Topics Map > Office of Cybersecurity > Cyber Risk Management & Compliance
Topics Map > Office of Cybersecurity > Tools and Software > OneTrust

OneTrust - Assessment Naming Convention

To better track work and leverage automation within OneTrust, a standard naming convention is used for assessments (includes intake form)

Cybersecurity Risk Assessment Requests (Intake Form):

When a Cybersecurity Risk Assessment Request is submitted, it defaults to this naming convention (Bold = variable): RequestorName_Cybersecurity Risk Assessment Request_Submitted Date


Naming Convention Example

Once assigned to a Risk Analyst, the name should be updated by the AD/TL/Risk Analyst to:

AssessmentTarget_RequestorName_Cybersecurity Risk Assessment Request_Submitted Date


Requestor Name

Names examples

ATO, RTP, JSPR, CCR, HIPAA Assessments:

When launching a new assessment, use our standard naming convention:


AssessmentTarget = the subject of the assessment, typically a Vendor or piece of software/hardware. If a Department is being assessed drop this variable.

Department = The Department participating in the assessment. They either are the subject of the assessment directly, or they are working with the software/hardware or vendor being assessed.

AssessmentType= Such as JSPR, RTP, HIPAA, CBRA, etc.

DateCreated = The date the assessment was launched, format mm/dd/yyyy

KeywordsOneTrust, assessment, risk, assessment, naming, name, standard   Doc ID120129
OwnerPeter V.GroupCybersecurity
Created2022-08-01 15:26:42Updated2022-09-30 15:06:46
SitesOffice of Cybersecurity
Feedback  0   1