HITRUST adds new features to its information risk and compliance assessment SaaS platform

HITRUST, a leading data protection standards development and certification organization, announced a significant new release of its information risk and compliance assessment SaaS platform.

HITRUST is continually innovating MyCSF to help streamline and simplify how organizations assess information risk and manage compliance.

The October 2019 release features a redesigned user interface, capability to create custom assessments tailored to specific regulatory or control requirements, streamlined workflows throughout the third-party assurance process, and sharing of assessments with third parties through the HITRUST Assessment XChange.

MyCSF was designed from the start as an information risk assessment and compliance tool and engineered to streamline assessing, reporting, and remediating information risk and compliance.

In addition the platform can be used to build a robust ISRM program, lending insight into an organization’s security posture and areas of improvement, benchmarking against the scores of similar organizations.

New features

Custom assessments: Tailor assessments to fit an organization’s needs, selecting some or all of the controls in any of 44 authoritative sources that are mapped and harmonized in the HITRUST CSF, including ISO 27XXX, NIST 800-53, NIST Cybersecurity Framework, NIST 800-171, PCI, HIPAA, HITECH, GDPR, FFIEC, and CCPA.

Customizations could include assessing against one or multiple authoritative sources, regulatory factors, or control requirements without having to add CSF baseline controls.

Custom roles: Create and define access control permissions tailored to the organization.

Redesigned user interface: Modern, sleek, and streamlined interface enables intuitive and faster workflow.

Integration to third-party assurance process: MyCSF fully supports the HITRUST CSF Assurance Program including assessment entry, assessor assignments, and submission. It also includes role assignment and workflows for the recently added Internal Assessor role, allowing internal audit and other departments to aid in the CSF Assessment process.

Enhanced shared responsibility support: Updated functionality within MyCSF supports the HITRUST Shared Responsibility Program for inheriting controls from cloud and other service providers, streamlining the assessment and working process.

Integration with HITRUST Assessment XChange Portal: Makes sharing risk assessment data with third parties simple, secure, and efficient. Satisfies and streamlines customer requests to provide CSF Assessment Reports as well as customer communications concerning Corrective Action Plans (CAPs), Interim Assessments, and more.

Enhanced API: MyCSF also offers expanded API functions for integration with GRC and other systems.