OneTrust - Common Risk Terms and Definitions
Term | Definition |
|---|---|
Inherent Risk Impact Level | The impact that a risk would have on an organization if it occurred without controls to mitigate. |
Inherent Risk Probability Level | The probability of the risk occurring if there were no controls in place. |
Inherent Risk Score | The overall risk score without considering existing controls. |
Residual Risk Impact Level | The impact a risk would have on an organization if it occurred with the current controls that are implemented. |
Residual Risk Probability Level | The probability of the risk occurring with the current controls that are implemented. |
Residual Risk Score | The overall risk score after considering existing controls. |
Target Risk Impact Level | The desired impact that a risk would have on an organization if it occurred. |
Target Risk Probability Level | The desired probability of the risk occurring. |
Target Risk Score | The desired risk score. |
Category | The associated category that the risk is assigned to. Example categories include:
|
Date Created | The date in which the risk record was created. |
Deadline | The deadline in which the risk must be resolved. |
Result | The action taken on the risk. Actions include:
|
Treatment | The process by which the risk owner actively mitigates the risk. |
Treatment Plan | A plan that includes completing specific tasks, assigning a risk owner, and adding controls to mitigate the risk. |
Date Closed | The date in which the risk treatment status was approved, and the risk record closed. |
Threat | An incident that has the potential to cause harm or expose vulnerabilities. |
Vulnerability | A known weakness that would allow attacks if not contained. |