| Tabs Container |
|---|
|
| Tabs Page |
|---|
| This table provides information on how to manage user accounts. AD Password Reset(HCQIS ServiceNow Training Catalog) Provides information for HCQIS users on how to use the AD Password Reset self-service application to reset their Active Directory password. | Case Management(HCQIS ServiceNow Training Catalog) Provides information for Program Service Desks on how to process external customer cases through the lifecycle of the case. | Cloud Catalog (HCQIS ServiceNow Training Catalog) | Provides users with information on how to locate, create, and submit Cloud requests through the IT Services catalog in ServiceNow. |
|---|
User Management (HCQIS ServiceNow Training Catalog) | Provides users with information on how to request a new, addition, or modification of a HCQIS account. |
|---|
| Tabs Page |
|---|
| |
The Contract Checklists provide a list of items that must be completed prior to beginning onboarding and when offboarding a contract.
| Preboarding Checklist | You are ready to onboard a contract after completing the following: - Completed CBT Training (cms.gov/cbt): RBT & RoB Policy Updates: A Briefing for CORs
The COR training includes a review of RBT and RoB resource kits for use with CMS contractors. The training additionally covers the COR responsibilities for collecting training records demonstrating that all contractors with SSR complete specialized RBT commensurate with their roles within sixty (60) days of beginning work on a contract, annually thereafter and upon request. - Submitted final Acquisition Plan (AP) and Contract to OAGM
- All Contract and or AP revisions are submitted and finalized.
Checklist - Request Security Documentation List
- CMS System Access (Badging)
- Conduct Contractor Facility Site Visit
- Contract Award Activities
- Create Contingency Plan Guidance
- Data Use Agreement Approval
- Finalize Site Survey Agreement
- Identify COR
- Identify ISG SMEs
- Identify Security Documentation
- Identify Tools and Systems Used
- Identify Transition Team
- Initial Meeting with COR
- Prepare Contact Lists
- Prepare Data and Knowledge Transfer Documentation
- Prepare Overview of CMS and ISG ISSO
- Prepare Project Meeting Details
- Virtual Desktop Infrastructure Requirement
|
|---|
| Contract Closeout | This document is the Standard Operating Procedure (SOP) for closing out an ISG contract. |
|---|
|
| Tabs Page |
|---|
|
QualityNet Security is a central repository that houses HCQIS policies, guidelines, and templates intended for existing or potential CCSQ contractors using QualityNet IT Services and/or HCQIS network resources. The information is intended to guide contractors or potential bidders in meeting general CMS security requirements as well as providing associated processes to ensure compliance within the contract and while utilizing the CCSQ systems. Refer to the Security tab on the QualityNet Communications Hub for the following information regarding QualityNet security:
|
| Tabs Page |
|---|
|
This table provides templates for CMS COR use in support of their role and responsibilities in onboarding or offboarding contractors to QualityNet IT Services.
The Contract Checklists provides a list of items that must be completed prior to beginning onboarding, during onboarding, and when offboarding a contract. | Preboarding Checklist | You are ready to onboard a contract after completing the following: - Completed CBT Training (cms.gov/cbt): RBT & RoB Policy Updates: A Briefing for CORs
The COR training includes a review of RBT and RoB resource kits for use with CMS contractors. The training additionally covers the COR responsibilities for collecting training records demonstrating that all contractors with SSR complete specialized RBT commensurate with their roles within sixty (60) days of beginning work on a contract, annually thereafter and upon request. - Submitted final Acquisition Plan (AP) and Contract to OAGM
- All Contract and or AP revisions are submitted and finalized.
Checklist - Request Security Documentation List
- CMS System Access (Badging)
- Conduct Contractor Facility Site Visit
- Contract Award Activities
- Create Contingency Plan Guidance
- Data Use Agreement Approval
- Finalize Site Survey Agreement
- Identify COR
- Identify ISG SMEs
- Identify Security Documentation
- Identify Tools and Systems Used
- Identify Transition Team
- Initial Meeting with COR
- Prepare Contact Lists
- Prepare Data and Knowledge Transfer Documentation
- Prepare Overview of CMS and ISG ISSO
- Prepare Project Meeting Details
- Virtual Desktop Infrastructure Requirement
|
|---|
| Onboarding Checklist | The New Contractor Onboarding Checklist can be customized to meet your contract type. The checklist should include the description of the activity, responsible entity/entities, reference documentation, duration when applicable and notes for each activity. We have provided a sample onboarding checklist, accessible by clicking on the link to the left. It was created from the steps that the PM3 contractor completed during their onboarding and engagement period. The PM3 engagement period was planned as a 90 calendar day period; however, based on the PM3 contract award date and the end of the incumbent’s contract, it was less than 90 days. |
|---|
Contract Closeout | This document is the Standard Operating Procedure (SOP) for closing out an ISG contract. |
|---|
| | Tabs Page |
|---|
| QualityNet Security is a central repository that houses HCQIS policies, guidelines, and templates intended for existing or potential CCSQ contractors using QualityNet IT Services and/or HCQIS network resources. The information is intended to guide contractors or potential bidders in meeting general CMS security requirements as well as providing associated processes to ensure compliance within the contract and while utilizing the CCSQ systems. Refer to the Security tab on the QualityNet Communications Hub for the following information regarding QualityNet security: | Tabs Page |
|---|
| This table provides templates for CMS COR use in support of their role and responsibilities in onboarding or offboarding contractors to QualityNet IT Services. | Data, Infrastructure & Security - Information Systems Group (ISG) Questionnaire | The ISG Questionnaire aids in obtaining ISG approval and/or guidance for any IT data, infrastructure, and security requirements necessary to complete the contract tasks. The information obtained from the questionnaire will be used in planning the engagement timeline and deliverables. |
|---|
| ISG Contract Closeout SOP | This document is the Standard Operating Procedure (SOP) for closing out an ISG contract. |
|---|
| ISG New Contractor Onboarding Checklist | The New Contractor Onboarding Checklist can be customized. It was created from the steps that the PM3 contractor had to complete during their Onboarding and engagement period. The PM3 engagement period was planned as a 90 calendar day period; however, based on the PM3 contract award date and the end of the incumbent’s contract, it was less than 90 days. The checklist includes the description of the activity, responsible entity/entities, reference documentation, duration when applicable and notes for each activity. |
|---|
| ISG Roles and Responsibilities Matrix | The purpose of this document is identify the responsibilities for steps listed in Section 3 – Procedure Steps based on the required roles for completing the engagement and onboarding of New Contractors within ISG. |
|---|
| ISG Transition Activities Project Schedule Template | The ISG Engagement Activities Project Schedule Template is a tool that can be customized. It aids the Engagement Lead in creating their engagement project schedule because it includes engagement activities, durations, dependencies, and resource names to ensure that all engagement activities can be completed by the engagement end date. |
|---|
| Contract Example | This is an example of a live Contract Working Space. Please use as a reference when creating your own contract working space. |
|---|
| ISG Roles and Responsibilities Matrix | The purpose of this document is identify the responsibilities for steps listed in Section 3 – Procedure Steps based on the required roles for completing the engagement and onboarding of New Contractors within ISG. |
|---|
| ISG Transition Activities Project Schedule Template | The ISG Engagement Activities Project Schedule Template is a tool that can be customized. It aids the Engagement Lead in creating their engagement project schedule because it includes engagement activities, durations, dependencies, and resource names to ensure that all engagement activities can be completed by the engagement end date. |
|---|
|
| Tabs Page |
|---|
|
This table provides links to training opportunities available to CMS CORs and Contractors.
| RBT & RoB Policy Updates: A Briefing for CORs (cms.gov/cbt) | Access the training under the RBT menu on the Manage Training Information page. |
|---|
| National Initiative for Cybersecurity Education (NICE) Cybersecurity Workforce Framework | This publication serves as a fundamental reference resource to support a workforce capable of meeting an organization’s cybersecurity needs. It provides organizations with a common, consistent lexicon that categorizes and describes cyber security work.
|
|---|
| RBT & RoB Policy Updates: A Briefing for CORs (cms.gov/cbt) | A specialized training titled RBT & RoB Policy Updates: A Briefing for CORs. All CORs are expected to take this training annually. Access the training under the RBT menu on the Manage Training Information page. |
|---|
| Role-Based Training (RBT) | All contractors with SSR complete specialized RBT commensurate with their roles within sixty (60) days of beginning work on a contract, annually thereafter and upon request. |
|---|
| Role-Based Training (RBT) policy implementation | For additional guidance on RBT policy implementation, refer to the Risk Management Handbook Chapter 2 Awareness and Training, dated 02/27/2019. |
|---|
QualityNet User Guide (https://www.qualitynet.org) | The purpose of the Hospital Quality Reporting (HQR) 5.0 release is to support the existing Hospital Inpatient Quality Reporting (IQR), Inpatient Psychiatric Facility Quality Reporting (IPFQR), Hospital Outpatient Quality Reporting (OQR), Ambulatory Surgical Center Quality Reporting (ASCQR), and Prospective Payment System (PPS)-Exempt Cancer Hospital Quality Reporting (PCHQR) programs. This user guide provides the information necessary for IQR, OQR, and PCH hospitals and ASCs and IPFs to use the HQR 5.0 System Release |
|---|
| | Tabs Page |
|---|
| This table provides links to training opportunities available to CMS CORs and Contractors. Asset & Procurement Training (HCQIS ServiceNow Training Catalog) | Provides HCQIS users with information on how to submit procurement requests through the IT Services catalog in ServiceNow. |
|---|
Change Management Training (HCQIS ServiceNow Training Catalog) | Provides HCQIS users with information on how to locate and submit change requests in ServiceNow. |
|---|
Configuration Management Database (CMDB) Training (HCQIS ServiceNow Training Catalog) | Provides HCQIS users with information on the configuration management database and how locate various configuration items (CIs) in ServiceNow. |
|---|
| RBT & RoB Policy Updates: A Briefing for CORs (cms,gov/cbt ) | Access the training under the RBT menu on the Manage Training Information page. |
|---|
Dashboards (HCQIS ServiceNow Training Catalog) | Provides HCQIS users with information on how to create and modify dashboards in ServiceNow. |
|---|
Five9 (HCQIS ServiceNow Training Catalog) | Provides Service Desk agents with information on how to use the Five9 call center phone service and software in ServiceNow. |
|---|
How to Install and Register Symantec VIP Credentials (Confluence) | This guide provides the step-by-step procedures for installing Symantec VIP credentials, activating VIP software, and registering your Symantec VIP token to your HCQIS account. Incident Management (HCQIS ServiceNow Training Catalog) | Provides information on how to locate, create, submit and resolve incident records in ServiceNow. |
|---|
National Initiative for Cybersecurity Education (NICE) Cybersecurity Workforce Framework. | This publication serves as a fundamental reference resource to support a workforce capable of meeting an organization’s cybersecurity needs. It provides organizations with a common, consistent lexicon that categorizes and describes cyber security work. Project Portfolio Suite (PPS) (HCQIS ServiceNow Training Catalog) | Provides information on how to use the Project Portfolio Suite in ServiceNow. The Project Portfolio Suite training includes the following applications: Project Management, Demand Management and Resource Management. |
|---|
| RBT & RoB Policy Updates: A Briefing for CORs (cms.gov/cbt ) | A specialized training titled RBT & RoB Policy Updates: A Briefing for CORs. All CORs are expected to take this training annually. Access the training under the RBT menu on the Manage Training Information page. |
|---|
| Role-Based Training (RBT) | All contractors with SSR complete specialized RBT commensurate with their roles within sixty (60) days of beginning work on a contract, annually thereafter and upon request. |
|---|
| Role-Based Training (RBT) policy implementation | For additional guidance on RBT policy implementation, refer to the Risk Management Handbook Chapter 2 Awareness and Training, dated 02/27/2019. |
|---|
QualityNet User Guide (https://www.qualitynet.org) | The purpose of the Hospital Quality Reporting (HQR) 5.0 release is to support the existing Hospital Inpatient Quality Reporting (IQR), Inpatient Psychiatric Facility Quality Reporting (IPFQR), Hospital Outpatient Quality Reporting (OQR), Ambulatory Surgical Center Quality Reporting (ASCQR), and Prospective Payment System (PPS)-Exempt Cancer Hospital Quality Reporting (PCHQR) programs. This user guide provides the information necessary for IQR, OQR, and PCH hospitals and ASCs and IPFs to use the HQR 5.0 System Release. |
|---|
Queue Management Training (HCQIS ServiceNow Training Catalog) | Provides users with information on how to locate and manage their work queues in ServiceNow. |
|---|
Security Incident (HCQIS ServiceNow Training Catalog) | Provides Service Desk and Security Point of Contact users with information on how to locate and submit security incidents in ServiceNow. |
|---|
Service Catalog Training (HCQIS ServiceNow Training Catalog) | Provides users with information on how to locate and use the IT Services Catalog in ServiceNow to request an IT product or service. |
|---|
Service Portal Training (HCQIS ServiceNow Training Catalog) | Provides users with information on how to locate and use the Self-Service portal in ServiceNow to report an issue or to request an IT product or service. |
|---|
|
|
|
ISG Playbook
APIs