855.HITRUST (855.448.7878) www.HITRUSTAlliance.net © 2018 HITRUST Alliance1
MyCSF 2.0 Offers a Leap Forward in Risk
Assessment Automation
855.HITRUST (855.448.7878) www.HITRUSTAlliance.net © 2018 HITRUST Alliance2
Introducing MyCSF 2.0
• We understand that addressing information privacy and security risk management and compliance is an important priority for every organization regardless of industry
• HITRUST's deep knowledge of framework development, information risk management and information risk assessments is based on 11 years of CSF development, and hundreds of thousands of risk assessments
• This combined experience gives us a unique advantage for designing the most efficient solution for assessment management
• HITRUST engaged its customers and CSF Assessors to understand their requirements and leveraged its unique position and experience in framework development and information risk management
• We’ve built our assessment methodology and platform to allow organizations to streamline the assessment process
• MyCSF 2.0 is a Software as a Service (SaaS) information risk management platform that is best in class for assessing and reporting information risk and compliance
855.HITRUST (855.448.7878) www.HITRUSTAlliance.net © 2018 HITRUST Alliance3
HITRUST Assessment Evolution
855.HITRUST (855.448.7878) www.HITRUSTAlliance.net © 2018 HITRUST Alliance4
CHIP-Q• Complex spreadsheet • No visibility to scores in real-time • Less precise scoring model • Limited ability to tailor
assessments
855.HITRUST (855.448.7878) www.HITRUSTAlliance.net © 2018 HITRUST Alliance5
MyCSF 1.0
• Online risk assessment as a service
• Real-time visibility to scoring
• Increased precision of scoring
• Ability to calculate residual risk
• Ability to tailor an assessment
855.HITRUST (855.448.7878) www.HITRUSTAlliance.net © 2018 HITRUST Alliance6
MyCSF 1.0 Limitations
• Cumbersome navigation • No linkage between
supporting documentation & control requirements
• Limited delegation • Limited inheritance • Static reporting
855.HITRUST (855.448.7878) www.HITRUSTAlliance.net © 2018 HITRUST Alliance7
Lessons Learned Along the Way
• GRC based assessment approach is restricted by the structure of the GRC • GRC reporting mechanisms are rigid • Assessments are a collaboration • Assessments are not a series of dependencies • Status of the assessment process is critical • Ability to extract data for offline processes is useful • Communication between assessed, assessor and certifier is important • Efficient workflow helps contain assurance costs • Structured, intuitive navigation can make a big difference
855.HITRUST (855.448.7878) www.HITRUSTAlliance.net © 2018 HITRUST Alliance8
MyCSF 2.0 - How We’ve Addressed Lessons Learned
• Greater efficiency • More transparency • Better analytics • API allows integration
with the native toolset
855.HITRUST (855.448.7878) www.HITRUSTAlliance.net © 2018 HITRUST Alliance9
MyCSF 2.0 Updates and Enhancements
• Streamlined Assessment Navigation – Provides an intuitive application design coupled with a dynamic logic that guides the user
• Single-Page Assessment View – Offers a more generalized view of the questionnaire that eliminates the burden of answering questions on multiple pages
• CSF Assessment Preview – Provides an understanding of the implications that changes in scope, authoritative sources or CSF version will have on assessment
• Improved Evidence Support – Streamlines linking of evidence to document requests • Aggregated Respondent Answers – Aggregates scoring for assessment questions
that have been delegated to multiple respondents based on weights you determine
855.HITRUST (855.448.7878) www.HITRUSTAlliance.net © 2018 HITRUST Alliance10
MyCSF 2.0 Updates and Enhancements
• Advanced Analytics & Dashboards – Includes the ability to create more customized charts and dashboards
• Enhanced Benchmarking – Customized benchmarks against populations that you choose
• Updated UI and Platform Support – Enables full functionality for desktop, tablet and mobile use
• Control Inheritance – Supports the ability to inherit control scores from internal and external assessments
• Improved Reporting – Includes compliance reporting on various authoritative sources
• Robust API – Enables integration and exchange of assessment related information with GRC tools and the HITRUST Assessment Xchange
855.HITRUST (855.448.7878) www.HITRUSTAlliance.net © 2018 HITRUST Alliance11
MyCSF 2.0 DEMO
855.HITRUST (855.448.7878) www.HITRUSTAlliance.net © 2018 HITRUST Alliance12
What Does This Mean For Existing Subscribers?
-30 Days
Initial Email
-21 Days
Not Confirmed • Initial Email
-14 Days
Confirmed • Reminder
Not Confirmed
• Initial Email • Call POC
-7 Days
Confirmed • Reminder
Email • Schedule
Demo
Not Confirmed
• Initial Email • Call POC
-5 Days
Not Confirmed
• Place in Queue for
reschedule
-3 Days
Confirmed • Reminder
Email • Schedule
Demo
-1 Day
Confirmed • Reminder
Email • Schedule
Demo
0 Day
Confirmed • Notification
of Completion
• Schedule Demo
855.HITRUST (855.448.7878) www.HITRUSTAlliance.net © 2018 HITRUST Alliance13
MyCSF 2.0 - Conclusion
• MyCSF 2.0 incorporates the HITRUST CSF allowing organizations to perform assessments and report against the privacy and security controls of the HITRUST CSF or any one of the thirty-five authoritative sources currently included in the framework such as NIST 800-53, ISO 27000, NIST Cyber Security Framework, HIPAA, PCI, FFIEC and GDPR
• Since the HITRUST CSF harmonizes these standards and frameworks, it
enables organizations to conduct a streamlined assessment that reduces the need to duplicate assessments or answer redundant assessment questions
• MyCSF 2.0 incorporates major updates designed to provide a more flexible and
streamlined assessment and third-party review process, corrective action plan management, enhanced benchmarking and dashboards, and integration with major GRC platforms and the HITRUST Assessment Xchange
855.HITRUST (855.448.7878) www.HITRUSTAlliance.net © 2018 HITRUST Alliance14
MyCSF 2.0 - Conclusion
• We have responded to our customers’ request for a solution capable of supporting their evolving assessment needs that aligns with managing risk and the changing global regulatory landscape
• We completely redesigned MyCSF to make it more efficient to perform and
manage assessments and to scale to meet the needs of global organizations of all sizes
For more information on HITRUST visit www.HITRUSTAlliance.net
To view our latest documents, visit the Content Spotlight