Topics Map > Office of Cybersecurity > Cyber Risk Management & Compliance
Topics Map > Office of Cybersecurity > Tools and Software > OneTrust

OneTrust - Assessment Naming Convention

To better track work and leverage automation within OneTrust, a standard naming convention is used for assessments (includes intake form)

Cybersecurity Risk Assessment Requests (Intake Form):

When a Cybersecurity Risk Assessment Request is submitted, it defaults to this naming convention (Bold = variable): RequestorName_Cybersecurity Risk Assessment Request_Submitted Date

Example:

Naming Convention Example

Once assigned to a Risk Analyst, the name should be updated by the AD/TL/Risk Analyst to:

AssessmentTarget_RequestorName_Cybersecurity Risk Assessment Request_Submitted Date

Examples:

Requestor Name

Names examples

ATO, RTP, JSPR, CCR, HIPAA Assessments:

When launching a new assessment, use our standard naming convention:

AssessmentTarget_Department_PackageType_DateCreated

AssessmentTarget = the subject of the assessment, typically a Vendor or piece of software/hardware. If a Department is being assessed drop this variable.

Department = The Department participating in the assessment. They either are the subject of the assessment directly, or they are working with the software/hardware or vendor being assessed.

AssessmentType= Such as JSPR, RTP, HIPAA, CBRA, etc.

DateCreated = The date the assessment was launched, format mm/dd/yyyy



Keywords:
OneTrust, assessment, risk, assessment, naming, name, standard 
Doc ID:
120129
Owned by:
Peter V. in Cybersecurity
Created:
2022-08-01
Updated:
2022-09-30
Sites:
Office of Cybersecurity