OneTrust - Assessment Naming Convention
To better track work and leverage automation within OneTrust, a standard naming convention is used for assessments (includes intake form)
Cybersecurity Risk Assessment Requests (Intake Form):
When a Cybersecurity Risk Assessment Request is submitted, it defaults to this naming convention (Bold = variable): RequestorName_Cybersecurity Risk Assessment Request_Submitted Date
Once assigned to a Risk Analyst, the name should be updated by the AD/TL/Risk Analyst to:
AssessmentTarget_RequestorName_Cybersecurity Risk Assessment Request_Submitted Date
ATO, RTP, JSPR, CCR, HIPAA Assessments:
When launching a new assessment, use our standard naming convention:
AssessmentTarget = the subject of the assessment, typically a Vendor or piece of software/hardware. If a Department is being assessed drop this variable.
Department = The Department participating in the assessment. They either are the subject of the assessment directly, or they are working with the software/hardware or vendor being assessed.
AssessmentType= Such as JSPR, RTP, HIPAA, CBRA, etc.
DateCreated = The date the assessment was launched, format mm/dd/yyyy