Topics Map > Office of Cybersecurity > Cyber Risk Management & Compliance
Topics Map > Office of Cybersecurity > Tools and Software > OneTrust

OneTrust - Manually adding a Risk to the Risk Register

Most risks are added to the risk register as the result of a completed assessment. However, they can also be added manually. Follow the steps below to manually add risks to the OneTrust Risk Register.

To create a new risk

  1. On the IT Risk Management menu, select Risk Register. The Risk Register screen appears.

  2. Click the Create New Risk button. The Add Risk screen appears.

  3. Select Create New Risk.

  4. Complete the fields. (See table below for field descriptions)

  5. Click the Add button.


    After you click the Add button the Risk Details screen appears. This is where you are able to edit, track, and manage the increase/decrease of the risk you have created. For more information see  OneTrust - Managing Risks from the Risk Details Screen .

Create New Risk Screen Reference

Create New Risk Screen Reference

Create New Risk Field Descriptions




Select the type of risk and select the specific asset, entity, processing activity, or vendor.

Inherent Risk Level

Use to risk matrix to determine the inherent risk level.


Select the threat(s) the risk poses to your company.


Enter the vulnerability of the company to the risk.


Select the associated category the risk falls under.

Risk Owner

Select the name(s) of the individual(s) responsible for remedying the risk.

Risk Approver

Select the name of the person responsible for approving the risk.


Select the date by when the risk must be resolved.


Enter the number of days before a deadline that a reminder is sent.


Enter a description of the risk.

Treatment Plan

Enter a plan to control, mitigate, and/or resolve the risk.

KeywordsOneTrust, risk, risk register, RMC, manual, add, create   Doc ID115070
OwnerPeter V.GroupCybersecurity
Created2021-12-01 17:55:04Updated2021-12-01 18:06:43
SitesOffice of Cybersecurity
Feedback  0   0