MyCSF Overview - HITRUST Alliance

0 downloads 171 Views 3MB Size Report
design coupled with dynamic logic that guides users. ✓ CSF Assessment Preview – Provides an understanding of the imp
Best in Class Information Risk Management Platform for Assessing and Reporting Information Risk and Compliance

Regardless of the industry served, organizations are challenged with managing information security risks, data governance, complying with the numerous information protection regulations, and adhering to national and international standards and best practices. HITRUST® understands that addressing these challenges is a priority for organizations of all sizes, in all industries and geographies. Implementing an information risk management framework, performing a thorough and accurate information risk assessment, streamlining remediation activities, or reporting and tracking compliance is resource intensive and complicated at best and many instances overwhelming. We’ve leveraged our unique position and experience in framework development and information risk management and compliance, combined with processing hundreds of thousands of risk assessments to design the most efficient solution for assessing, managing and reporting information risk and compliance.

Key Components of MyCSF HITRUST CSF® – The HITRUST MyCSF incorporates the HITRUST CSF allowing organizations to perform assessments and report against the privacy and security controls of the HITRUST CSF or any one of the thirty-five authoritative sources currently included in the framework, such as NIST 800-53, ISO 27000, NIST Cybersecurity Framework, HIPAA, PCI, FFIEC and GDPR. ance Method olo ssur gy FA CS

HITRUST CSF

Assessment Platform

855.HITRUST • www.HITRUSTalliance.net

HITRUST CSF Assurance Methodology – The HITRUST CSF Assurance Program provides a simplified and consistent approach to assessments and reporting against the HITRUST CSF and any of the thirty-five authoritative sources it incorporates. This risk-based assurance approach, which is governed and managed by HITRUST, is designed to address evolving information threats and unique regulatory and business needs of organizations, while delivering an effective, standardized and streamlined assessment process for reporting compliance and information risk posture. Since the HITRUST CSF synthesizes numerous standards and frameworks into a single comprehensive and harmonized framework, it negates the need for multiple assessments or answering redundant assessment questions, an approach we refer to as “Assess Once, Report Many.” Assessment Platform – The HITRUST MyCSF makes it easier and more cost-effective for an organization to manage information risk and meet international, federal and state regulations concerning privacy and security. The HITRUST MyCSF tool provides global organizations of all sizes with a purposefully designed, and engineered SaaS solution for performing risk assessments, corrective action plan management, enhanced benchmarking and dashboards, and integration with major GRC platforms and the HITRUST Assessment XChange®. The HITRUST MyCSF is a solution that will support an organization’s evolving assessment needs that align with managing risk in the changing cyber threat, information risk and global regulatory landscape. © 2018 HITRUST Alliance v.0718

Overview

MyCSF – Features üü Assessment Navigation – Provides an intuitive application design coupled with dynamic logic that guides users

üü Benchmarking – Customized benchmarks against populations that you choose

üü CSF Assessment Preview – Provides an understanding of the implications that changes in scope, authoritative sources or CSF version will have on an assessment

üü UI and Platform Support – Enables full functionality for desktop, tablet and mobile use

üü Evidence Support – Maintain a library of supporting documentation and link them to control requirements and maturity domains üü Aggregated Respondent Answers – Aggregates scoring for assessment questions that have been delegated to multiple respondents based on weights you determine

üü Control Inheritance – Supports the ability to inherit control scores from internal and external assessments üü Comprehensive Reporting – Includes compliance reporting on various authoritative sources üü Robust API – Enables integration and exchange of assessment related information with GRC tools and the HITRUST Assessment XChange

üü Advanced Analytics & Dashboards – Includes the ability to create customized charts and dashboards

By utilizing MyCSF, an organization can reduce resources, improve efficiencies, enhance reporting and dashboards, streamline assessment modeling and share assessment information with other applications relating to information risk management and compliance. 855.HITRUST • www.HITRUSTalliance.net

© 2018 HITRUST Alliance v.0718

Overview

Below are the advanced subscription features of MyCSF that simplify the process of sharing information, provide a comparison of your organization’s assessment scores and streamline analytics and reporting.

Inheritance - Benchmarking - Advanced Analytics Inheritance Inheritance allows scores from one assessment to be applied to another assessment. This can occur within an organization (internal) or from another organization (external).

External inheritance enables hosting, cloud, and service

Internal inheritance gives organizations the ability to inherit

providers* to make assessment scores available for inheritance into any organization’s assessment—easily, seamlessly, and automatically.

control scores from one of their assessments and apply them to another of their assessments, streamlining the assessment process.

This simplifies the process and reduces the effort necessary for hosting and service organization customers to be assessed. By working with a participating service provider, customers can reduce the required testing and associated costs for inherited controls in a fully automated manner.

Key Benefits:

Key Benefits: üü Reduces testing required to get a HITRUST CSF validated assessment for customers

üü Flexibility of approach by allowing organizations to assess parts of their organization and build upon them through inheritance into subsequent assessments üü Only assess an application, infrastructure component, server, or location once, then leverage it as part of other assessments

üü Reduces data entry associated with HITRUST CSF validation of applications already hosted in a HITRUST CSF validated environment üü Provides granular inheritance of control requirement scores üü Indicates service provider’s focus on security

Benchmarking Basic – Enables a comparison of your organization’s assessment scores against all HITRUST validated assessments to understand how you compare to the average scores. Advanced – With advanced benchmarking, organizations can compare assessment scores against specific types of population segments, sizes, types and number of employees yielding a more relevant analysis. The ability to accurately compare to appropriate peer groups provides a more precise comparison which is ideal for management communication. * To take advantage of this offering, service providers must have an appropriate MyCSF subscription and a current HITRUST CSF Validated Assessment in good standing. 855.HITRUST • www.HITRUSTalliance.net

© 2018 HITRUST Alliance v.0718

Overview

Advanced Analytics, Dashboards and Comprehensive Reporting The MyCSF analytics and reporting solution is essential to enabling actionable discussions across the entire organization. Management and users can easily create and collaborate on the progress and outcomes of a HITRUST CSF assessment. MyCSF analytics streamlines analysis and reporting for all levels of management and Board of Directors.

Analytics and Reporting Packages: Basic – This option provides pre-defined, static reports that are similar to the dashboards and allows for effective communication. Advanced – Enables reporting on administrative details and factors, assessment status, illustrative procedures and CAPs. This reporting option allows access to the full suite of dashboards and reports. Premium – In addition to the Advanced package, the Premium package allows for the creation of customized reports and defined dashboards, enabling organizations to tailor specific reporting and analysis to fit their needs.

Robust API Streamline integration with GRC or other risk management tools.

The MyCSF API allows you to exchange information with risk management and GRC tools. By providing API access, HITRUST allows for assessment data to be exchanged in an automated fashion allowing organizations to manage risk in their native toolsets.

855.HITRUST • www.HITRUSTalliance.net

© 2018 HITRUST Alliance v.0718

Overview

Subscription Options: MyCSF is available at various subscription levels. Report only access limits you to the functionality required to perform an assessment and submit to HITRUST for processing. Annual subscriptions to MyCSF affords access to more enhanced features that streamline and enhance the process of performing an assessment, thereby managing your HITRUST CSF adoption. Subscription level and associated features are:

HITRUST’s management and support of the MyCSF tool set it apart as a one-of-a-kind resource. MyCSF is offered in varying subscription levels. For more information, visit the MyCSF webpage or contact [email protected].

855.HITRUST • www.HITRUSTalliance.net

© 2018 HITRUST Alliance v.0718