MyCSF User Group May 20, 2019

Moderators:
Michael Frederick: Vice President, Operations
Wade Hansford: Senior Product Specialist, MyCSF
James Nutkis : Manager, MyCSF Project and Development
Dennis Palmer: Director, Information Security
Agenda
Today’s Topics and Discussions

2 © 2019 HITRUST
User Group Topics
• Roadmap
– Continuous Monitoring
– Customized Assessments
– Tailorable Roles
– LDAP/AD Integration
– Centralized CAP Repository
– Embedded Dashboards
– Chatting and Tagging
• Survey for Enhancements
• UI Reveal
• Q&A

3 © 2019 HITRUST
Ground Rules
• Purposefully interactive
– Intended to be engaging enabling you to dictate the discussions.
– Please raise your hand and we’ll get to you.

• Mutually beneficial for you as well as us.

– We will take all feedback from this session and use to shape and prioritize
future enhancements to MyCSF.

• Feel free to come and go

– If there’s a topic that isn’t of interest to you, we will be not be distracted by
those that step out.
– Be respectful of others in the room if you do.

4 © 2019 HITRUST
Roadmap and Feedback
• We currently have over 100 things documented in the backlog. Every
two weeks, these items are evaluated by our Steering Committee.

• Ideas originating from users are weighted most heavily in the

selection process

• How do I submit Feedback?

– Use the “Help” tab on every MyCSF page
– Emailing Feedback@hitrustalliance.net

5 © 2019 HITRUST
Roadmap – Continuous Monitoring
• Functionality that facilitates a persistent review of an Assessment to
enable a current outlook of an environment’s risk stature.
– Review intervals are based upon the measurement requirements of the
HITRUST CSF.

• Promotes a more insightful outlook of HITRUST CSF compliance

over-time.

• Why do it?
– Better visibility into your Organization’s continued security practices

6 © 2019 HITRUST
Roadmap – Customized Assessments
• Capability for a User to generate an Assessment by picking from the
Assessment Statements predefined in our Library.

• Integration with the HITRUST Assessment Xchange (HAX) to

disperse these Questionnaires to your Vendors leveraging a managed
service.

• Why do it?
– Permit Organizations the flexibility to craft their own Assessments that
differ from the options presented today.

7 © 2019 HITRUST
Roadmap – Tailorable Roles
• Feature that permits Account Administrators to define and manage
their own permission sets for their Organization. These roles would be
modifiable not only for Assessment Administration but also
Subscription Administration.

• Allows Admins to have total autonomy over their entity’s Access

Control

• Why do it?
– Provide a more customizable solution for each Organization

8 © 2019 HITRUST
Roadmap – LDAP/AD Authentication
• Mechanism for Organizations to link-up their internal Directory System
with the HITRUST Portal and utilize its credentialing process.

• Gives Accounts a means for managing their user population by

interfacing with external technologies.

• Why do it?
– Integration of proprietary Single-Sign-On (SSO) solutions or other
platforms where user data is managed.

9 © 2019 HITRUST
Roadmap - Centralized CAP Repository
• Feature that permits Subscribers to define and maintain a list of
Corrective Actions at the Organizational Level.

• The CAPs could then be associated to individual Assessment

Statements as to minimize redundancies of these mitigation steps
prevalent across multiple Assessments.

• Why do it?
– Ability to manage all CAPs from a dedicated space
– Document other CAPs that aren’t related to a HITRUST Assessment

10 © 2019 HITRUST
Roadmap – Embedded Dashboards
• Redesign to the existing “Analytics” functionality that will merge the
existing charts into the Assessment component of MyCSF.

• Organization-wide charting would still be available

• Why do it?
– Improved Navigation as an Assessment’s dashboards would be
integrated directly into an Assessment Object.

11 © 2019 HITRUST
Roadmap – Chatting and Tagging
• Repurpose the “Diary” functionality and create a section within an
Assessment Statement that allows for commentary.

• Ability to tag individuals with the Chat causing an alert to be sent to

that individual with whatever message was directed at them.

• Why do it?
– More useful than existing feature for logging notes and alerting
respondents

12 © 2019 HITRUST
Roadmap Survey
• Please raise your hand if you would find the following beneficial:

– Continuous Monitoring
– Customized Assessments
– Tailorable Roles
– LDAP/AD Integration
– Centralized CAP Repository
– Embedded Dashboards
– Chatting and Tagging

13 © 2019 HITRUST
UI/UX Improvement Initiative
• Currently working with a leading UI/UX firm to enhance the user-
interface as well as dissect high usage features and offer workflow
improvements.

• Initially, we will address the UI before we move onto any workflow or

feature analysis

• Start incorporating UI fixes in July

14 © 2019 HITRUST
UI/UX Improvement Initiative – HITRUST Portal Login

15 © 2019 HITRUST
UI/UX Improvement Initiative – HITRUST Portal Landing

Option #1

16 © 2019 HITRUST
UI/UX Improvement Initiative – Homepage

19 © 2019 HITRUST
UI/UX Improvement Initiative – Factors

20 © 2019 HITRUST
UI/UX Improvement Initiative – Assessment

21 © 2019 HITRUST
UI/UX Improvement Initiative – Domain

22 © 2019 HITRUST
UI/UX Improvement Initiative – Documents

23 © 2019 HITRUST
UI/UX Improvement Initiative – Variant 2

24 © 2019 HITRUST
UI/UX Improvement Initiative – Variant 3

25 © 2019 HITRUST
Q&A
• What questions do you have?

26 © 2019 HITRUST
 Visit www.HITRUSTAlliance.net for more information

To view our latest documents, visit the Content Spotlight

27 © 2019 HITRUST