OneTrust - Managing Risks from the Risk Details Screen

Users will see the risk workflow when viewing, flagging, and working on risks from assessments, inventory records, vendor records, or the Risk Register. Users are assigned as the owner of a risk in order to proactively collaborate to manage and mitigate risks as they're discovered.

You have the ability to fully manage identifiable risks from start to finish in the Risk Details screen.

To manage the risk level

  1. On the IT Risk Management menu, select Risk Register. The Risk Register screen appears.
  2. Select the ID Number of the risk you wish to edit. The Risk Details screen appears.
  3. Select the Details tab.
  4. Hover over the Residual Risk Level/Score and the Edit Icon appears to the right.
  5. Click the Edit Icon.
  6. Click the Risk Matrix box located under Residual Risk Level/Score.
  7.  Risk Scoring Table
  8. Select the current level of the risk.
  9. Click the Save button.

    Note

    This process can be repeated as you track and manage the level of the risk as it fluctuates. You can track your progress on the Risk History Timeline.

    Risk History Timeline
 

To edit a risk

  1. On the IT Risk Management menu, select Risk Register. The Risk Register screen appears.
  2. Select the ID Number of the risk you wish to edit. The Risk Details screen appears.
  3. Hover over the field you would like to edit, and the Edit Icon appears to the right.
  4. Click the Edit Icon.
  5. Edit the fields as necessary.
  6. Click the Save button.
 

To add a task

  1. Go to the Risk Details screen.
  2. Select the Tasks tab.
  3. Click the Add Task button. The Add Task modal will appear.
  4. Complete the fields.
  5. Click the Save button.

To leave a comment

  1. Go to the Risk Details screen.
  2. Select the Comments tab.
  3. Click the Add Comment button. The Add Comment field will appear.
  4.  Risk Comment
  5. Enter your comment in the field.
  6. Click the Add button.

To attach files

  1. Go to the Risk Details screen.
  2. Select the Attachment tab.
  3. Click the Upload button. The Attachments modal will appear.
  4. File Attachment
  5. Click the Select File button. Select which file you want to upload.
  6. Enter a description of the attachment.
  7. Click the Save button.

To view activity history

  1. Go to the Risk Details screen.
  2. Select the Activity tab. The Activity History will be displayed.
  3. Click the View More button to view more activity history.


Use these links for common tasks within OneTrust:

  • Cybersecurity Risk Assessment Request 
    • Request form to be used when purchasing software, requesting a department assessment, needing a HIPAA Joint Security & Privacy Review, or making any other request of the Cyber Risk Management & Compliance Team.
  • Secure Storage Review
    • Request form to be used to request a Cybersecurity review of a SecureBox or RestrictedDrive request.
  • International Telecommuting Review 
    • Questionnaire for submitting a International Telecommuting Request to the Risk & Compliance team to determine the risk level associated with the request.
  • Endpoint Security Checklist 
    • Checklist to provide details about endpoints connecting to "SecureStorage" such as SecureBox, RestrictedDrive, etc.

If you have questions about OneTrust, please contact the Cyber Risk Management & Compliance team within the Office of Cybersecurity at grc-cybersecurity@cio.wisc.edu