Topics Map > Office of Cybersecurity > Cyber Risk Management & Compliance
Topics Map > Office of Cybersecurity > Tools and Software > OneTrust
OneTrust - Manually adding a Risk to the Risk Register
To create a new risk
-
On the IT Risk Management menu, select Risk Register. The Risk Register screen appears.
-
Click the Create New Risk button. The Add Risk screen appears.
-
Select Create New Risk.
-
Complete the fields. (See table below for field descriptions)
-
Click the Add button.
Note
After you click the Add button the Risk Details screen appears. This is where you are able to edit, track, and manage the increase/decrease of the risk you have created. For more information see OneTrust - Managing Risks from the Risk Details Screen .
Create New Risk Screen Reference
Create New Risk Field Descriptions
Field |
Description |
---|---|
Type |
Select the type of risk and select the specific asset, entity, processing activity, or vendor. |
Inherent Risk Level |
Use to risk matrix to determine the inherent risk level. |
Threat |
Select the threat(s) the risk poses to your company. |
Vulnerability |
Enter the vulnerability of the company to the risk. |
Category |
Select the associated category the risk falls under. |
Risk Owner |
Select the name(s) of the individual(s) responsible for remedying the risk. |
Risk Approver |
Select the name of the person responsible for approving the risk. |
Deadline |
Select the date by when the risk must be resolved. |
Reminder |
Enter the number of days before a deadline that a reminder is sent. |
Description |
Enter a description of the risk. |
Treatment Plan |
Enter a plan to control, mitigate, and/or resolve the risk. |