OneTrust - Manually adding a Risk to the Risk Register
Most risks are added to the risk register as the result of a completed assessment. However, they can also be added manually. Follow the steps below to manually add risks to the OneTrust Risk Register.
To create a new risk
-
On the IT Risk Management menu, select Risk Register. The Risk Register screen appears.
-
Click the Create New Risk button. The Add Risk screen appears.
-
Select Create New Risk.
-
Complete the fields. (See table below for field descriptions)
-
Click the Add button.
Note
After you click the Add button the Risk Details screen appears. This is where you are able to edit, track, and manage the increase/decrease of the risk you have created. For more information see OneTrust - Managing Risks from the Risk Details Screen .
Create New Risk Screen Reference
Create New Risk Field Descriptions
Field |
Description |
|---|---|
|
Type |
Select the type of risk and select the specific asset, entity, processing activity, or vendor. |
|
Inherent Risk Level |
Use to risk matrix to determine the inherent risk level. |
|
Threat |
Select the threat(s) the risk poses to your company. |
|
Vulnerability |
Enter the vulnerability of the company to the risk. |
|
Category |
Select the associated category the risk falls under. |
|
Risk Owner |
Select the name(s) of the individual(s) responsible for remedying the risk. |
|
Risk Approver |
Select the name of the person responsible for approving the risk. |
|
Deadline |
Select the date by when the risk must be resolved. |
|
Reminder |
Enter the number of days before a deadline that a reminder is sent. |
|
Description |
Enter a description of the risk. |
|
Treatment Plan |
Enter a plan to control, mitigate, and/or resolve the risk. |