OneTrust - Common Risk Terms and Definitions
|
Term |
Definition |
|---|---|
|
Inherent Risk Impact Level |
The impact that a risk would have on an organization if it occurred without controls to mitigate. |
|
Inherent Risk Probability Level |
The probability of the risk occurring if there were no controls in place. |
|
Inherent Risk Score |
The overall risk score without considering existing controls. |
|
Residual Risk Impact Level |
The impact a risk would have on an organization if it occurred with the current controls that are implemented. |
|
Residual Risk Probability Level |
The probability of the risk occurring with the current controls that are implemented. |
|
Residual Risk Score |
The overall risk score after considering existing controls. |
|
Target Risk Impact Level |
The desired impact that a risk would have on an organization if it occurred. |
|
Target Risk Probability Level |
The desired probability of the risk occurring. |
|
Target Risk Score |
The desired risk score. |
|
Category |
The associated category that the risk is assigned to. Example categories include:
|
|
Date Created |
The date in which the risk record was created. |
|
Deadline |
The deadline in which the risk must be resolved. |
|
Result |
The action taken on the risk. Actions include:
|
|
Treatment |
The process by which the risk owner actively mitigates the risk. |
|
Treatment Plan |
A plan that includes completing specific tasks, assigning a risk owner, and adding controls to mitigate the risk. |
|
Date Closed |
The date in which the risk treatment status was approved, and the risk record closed. |
|
Threat |
An incident that has the potential to cause harm or expose vulnerabilities. |
|
Vulnerability |
A known weakness that would allow attacks if not contained. |