes selected as the random choice for Quality Assurance.
- A CAP Repository functionality has been introduced permitting an Organization to create and link Corrective Action Plan's to Assessments within their Account.
- The percentage weights for HITRUST's PRISMA Maturity Model has been updated to reflect a recent change in the Assurance program requirements.
- Logic has been implemented to prevent the scoring of the Managed maturity if the Measured maturity has been set to 0%.
- A Compliance Review Assessment Status has been added in the Assessment lifecycle to provide more specificity around the HITRUST processing of your Report.
- The Dashboards now return floated values rather than integers wherever the Maturity score is calculated.
- Resolved an issue where Assessors were unable to link documents on an Interim Assessment.
- A bug has been fixed where an error was received when importing an Offline Assessment.
- A bug has been fixed where Assessments could be submitted with incomplete Statements.
- An issue has been addressed where Interim Assessments were unable to replace the Assessment documents.
- A bug has been fixed where an error was shown when accessing the HITRUST CSF Reports page.
- An issue has been resolved where an Assessor didn't have to be chosen on the Assessment Options page for Validated Assessments.
- The submission dialog boxes have been altered to provide the updated names of the required fields.
- The Assessor document tab is no longer included in a Readiness Assessment.
- Assessor labels have all be modified to reflect "External Assessor".
- A problem has been addressed where the Pre-Assessment was not saving if you did not generate the Questionnaire.
- The Offline Assessment functionality has been overhauled to allow the managing and linking of Documentation via the provided spreadsheet
- Administrators of an Interim Assessment can now modify the Assessor associated with the Assessment
- Resolved a bug where the "Download All" button was not including all the files uploaded within the Assessment's Document Repository
- Fixed an issue where a user could not add a new document without also providing the attachment through the Document Repository
- The User Interface has been drastically overhauled to improve the user experience within MyCSF
- Custom Assessment capabilities have been released enabling an Organization to construct their own questionnaires using HITRUST's content
- Custom Role functionality has been introduced permitting an Organization to create and define their own permission sets
- Assessors are now able to suggest a scoring change for a disagreed maturity value
- The Validated Assessment Check-in Process has been incorporated directly into the platform providing for easier tracking/feedback after submission
- Mechanism has been put in place to prevent the changing of Assessed Entity to/from Assessor Entity roles after the user has made updates to the Assessment
- "Drag and Drop" document uploading capabilities are now supported
- Resolved an issue where the current date wasn't always selected by default with date-picker fields
- Improved latency issues within the Document Repository where a large number of references were entered
- Fixed a problem where dates would not be rendered in a human friendly format
- Domains with more than 50 Statements now load all questions inherently without the need for clicking the "Show All" button
- Corrected a bug where the "Profile" option on the Navigation bar would log-out a user
- Cleared a problem where sometimes a user was thrown an error when deleting an Assessment
- Issue addressed where the system was not emailing a link to users who requested to download all documents in their Assessment
- Comment fields within an Assessment Statement are now responsive to accommodate larger inputs
- The tool has been updated to allow Account Administrators and Assessment Leads the capability to generate an Interim Assessment at or less than 120 days prior to the Anniversary of an Assessment's Certification Date
- An 'Expand All' button has been implemented for users with a Professional Subscription or above to click while answering an Assessment Domain
- Within an Assessment Statement, the font color of the statement status language has been modified to be more distinguishable if action is required
- The Representation Letter has been overhauled to only provide the necessary template dependent upon the type of the overarching Assessment
- The tool has been updated to automatically extend an Organization's Account when a Draft Report has been posted and they do not currently have ample time to perform certain duties
- Self and Validated Report Credits are now consumed at Submission rather than when the Assessment is originally configured
- A bug has been fixed where users were missing notifications from the Homepage
- A bug when selecting an Assessor Firm has been resolved
- A bug impacting a user's inability to download documents from the Assessment Statement has been corrected
- A bug has been fixed where attachments were missing when running the 'Download All' process
- A fix has been applied that was throwing a warning to users who were accepting the risk for Assessment Statements scored above a 62
- An error stemming from the 'Save All' button has been resolved
- A fix has been applied where users were unable to delete documents during an Interim Assessment
- A bug has been fixed where the External Inheritance flag was not set to complete
- A fix has been applied where the date picker was not displaying the current date when clicked
- A fix has been applied where the HAX button was not visible when enabling the link to HAX
- A bug has been fixed where Illustrative Procedures fail to load when External Inheritance is applied on an Assessment Statement
- An issue has been resolved that wasn't allowing Interim Assessments to be reverted for QA
- When Assessment Statements are being Inherited, there is now an indicator that it has taken place
- The tool has been updated to allow Account Administrators to promote/demote users to an Account Administrator and/or Standard User
- Account Administrators and Assessment Leads are now able to select their own Assessor Firm
- For MyCSF Subscribers, you are now able to bulk upload and download Documents within an Assessment
- A "Save All" button has been implemented for users with a Professional Subscription or above to click while answering an Assessment Domain
- The Pie Chart on the Homepage of MyCSF now has distinctive colors
- The tool has been updated to allow Account Administrators and Assessment Leads to delete their own Assessment
- Filtering within Dashboards have been overhauled to now filter Not Started and Incomplete Assessment Statements
- The tool has been updated to allow an Organization to specify a permitted range of IP Addresses
- The Assessments table on the homepage has been altered to now display the underlying CSF Version for each questionnaire
- Report characteristics are now visible on the HITRUST CSF Reports page
- A document upload status bar has been added when attaching files
- An issue with files not attaching has been resolved
- A bug has been fixed where users tied to Active Accounts receive the "No Active Subscribers" message
- A bug impacting User Delegation to Assessment Statements has been resolved
- A bug has been fixed where users were unable to receive MyCSF Notifications
- An issue around Assessment Leads not being able to switch the CSF Version has been resolved
- A bug regarding inconsistent application timeout has been resolved
- Interim Assessments are now generated 90 days prior to the Certification's Anniversary
- An Assessor document is now not mandatory for Policy and Process maturity scores below 75%
- The Related documents that are linked to Assessment Statements are now downloadable from the statement itself
- The Assessment workflow has been updated to support the delegation of users to an Assessment Domain
- The tool has been updated to support mandated mandatory evidence for all scored maturities for all Assessors
- To meet the new HITRUST Requirements, there are two additional documents that must be attached prior to the submission to HITRUST
- Targeted Assessments have been overhauled to now permit the selection of Authoritative Sources
- A bug has been fixed where comments would exceed the reserved text area
- A bug has been fixed where multiple Assessment Statuses would hide the Assessment Pie Chart
- An issue has been resolved in instances where Assessors are not notified when HITRUST sends QA
- An error stemming from changing a user's password has been resolved
- A problem where users were unable to load the Dashboards has been addressed
- Assessments for Interim purposes can now auto-generate their Interim Assessment
- A bug has been resolved where there was a mismatch with the statutes of an Interim Assessment's Statements
- An issue with the Statement History log occasionally throwing an error has been resolved
- A fix has been applied that would prevent the incidental changing of Statements after the submission button appeared
- A bug has been remediated that was allowing Assessors to submit an Assessment while the assessed Organization was expired
- A bug has been fixed where users were unable to receive the Support identity verification codes via Email or SMS
- A bug has been fixed where users were unable to create a new Assessment after an older Assessment had been Archived
- A bug has been remediated that was causing users to receive an error when the CAP Name field exceeded 50 characters
- Informational modals have been incorporated into the Assessment to provide increased guidance regarding select functionality
- The CAP Management recipients email has been redesigned to dynamically include only the fields that have provided values
- CAPs can now be submitted to HITRUST after all of required Plans have been completed
- Representation Letters are no longer mandatory before submitting to your Assessor
- Wording has been updated for the automatically generated Quality Assurance language
- An issue has been fixed where comments would occasionally exceed the reserved text area
- A bug has been remediated that was causing user's to receive an error when their Assessment count exceeded 100
- A problem relating to the Offline Assessment throwing an error for certain contacts has been corrected
- An error stemming from the Assessment History log for delegated Statements has been resolved
- Analytics issue redirecting users to login has been fixed
- Interim and Archived Assessments will no longer be counted as a consumed Object against your total Assessment limit
- Cloned Assessments will now carry forward the role assignment from the source Object
- An error stemming from the Assessment History log for delegated Statements has been resolved
- The Interim Assessment has been overhauled to meet the new HITRUST Requirements
- All available Reports are now downloadable in the Microsoft Word format
- CAP Management email no longer will require certain fields
- User Assignment is no longer required for Partial Reliance External Inheritance Requests
- Copyright has been fixed on the Assessment
- Internal Inheritance bug affecting some Statements has been resolved
- CSF Library view has been cleaned up
- Assessment Preview Count bug where sometimes legacy Statements were calculated has been fixed
- Deleted Documents will be removed from a User's view immediately and not require a page refresh anymore
- The Name and Security Page now permits the seamless upgrade/downgrade of non-expired CSF Versions
- Assessments no longer mandate they are cloned against the CSF Version of the Source Assessment
- An interface error where a user may see multiple comment boxes momentarily after Delegation has been resolved
- An error where a user could enter in a NULL Document is fixed
- Cloned Assessment's Document now point to the new Object rather than the Original
- The following SSRS Reports have been re-added to MyCSF 2.0:
- HITRUST CSF Control Report
- Compliance Level Report
- Benchmark Report
- Assessment Report (Column)
- Average Domain by Maturity Rating Report