MyCSF 2.0 Webinar - hitrustalliance.net · • MyCSF 2.0 incorporates the HITRUST CSF allowing...

855.HITRUST (855.448.7878) www.HITRUSTAlliance.net © 2018 HITRUST Alliance1

MyCSF 2.0 Offers a Leap Forward in Risk

Assessment Automation

http://www.HITRUSTAlliance.net


Introducing MyCSF 2.0

• We understand that addressing information privacy and security risk management and compliance is an important priority for every organization regardless of industry

• HITRUST's deep knowledge of framework development, information risk management and information risk assessments is based on 11 years of CSF development, and hundreds of thousands of risk assessments

• This combined experience gives us a unique advantage for designing the most efficient solution for assessment management

• HITRUST engaged its customers and CSF Assessors to understand their requirements and leveraged its unique position and experience in framework development and information risk management

• We’ve built our assessment methodology and platform to allow organizations to streamline the assessment process

• MyCSF 2.0 is a Software as a Service (SaaS) information risk management platform that is best in class for assessing and reporting information risk and compliance



HITRUST Assessment Evolution



CHIP-Q• Complex spreadsheet • No visibility to scores in real-time • Less precise scoring model • Limited ability to tailor

assessments



MyCSF 1.0

• Online risk assessment as a service

• Real-time visibility to scoring

• Increased precision of scoring

• Ability to calculate residual risk

• Ability to tailor an assessment



MyCSF 1.0 Limitations

• Cumbersome navigation • No linkage between

supporting documentation & control requirements

• Limited delegation • Limited inheritance • Static reporting



Lessons Learned Along the Way

• GRC based assessment approach is restricted by the structure of the GRC • GRC reporting mechanisms are rigid • Assessments are a collaboration • Assessments are not a series of dependencies • Status of the assessment process is critical • Ability to extract data for offline processes is useful • Communication between assessed, assessor and certifier is important • Efficient workflow helps contain assurance costs • Structured, intuitive navigation can make a big difference



MyCSF 2.0 - How We’ve Addressed Lessons Learned

• Greater efficiency • More transparency • Better analytics • API allows integration

with the native toolset



MyCSF 2.0 Updates and Enhancements

• Streamlined Assessment Navigation – Provides an intuitive application design coupled with a dynamic logic that guides the user

• Single-Page Assessment View – Offers a more generalized view of the questionnaire that eliminates the burden of answering questions on multiple pages

• CSF Assessment Preview – Provides an understanding of the implications that changes in scope, authoritative sources or CSF version will have on assessment

• Improved Evidence Support – Streamlines linking of evidence to document requests • Aggregated Respondent Answers – Aggregates scoring for assessment questions

that have been delegated to multiple respondents based on weights you determine



MyCSF 2.0 Updates and Enhancements

• Advanced Analytics & Dashboards – Includes the ability to create more customized charts and dashboards

• Enhanced Benchmarking – Customized benchmarks against populations that you choose

• Updated UI and Platform Support – Enables full functionality for desktop, tablet and mobile use

• Control Inheritance – Supports the ability to inherit control scores from internal and external assessments

• Improved Reporting – Includes compliance reporting on various authoritative sources

• Robust API – Enables integration and exchange of assessment related information with GRC tools and the HITRUST Assessment Xchange



MyCSF 2.0 DEMO



What Does This Mean For Existing Subscribers?

-30 Days

Initial Email

-21 Days

Not Confirmed • Initial Email

-14 Days

Confirmed • Reminder

Email

Not Confirmed

• Initial Email • Call POC

-7 Days


Email • Schedule

Demo

Not Confirmed

• Initial Email • Call POC

-5 Days

Not Confirmed

• Place in Queue for

reschedule

-3 Days


Email • Schedule

Demo

-1 Day


Email • Schedule

Demo

0 Day

Confirmed • Notification

of Completion

• Schedule Demo



MyCSF 2.0 - Conclusion

• MyCSF 2.0 incorporates the HITRUST CSF allowing organizations to perform assessments and report against the privacy and security controls of the HITRUST CSF or any one of the thirty-five authoritative sources currently included in the framework such as NIST 800-53, ISO 27000, NIST Cyber Security Framework, HIPAA, PCI, FFIEC and GDPR

• Since the HITRUST CSF harmonizes these standards and frameworks, it

enables organizations to conduct a streamlined assessment that reduces the need to duplicate assessments or answer redundant assessment questions

• MyCSF 2.0 incorporates major updates designed to provide a more flexible and

streamlined assessment and third-party review process, corrective action plan management, enhanced benchmarking and dashboards, and integration with major GRC platforms and the HITRUST Assessment Xchange



MyCSF 2.0 - Conclusion

• We have responded to our customers’ request for a solution capable of supporting their evolving assessment needs that aligns with managing risk and the changing global regulatory landscape

• We completely redesigned MyCSF to make it more efficient to perform and

manage assessments and to scale to meet the needs of global organizations of all sizes


For more information on HITRUST visit www.HITRUSTAlliance.net

To view our latest documents, visit the Content Spotlight

http://www.hitrustalliance.net/

http://hitrustalliance.net/content-spotlight/

Date post:	19-Jul-2020
Category:	Documents
Upload:	others
View:	0 times
Download:	0 times

MyCSF 2.0 Webinar - hitrustalliance.net · • MyCSF 2.0 incorporates the HITRUST CSF allowing...

Documents