41
2.1.0
Zurich, Yokohama, Xanadu
HITRUST, the leader in cybersecurity assurance used in risk management and compliance, offers certification programs for the application and validation of security, privacy, and AI controls. Informed by over 50 standards and frameworks, the company's threat-adaptive approach delivers the most relevant and reliable solution, including multiple selectable and traversable assessments and certifications, an ecosystem of over 100 independent assessment firms, centralized quality reviews, reporting and certification, and a powerful SaaS platform enabling its program and process. For over 17 years, HITRUST has led the assurance industry and today is widely recognized as the most trusted solution to establish, maintain, and demonstrate security capabilities for risks management and compliance.
HITRUST Assessment XChange integrates with ServiceNow Third-Party Risk Management (formerly Vendor Risk Management), offering a seamless and efficient experience for HITRUST clients to submit and manage assessments within their ServiceNow instance. Import IRQ templates from the HITRUST API, assign IRQ Questionnares to your employees and vendors during onboarding Due Dilligence or Vendor Risk Tiering, and send questionnaire responses out to the HITRUST API for risk scoring, recommendations, and Corrective Action Plans.
HITRUST Assessment XChange integrates with ServiceNow Third-Party Risk Management, offering a seamless and efficient experience for HITRUST clients to submit and manage assessments through HITRUST systems of record.
- Get up and running quickly with our Guided Setup
- Import Inherent Risk Questionnaire (IRQ) templates from the HITRUST API, assign them to your internal employees, and invite vendors to complete questionnaires in the Third-Party Risk Portal during Due Diligence or Vendor Tiering
- HITRUST IRQ responses are sent automatically to the HITRUST API, then Vendor Risk Scores, recommendations and Corrective Action Plans are returned and imported to inform your decision-making process
- Request HITRUST assessments from vendors directly from the Vendor Risk Managemeent Workspace; Vendors can share HITRUST Assessments automatically over the API
- Instead of relying on PDF exports, import HITRUST assessments in a relational table structure for unprecedented reporting, analysis, and decision-making for Vendor Risk Management
Version 2.1.0
This release is Certified for Zurich compatibility and includes the following enhancements:
- HITRUST Assessment XChange Lists added to Vendor Risk Management workspace so that HITRUST Assessments, HITRUST Recommendations, HITRUST IRQs, HITRUST Action Plans, HITRUST Action Plan Notes, HITRUST Share Tokens, and HITRUST Third Parties (Vendor Maps) are accessible directly from the Vendor Risk Management lists. Additionally, HITRUST related lists have been added to the external assessment (third-party risk assessment) forms in the Vendor Risk Management workspace so that customers can see the HITRUST IRQs, HITRUST Recommendations, and HITRUST Share Tokens that are associated with a HITRUST-related external assessment.
- HITRUST Assessment XChange has been upgraded for compatibility with Smart Assessment Engine (SAE). For customers which have Smart Assessment Engine (SAE) enabled for their ServiceNow Third-party Risk Management (TPRM) application, HITRUST Assessment XChange now includes the capability to import SAE-compatible IRQ template questionnaires, SAE-compatible HITRUST e1 Online Self-Assessment template questionnaire, and it contains SAE-compatible document requests for HITRUST Assessments.
- The capability to "Request Recommended Assessment" has been added on HITRUST Recommendations and HITRUST IRQs which will automatically select the recommended assessment and create an external assessment (third-party risk assessment).
- More granular roles have been included in this release. Users with a x_hitru_hitrust_tp.hitrust_irq_requestor role can access "Request HITRUST IRQ" (and cannot access "Request HITRUST Assessment") and users with x_hitru_hitrust_tp.hitrust_assessor role can access "Request HITRUST Assessment" (and cannot access "Request HITRUST IRQ").
- "Vendor Bidirectional Sync Filter" system property added to allow customers to optionally filter the ServiceNow vendors that are bidirectionally synced to HITRUST (Default: empty)
- The HITRUST IRQ Template import has been updated to allow for multi-select question compatibility for custom HITRUST IRQ templates.
- If a REST integration error occurs in the HITRUST Assessment XChange application, HITRUST Support are notified of the error messages so that they are aware. A system property has been added to allow customers to opt-in to this functionality.
- The HITRUST Assessments import has been updated for delta imports e.g. the ability to import HITRUST assessments that were modified after the Last import date/time (system property x_hitru_hitrust_tp.last_import_time for "hitrust_rds" connection) for improved performance.
- The HITRUST Vendors import has been updated for delta imports e.g. the ability to import HITRUST Vendors that were modified after the Last import date/time (system property x_hitru_hitrust_tp.last_import_time for "hitrust_hax" connection) for improved performance. The HITRUST Vendors import has also been updated to be compatible with pagination when retrieving HITRUST Vendors.
This release also includes fixes for the following minor issues:
- HITRUST Assessment date fields that showed 3000-12-31 for empty dates are now corrected to show an empty field.
- HITRUST IRQ "Percentage complete" Decimal field has been replaced with "Percentage complete" Percent type field.
- HITRUST Assessment Corrective Action Plan (CAP) "Requirements" String field has been replaced with a "Domain Requirements" reference list collector field which links directly to the imported Domain Requirements.
- HITRUST Create Opportunity API failures relating to "Assessment Type cannot be empty." have been corrected.
The following behavior has been modified in this release:
- The current x_hitru_hitrust_tp.hitrust_assessor no longer has access to "Request HITRUST IRQ". To access both "Request HITRUST Assessment" and "Request HITRUST IRQ", users/groups will need to be granted both x_hitru_hitrust_tp.hitrust_irq_requestor and x_hitru_hitrust_tp.hitrust_assessor roles.
- The old "Percentage complete" Decimal field on the HITRUST IRQ table has been relabeled "Percentage complete (Deprecated)" and is no longer in the list and form views as it is replaced with the new Percent "Percentage complete" field.
- The old "Requirements" String field on the HITRUST Assessment Corrective Action Plan (CAP) table has been relabeled "Requirements (Deprecated)" as it is replaced with the new "Domain Requirements" field.
Please review the HITRUST Assessment XChange Installation and Configuration Guide section 3.1 for guidance on upgrading the application.
ServiceNow Plugin Dependencies
- GRC: Vendor Risk Management Workspace
- Third-party Risk Management
- Third-party Risk Due Diligence
- Integration Commons for CMDB