OneTrust - How OneTrust determines the risk level of an Assessment

OneTrust automatically calculates the overall risk of each assessment based upon Risk Count.

Risk Count

Risk Count uses a custom formula based on the count of risks at each level to determine the overall risk level for the object.

The following formula is used to specify the number of risks per level that must be found to set an overall risk level:

Risk Count Table

Using this methodology, if the number of "Medium" risks identified during the assessment is greater than 75 the overall risk level will be scored as "Very High". This accounts for volume of risks and raises the Risk Level accordingly. Similarly, if the number of "Very High" risks is under 5 the overall level at most will be "High". Small numbers of "Very High" identified risks don't automatically mean the risk assessment level will be "Very High". The number of "High" risks will be considered next and so on. 

Keywords:OneTrust, risk, assessment, rmc   Doc ID:109830
Owner:Peter V.Group:Office of Cybersecurity
Created:2021-03-23 11:11 CDTUpdated:2021-03-23 11:30 CDT
Sites:Office of Cybersecurity
Feedback:  0   0