Risk Details Instructional Page for OneTrust

OneTrust’s Risk Detail Page Overview

Working through the risk details gives system owners the ability to remediate risks based on Treatment Plans. The Inherent Risk is the risk level that is identified during the assessment process.

The Residual Risk is the risk level at which the risk will reside after treatment.

The most critical information on the Risk Detail page is the levels of risk identified, the description of the risk, and the treatment plan needed. 

The Description is just that – a description of the risk based on the security control that is needed to comply with best practices.

The Treatment box is the area to document the specific mitigation plan that will reduce the risk to an acceptable level.

The risk owner will work with the system owner and custodian to mitigate the risk to an acceptable level. The risk approver will be the one documenting the risk acceptance obtained by the Dean or Department Head.