Topics Map > Office of Cybersecurity > Cyber Risk Management & Compliance
Topics Map > Office of Cybersecurity > Tools and Software > OneTrust

OneTrust - Assessment Naming Convention

To better track work and leverage automation within OneTrust, a standard naming convention is used for assessments (includes intake form)

Cybersecurity Risk Assessment Requests (Intake Form):

When a Cybersecurity Risk Assessment Request is submitted, it defaults to this naming convention (Bold = variable): RequestorName_Cybersecurity Risk Assessment Request_Submitted Date

Example:

Naming Convention Example

Once assigned to a Risk Analyst, the name should be updated by the AD/TL/Risk Analyst to:

AssessmentTarget_RequestorName_Cybersecurity Risk Assessment Request_Submitted Date

Examples:

Requestor Name

Names examples

ATO, RTP, JSPR, CCR, HIPAA Assessments:

When launching a new assessment, use our standard naming convention:

AssessmentTarget_Department_PackageType_DateCreated

AssessmentTarget = the subject of the assessment, typically a Vendor or piece of software/hardware. If a Department is being assessed drop this variable.

Department = The Department participating in the assessment. They either are the subject of the assessment directly, or they are working with the software/hardware or vendor being assessed.

AssessmentType= Such as JSPR, RTP, HIPAA, CBRA, etc.

DateCreated = The date the assessment was launched, format mm/dd/yyyy

Keywords:

OneTrust, assessment, risk, assessment, naming, name, standard

Doc ID:

120129

Owned by:

Peter V. in Cybersecurity

Created:

2022-08-01

Updated:

2022-09-30

Sites:

Office of Cybersecurity

0 1 Comment Suggest new doc