Users with the "Division Cybersecurity Coordinator" role in OneTrust can view Assessment Templates. Assessment Templates are sets of questions used by the Risk Management and Compliance team within the Office of Cybersecurity to conduct Risk Assessments.
To view Assessment Templates, users must first have the "Division Cybersecurity Coordinator" role within OneTrust. Learn more about requesting advanced access here: OneTrust - Requesting Advanced Access
How to navigate to Assessment Templates:
- Log in to OneTrust
- OneTrust - How to access OneTrust
- Click the Menu waffle icon, and select the IT Risk Management Module.
- Templates should appear as a menu option on the left hand side of the screen, under Setup. Click Setup > Templates.
- You'll see a new screen with two options: ITRM Templates and Control Templates
- Select ITRM Templates (we do not use Control Templates today but may in the future)
- You'll now see a grid of all the active Assessment Templates being used in OneTrust.
- If you'd like a PDF version of the template, click the 3 dot menu on the template square and select "Export Published Template."
- To view the questions contained within a template, hover over "Published" in the template square. Select "View V##." (V## references the version number of the template, such as V1 for version 1 or V21 for version 21.)
- Some templates may have a Draft version, as indicated by the presence of a "Draft" button. The RMC team stages updates to assessment templates which are published durring OneTrust maintenance windows. Feel free to view Draft versions, but until they are published, they are not reflective of the contents of an active assessment.
- While the button does change to "Edit Draft" when you hover over it, you won't actually be able to save any changes.
Use these links for common tasks within OneTrust:
- Cybersecurity Risk Assessment Request
- Request form to be used when purchasing software, requesting a department assessment, needing a HIPAA Joint Security & Privacy Review, or making any other request of the Risk & Compliance Team.
- Secure Storage Review
- Request form to be used to request a Cybersecurity review of a SecureBox or RestrictedDrive request.
- Remote Work Review
- Questionnaire for submitting a International Telecommuting Request to the Risk & Compliance team to determine the risk level associated with the request.
- Endpoint Security Checklist
- Checklist to provide details about endpoints connecting to "SecureStorage" such as SecureBox, RestrictedDrive, etc.