Search
Related topics are listed below.
Assessor Timesheet
Documents » Assessor Timesheet
Required for all Validated Assessments, assessor organizations must record all individuals that assisted with the submission of the assessment. External Assessor Time Sheet 1. On the sidebar, click the ‘Time Sheet’ label to be rushed to the Time Sheet page.…
Assessor Report
Analytics » Reports » External Reports » Assessor Report
Contains the responses and assessor comments of the HITRUST CSF Assessment categorized by the nineteen domains. Assessment with HITRUST CSF Implementation Report After authenticating through the ‘MyCSF Portal’, click on ‘Analytics’ in the top Menu…
Selecting an Assessor
Pre-Assessment » Creating a New Assessment » Name & Security » Selecting an Assessor
On the Name & Security page, you will be permitted to choose an active Assessor Firm that will be Validating this Assessment. Selecting Assessor Form
Setting Assessor Access
Pre-Assessment » Creating a New Assessment » Name & Security » Setting Assessor Access
From the Name & Security page, here is where you will be able to see the assessor permissions associated with the assessment. You can also navigate to this page while filling out this assessment whenever you like by clicking on the Lock Icon. Assessor Permissions …
Submitting External Assessor Reverted Controls Back to the External Assessor
Assessment Questionnaire » Submitting an Assessment » Submitting External Assessor Reverted Controls Back to the External Assessor
When an External Assessor reverts an Assessment Statement back to their client, the returned Assessment Statement will display a “Response Needed for External Assessor” status. To address these Assessment Statements, you as the client will need to do the…
Viewing your Internal Assessor Functions
Internal Assessors » Viewing your Internal Assessor Functions
Easily Accessible from your Administration, you are able to view all of the approved Internal Assessor functions. The individual IA Function pages will include the approved application, a status, an expiration date, and the Assessments in MyCSF that have leveraged this…
Submit a Domain to an Assessor
Assessment Questionnaire » Submitting an Assessment » Submit a Domain to an Assessor
When you are ready to submit your domain to your assessor for validation, press the link located in the green banner above the Assessment Statements for the Domain that you’ve finished. This link will not become available until all of the Assessment Statements have…
Applying to be an Internal Assessor
Internal Assessors » Applying to be an Internal Assessor
Internal Assessors are those personnel who facilitate the CSF Assessment process by performing in-house testing in advance of an External Assessor’s validated assessment fieldwork. Internal Assessors are part of an “Internal Assessment Function.” This function…
Completing your Internal Assessor Time Sheet
Internal Assessors » Completing your Internal Assessor Time Sheet
Like External Assessors, Internal Assessors are obligated to document both the individuals who performed Internal Assessor duties on the Assessment as well as the hours they each committed. On the sidebar, click the ‘Internal Assessor Time Sheet’ label to be…
Controlling Assessment Roles
Administration » People Management » Controlling Assessment Roles
Follow the instructions below to manage a user’s Assessment Privileges. From the Homepage, click the ‘Administration’ button at the at the top Menu bar or below your Subscription Information. Click on the name of the Assessment you wish to update. From the…
Managing Administrative Roles
Administration » People Management » Managing Administrative Roles
Follow the instructions below to manage a user’s Administrative Role. From the Homepage, click the ‘Administration’ button at the at the top Menu bar or below your Subscription Information. Click on the name you wish to update. From the People Management…
Creating and Importing Assessor Evaluation for an Offline Assessment
Assessment Questionnaire » Completing an Assessment » Creating and Importing Assessor Evaluation for an Offline Assessment
When a Validated Assessment has been submitted to an Assessor, you the Assessor has the ability to fill-out your evaluation outside of MyCSF using a spreadsheet and seamlessly import your evaluation back into the application. Follow the instructions below on Creating…
Enabling Internal Assessors On Your Assessment
Internal Assessors » Enabling Internal Assessors On Your Assessment
After your Internal Assessor application has been approved, the Name and Security page on your Organization’s Assessment will be altered to include a checkbox allowing you to mark your Assessment as having been tested by Internal Assessors. When selected, you will be…
Assessment Domain Status Filters
Assessment Questionnaire » Completing an Assessment » Viewing an Assessment Domain » Assessment Domain Status Filters
On your Table of Assessment Domains, you will be able to filter each domain within your assessment by its respective status. A corresponding count and color will appear within a badge icon for each status currently found in a domain. Here is a list of all possible…
Internal Assessors
Internal Assessors
Organizations, that are capable of demonstrating proficiency within their Internal Audit departments, are permitted to test their own Requirement Statements and enable their External Assessor to rely on the results. Click here to learn more. Sub-topics Applying to…
Assigning Internal Assessors to an Assessment
Internal Assessors » Assigning Internal Assessors to an Assessment
If an Internal Assessor Function has been chosen for an Assessment (Link to Enabling Internal Assessors On Your Assessment), the Subscriber People table will be augmented to include a new column that is reserved for Internal Assessors. Those that have been delegated…
HITRUST’s Criteria for Submission
Assessment Questionnaire » Submitting an Assessment » HITRUST’s Criteria for Submission
If you have completed all of the Assessments Statements in either your Self or Validated Assessment to HITRUST, please verify that the below is covered before submitting it. 1. Ensure that the following Required Documents have been uploaded with the correct dates as…
Answering Requirement Statements
Internal Assessors » Answering Requirement Statements
By Default, all Requirement Statements will be inherently owned by Management. If you wish to provide the scoring as an Internal Assessor, you can either designate individual Requirement Statements or entire Assessment Domains as having be addressed by an Internal…
Managing your Documents
Assessment Questionnaire » Completing an Assessment » Creating an Offline Assessment » Managing your Documents
All of the documents that exist in your Assessments Document Repository will be listed in the excel spreadsheet. You will have the ability to manage existing documents as well as adding new documents (without an attachment) in your Repository. !Please note that when…
Evaluating your Clients Assessment’s Statements
Assessment Questionnaire » Completing an Assessment » Creating and Importing Assessor Evaluation for an Offline Assessment » Evaluating your Clients Assessment’s Statements
Once you have downloaded the excel spreadsheet, you are now able to evaluate and validated your Assessment Statements offline. 1. From the spreadsheet, click on the ‘Assessment’ sheet to add your maturity evaluation and comments for each Assessment…
Submitting an Assessment
Assessment Questionnaire » Submitting an Assessment
Whether submitting a Self-Assessment or a Validated Assessment by your assessor organization, the Assessment Questionnaire can be submitted either by each fully completed domain (Validated only) or by completing the entire Assessment (Self-Assessment/Validated…
Diary
Analytics » Dashboards » Assessments » Assessments » Diary
Review your ‘Diary Entries’ and what you and your Assessor have conversed about regarding any Statement that you can your Assessor have spoken about. This is a useful feature for record keeping all on your ‘Diary’ function. Assessments –…
Illustrative Procedures
Analytics » Dashboards » Assessments » Compliance & Procedures » Illustrative Procedures
View how your Assessor grades and establishes protocol when granting compliance levels for each maturity value at your organization by ‘Requirement Statement’. Policies & Procedures – Glimpse at the relationship between how your Assessor…
Compliance & Procedures
Analytics » Dashboards » Assessments » Compliance & Procedures
View all of your ‘Policies & Procedures’ for every ‘Related HITRUST Control’ in the CSF Library, that is used a s a guide for your Assessor. Policies & Procedures – Glimpse at the relationship between how your Assessor organization…
Attaching the QA Checklist
Documents » Attaching the QA Checklist
The HITRUST CSF Assessor Quality Checklist is a required Document that must be signed by the Engagement Executive and Assessor QA Resource for all Validated Assessments. 1. On the sidebar, click the ‘QA Checklist’ label to be rushed to the QA Checklist page.…
Configuring a User as a HITRUST CSF practitioner
Internal Assessors » Configuring a User as a HITRUST CSF practitioner
A requirement of the Internal Assessor program is that all users performing Internal Assessor duties must be an active HITRUST CSF Certified Practitioner (CCSFP). In order to have a user validated as a CCSFP, the Account Administrator from your organization must…
Re-validating the Assessment
Interim Assessment (r2 only) » Recreating a Validated Assessment Object » Re-validating the Assessment
As you would in any Validated Assessment, you as the Assessor will need to validate all of the Assessment Questions completed by your Client. You will have to ensure the maturity scores entered are identical to their Original CSF Certification. From the Homepage,…
Documents
Documents
Support the findings in your Assessment with the linking of evidence. A built-in Repository allows for documents to be referenced while scoring an Assessment Statement. 1. From the Assessment Homepage, there is a ‘Documents’ label on the left Sidebar. …
Uploading Evidence
Documents » Uploading Evidence
Upload a piece of evidence you believe will aid you in your assessment. The documents you provide will help support the ‘Assessor’ on why certain Maturity Value selections were made. From the MyCSF Homepage, click on the Assessment name you would like to…
Overriding a Potential Quality Issue
Assessment Questionnaire » Potential Quality Issues » Overriding a Potential Quality Issue
The analysis MyCSF runs to check for Potential Quality Issues may sometimes lead to false positives. Because of this, these occurrences can be overridden and excused from remediation. However, if a Potential Quality Issue is overridden, a detailed rationale must be…
CAPs
Analytics » Dashboards » CAPs
The CAPs function is prepared by your Assessor Organization and the Assessor as applicable, and will also serve to describe a ‘Corrective Action Plan (CAP)’. These measurements describe the plan to correct deficiencies identified during the Assessment for…
Performing an Interim Review Assessment
Interim Assessment (r2 only) » Performing an Interim Review Assessment
If you are coming up on your 1-year Anniversary of your CSF Certification, you will need to perform an Interim Assessment. The Interim Assessment is to ensure that the scope of your CSF Certification is still valid. From the Homepage, click on the Assessment with…
Creating a New Assessment
Pre-Assessment » Creating a New Assessment
If you are an Account Administrator, you’ll be able to simply add a new Assessment directly through the homepage of MyCSF. From the MyCSF Homepage, click the ‘+ Create Assessment’ button on the ‘Assessments’ table found under the Organization panel. You…
Adding Corrective Action Plans
Assessment Questionnaire » Completing an Assessment » Answering an Assessment Statement » Adding Corrective Action Plans
For Statements where deficiencies are found, you are able to detail Corrective Actions that will help remediate the identified problem. *Note: Only the organization’s user can enter CAPs, the assessor cannot. 1. From the Assessment Domain, click on the…
Adding a Diary Entry
Assessment Questionnaire » Completing an Assessment » Answering an Assessment Statement » Adding a Diary Entry
The Diary will enable you to enter comments on each of your Assessment Statements to communicate within your organization or assessor. 1. From the Assessment Domain, click on the Assessment Statement that you wish to input a Diary entry. 2. Click on the ‘Diary…
CSF Implementation
Analytics » Dashboards » Assessments » Compliance & Procedures » CSF Implementation
Here you will find the ‘CSF Implementation’ process for each of your ‘Requirement Statements’. Policies & Procedures – Glimpse at the relationship between how your Assessor organization establishes criteria for each Statement being…
Scoping an Assessment
Pre-Assessment » Scoping an Assessment
The scope of the Assessment is the information about your organization that will be used to narrow down the most precise assessment for your compliance and security needs. Fields marked with red asterisks are mandatory. After authenticating through the HITRUST…
Recreating a Validated Assessment Object
Interim Assessment (r2 only) » Recreating a Validated Assessment Object
Once an Interim Assessment has been provisioned, please note that you will have to answer all the Pre-Assessment and Assessment Questionnaire identical to your CSF Certification. *If you still have access to the Original Certified Assessment Object, you do not need to…
Deleting an Assessment
Pre-Assessment » Creating a New Assessment » Name & Security » Deleting an Assessment
Deleting an Assessment will be permanently removed from MyCSF. Only Account Admins and Assessment Leads have the privilege to delete an Assessment. The status of the Assessment must be ‘Not Started’ or ‘Answering Assessment’, as well as not submitted to the…
People Management
Administration » People Management
If you are an Account Administrator within your Organization, you have the ability to manage people’s access as well as modify their Assessment permissions. If you are wishing to elevate or decrease a user’s Administrative rights, click here for instructions. Or,…
Assessments
Analytics » Dashboards » Assessments » Assessments
Check out each Assessment under your subscription with all of the data applicable to your Assessments under the categories ‘High Level’, ‘Responses’, ‘Results’, ‘Comparisons’, ‘Diary’, ‘Users’,…
Edit Existing User in the Portal
Administration » Organization Consolidation » User Management » Edit Existing User in the Portal
Follow the instructions below to edit an existing user in your Portal Account: From the User Management table, click the edit icon adjacent to the user’s name. From the modal, you will have the option to edit the user’s first name, last name, role, toggle…
Administrating Organization Accounts
Administration » Organization Consolidation » Administrating Organization Accounts
A green “Admin” button has been added to the HITRUST application landing page (see Figure 1, top right corner). The administration function is only viewable to users with Administrator roles as determined by their Organization. Figure 1: Selecting the…
Subscriber Management
Administration » Subscriber Management
Depending on the Subscription Level access you have to MyCSF, the Subscriber Management page, is where you can manage and access your account’s ‘People’, ‘API Users’, ‘Custom Security Roles’, ‘Assessments’, ‘Links to HAX’, and ‘IP…
MyCSF Compliance and Reporting Packs
Analytics » MyCSF Compliance and Reporting Packs
MyCSF Compliance and Reporting Pack for HIPAA Step 1: Create a readiness, validated, or targeted assessment using v9.5.0 or later which includes the HIPAA breach notification rule and/or HIPAA security rule. Step 2: Go to Analytics > Compliance Packs > Select…