OneTrust - Assessment Naming Convention

To better track work and leverage automation within OneTrust, a standard naming convention is used for assessments (includes intake form)

Cybersecurity Risk Assessment Requests (Intake Form):

When a Cybersecurity Risk Assessment Request is submitted, it defaults to this naming convention (Bold = variable): RequestorName_Cybersecurity Risk Assessment Request_Submitted Date

Example:

Naming Convention Example

Once assigned to a Risk Analyst, the name should be updated by the AD/TL/Risk Analyst to:

AssessmentTarget_RequestorName_Cybersecurity Risk Assessment Request_Submitted Date

Examples:

Requestor Name

Names examples

ATO, RTP, JSPR, CCR, HIPAA Assessments:

When launching a new assessment, use our standard naming convention:

AssessmentTarget_Department_PackageType_DateCreated

AssessmentTarget = the subject of the assessment, typically a Vendor or piece of software/hardware. If a Department is being assessed drop this variable.

Department = The Department participating in the assessment. They either are the subject of the assessment directly, or they are working with the software/hardware or vendor being assessed.

AssessmentType= Such as JSPR, RTP, HIPAA, CBRA, etc.

DateCreated = The date the assessment was launched, format mm/dd/yyyy




Keywords:OneTrust, assessment, risk, assessment, naming, name, standard   Doc ID:120129
Owner:Peter V.Group:Office of Cybersecurity
Created:2022-08-01 14:26 CSTUpdated:2022-09-30 14:06 CST
Sites:Office of Cybersecurity
Feedback:  0   0