Topics Map > Office of Cybersecurity > Cyber Risk Management & Compliance
Topics Map > Office of Cybersecurity > Tools and Software > OneTrust

OneTrust - Creating a New Risk From the Risk Register

You can create new risks from the risk register in the IT Risk Management module.

To create a new risk

  1. On the IT Risk Management menu, select Risk Register. The Risk Register screen appears.
  2. Click the Add Risk button. The Create New Risk screen appears.
  3. Select Create New Risk.
  4. Complete the fields.
  5. Click the Add button to create the risk record and navigate to the Risk Details screen.
  6. Click the Save and Add Controls button to add controls to the risk record.
  7. Select the controls you want to add to the risk record.
  8. Click the Add button. The Risk Details screen appears.
    1. This is where you are able to edit, track, and manage the increase/decrease of the risk you have created.

Risk Detail Field Descriptions

Field

Description

Type

Select the inventory type and choose the specific inventory.

Inherent Risk Level

Use the risk matrix to determine the inherent risk level.

Risk Name

Enter a name for the risk.

Threat

Select the threat(s) the risk poses to your company.

Vulnerability

Enter the vulnerability of the company to the risk.

Category

Select the associated category the risk falls under.

Risk Owners

Select the name(s) of the individual(s) responsible for remedying the risk.

Risk Approver

Select the name of the person responsible for approving the risk.

Deadline

Select the date by when the risk must be resolved.

Reminder

Enter the number of days before a deadline that a reminder is sent.

Description

Enter a description of the risk.

Treatment Plan

Enter a plan to control, mitigate, and/or resolve the risk.

Show More Details

Configure any custom attributes that have been created so that they can be populated. The required custom attributes will appear above the Show More Details section.

To create a new risk from the library

  1. On the IT Risk Management menu, select Risk Register. The Risk Register screen appears.
  2. Click the Add Risk button. The Create New Risk screen appears.
  3. Select Select a Risk From the Library.
  4. Select the inventory type in which you would like to link the risk and then select the specific inventory.
  5. Select a risk from the library. This will auto populate the risk details.
  6. Complete additional fields as needed.
  7. Click the Add button.

Risk Detail Field Descriptions

Field

Description

Organization

Select the organization responsible for the risk.

Inherent Risk Level

Use the risk matrix to determine the inherent risk level.

Target Risk Level

Use the risk matrix to determine the target risk level.

Risk Name

Enter a name for the risk.

Threat

Select the threat(s) the risk poses to your company.

Vulnerability

Enter the vulnerability of the company to the risk.

Category

Select the associated category the risk falls under.

Risk Owners

Select the name(s) of the individual(s) responsible for remedying the risk.

Risk Approver

Select the name of the person responsible for approving the risk.

Deadline

Select the date by when the risk must be resolved.

Reminder

Enter the number of days before a deadline that a reminder is sent.

Description

Enter a description of the risk.

Treatment Plan

Enter a plan to control, mitigate, and/or resolve the risk.

Show More Details

Configure any custom attributes that have been created so that they can be populated. The required custom attributes will appear above the Show More Details section.



Keywords:
OneTrust, RMC, Risk, Management, Risk Register, new, create 
Doc ID:
114870
Owned by:
Peter V. in Cybersecurity
Created:
2021-11-15
Updated:
2021-11-15
Sites:
Office of Cybersecurity