Topics Map > Office of Cybersecurity > Cyber Risk Management & Compliance
Topics Map > Office of Cybersecurity > Tools and Software > OneTrust
OneTrust - Creating a New Risk From the Risk Register
To create a new risk
- On the IT Risk Management menu, select Risk Register. The Risk Register screen appears.
- Click the Add Risk button. The Create New Risk screen appears.
- Select Create New Risk.
- Complete the fields.
- Click the Add button to create the risk record and navigate to the Risk Details screen.
- Click the Save and Add Controls button to add controls to the risk record.
- Select the controls you want to add to the risk record.
- Click the Add button. The Risk Details screen appears.
- This is where you are able to edit, track, and manage the increase/decrease of the risk you have created.
Field |
Description |
---|---|
Type |
Select the inventory type and choose the specific inventory. |
Inherent Risk Level |
Use the risk matrix to determine the inherent risk level. |
Risk Name |
Enter a name for the risk. |
Threat |
Select the threat(s) the risk poses to your company. |
Vulnerability |
Enter the vulnerability of the company to the risk. |
Category |
Select the associated category the risk falls under. |
Risk Owners |
Select the name(s) of the individual(s) responsible for remedying the risk. |
Risk Approver |
Select the name of the person responsible for approving the risk. |
Deadline |
Select the date by when the risk must be resolved. |
Reminder |
Enter the number of days before a deadline that a reminder is sent. |
Description |
Enter a description of the risk. |
Treatment Plan |
Enter a plan to control, mitigate, and/or resolve the risk. |
Show More Details |
Configure any custom attributes that have been created so that they can be populated. The required custom attributes will appear above the Show More Details section. |
- On the IT Risk Management menu, select Risk Register. The Risk Register screen appears.
- Click the Add Risk button. The Create New Risk screen appears.
- Select Select a Risk From the Library.
- Select the inventory type in which you would like to link the risk and then select the specific inventory.
- Select a risk from the library. This will auto populate the risk details.
- Complete additional fields as needed.
- Click the Add button.
Field |
Description |
---|---|
Organization |
Select the organization responsible for the risk. |
Inherent Risk Level |
Use the risk matrix to determine the inherent risk level. |
Target Risk Level |
Use the risk matrix to determine the target risk level. |
Risk Name |
Enter a name for the risk. |
Threat |
Select the threat(s) the risk poses to your company. |
Vulnerability |
Enter the vulnerability of the company to the risk. |
Category |
Select the associated category the risk falls under. |
Risk Owners |
Select the name(s) of the individual(s) responsible for remedying the risk. |
Risk Approver |
Select the name of the person responsible for approving the risk. |
Deadline |
Select the date by when the risk must be resolved. |
Reminder |
Enter the number of days before a deadline that a reminder is sent. |
Description |
Enter a description of the risk. |
Treatment Plan |
Enter a plan to control, mitigate, and/or resolve the risk. |
Show More Details |
Configure any custom attributes that have been created so that they can be populated. The required custom attributes will appear above the Show More Details section. |