HITRUST announced the next generation of its Software as a Service (SaaS) information risk management platform which has been redesigned for assessing and reporting information risk and compliance.
HITRUST MyCSF 2.0 incorporates updates designed to provide an assessment and third-party review process, corrective action plan management, benchmarking and dashboards, and integration with major GRC platforms and the HITRUST Assessment XChange.
HITRUST engaged its customers and HITRUST CSF Assessors to understand their requirements and leveraged its position and experience in framework development and information risk management, combined with hundreds of thousands of risk assessments, in designing the most efficient solution for information risk assessment management.
“We heard and have responded to our customers’ request for a solution capable of supporting their evolving assessment needs that aligns with managing risk and the changing global regulatory landscape,” said Michael Frederick, Vice President Operations, HITRUST. “We completely redesigned HITRUST MyCSF to make it more efficient to perform and manage assessments and to scale to meet the needs of global organizations of all sizes.”
HITRUST MyCSF 2.0 incorporates the HITRUST CSF, allowing organizations to perform assessments and report against the privacy and security controls of the HITRUST CSF or any one of the thirty-five authoritative sources currently included in the framework, such as NIST 800-53, ISO 27000, NIST Cyber Security Framework, HIPAA, PCI, FFIEC and GDPR.
Since the HITRUST CSF harmonizes these standards and frameworks, it enables organizations to conduct a streamlined assessment that reduces the need to duplicate assessments or answer redundant assessment questions.
Key updates and enhancements in HITRUST MyCSF 2.0 include:
- Streamlined Assessment Navigation – Provides an intuitive application design coupled with a dynamic logic that guides the user
- Single-Page Assessment View – Offers a more generalized view of the questionnaire that eliminates the burden of answering questions on multiple pages
- HITRUST CSF Assessment Preview – Provides an understanding of the implications that changes in scope, authoritative sources or HITRUST CSF versions will have on assessments
- Improved Evidence Support – Streamlines linking of evidence to document requests
- Aggregated Respondent Answers – Aggregates scoring for assessment questions that have been delegated to multiple respondents based on custom determined weights
- Advanced Analytics & Dashboards – Includes the ability to create more customized charts and dashboards
- Enhanced Benchmarking – Compares customized benchmarks against chosen populations
- Updated UI and Platform Support – Enables full functionality for desktop, tablet and mobile use
- Control Inheritance – Supports the ability to inherit control scores from internal and external assessments
- Improved Reporting – Includes compliance reporting on various authoritative sources
- Robust API – Enables integration and exchange of assessment related information with GRC tools and the HITRUST Assessment XChange
“HITRUST understands that addressing information privacy and security risk management and compliance is an important priority for every organization regardless of industry, and they are constantly making the process easier. By leveraging HITRUST MyCSF we have been able to reduce risk and improve efficiencies while demonstrating compliance with a number of regulations,” said Scott Pettigrew, Vice President and Chief Security Officer with HMS.