6.2.1 The Assessed Entity must complete the Name & Security webform in MyCSF, including entering the assessment name and, for validated assessments, selecting the External Assessor Organization that will perform validation procedures.
6.2.2 The Assessed Entity must also set the access permissions for the Assessed Entity and, for validated assessments, External Assessor users in the webform.
6.2.3 The Subscriber name on the webform is automatically completed and locked with the name on the Assessed Entity’s subscription. This name will appear as the Assessed Entity in any subsequently issued HITRUST reports.
NOTE: Only one organization name may be included as the Assessed Entity in a HITRUST assessment report.