OneTrust - Manually adding a Risk to the Risk Register

Most risks are added to the risk register as the result of a completed assessment. However, they can also be added manually. Follow the steps below to manually add risks to the OneTrust Risk Register.

To create a new risk

  1. On the IT Risk Management menu, select Risk Register. The Risk Register screen appears.

  2. Click the Create New Risk button. The Add Risk screen appears.

  3. Select Create New Risk.

  4. Complete the fields. (See table below for field descriptions)

  5. Click the Add button.

    Note

    After you click the Add button the Risk Details screen appears. This is where you are able to edit, track, and manage the increase/decrease of the risk you have created. For more information see  OneTrust - Managing Risks from the Risk Details Screen .

Create New Risk Screen Reference

Create New Risk Screen Reference

Create New Risk Field Descriptions

Field

Description

Type

Select the type of risk and select the specific asset, entity, processing activity, or vendor.

Inherent Risk Level

Use to risk matrix to determine the inherent risk level.

Threat

Select the threat(s) the risk poses to your company.

Vulnerability

Enter the vulnerability of the company to the risk.

Category

Select the associated category the risk falls under.

Risk Owner

Select the name(s) of the individual(s) responsible for remedying the risk.

Risk Approver

Select the name of the person responsible for approving the risk.

Deadline

Select the date by when the risk must be resolved.

Reminder

Enter the number of days before a deadline that a reminder is sent.

Description

Enter a description of the risk.

Treatment Plan

Enter a plan to control, mitigate, and/or resolve the risk.