Data Risk Management with OneTrust

Sanjeev Varma, Bhelcy Nadar

August 30, 2022

Data Risk Management is a comprehensive approach to Define, Monitor, and Enforce the risks associated with data. Information Asset has a comprehensive framework for Data Risk Management (see Figure 1).

Figure 1: Information Asset’s Data Risk Management Framework.

OneTrust offers a Governance, Risk, Compliance (GRC) platform to help organizations register risk, conduct assessments, define policies, and manage audits. The OneTrust Risk Management app enables organizations to register Data Management Processes, the associated Data Risks, and the Controls that are associated with each risk. Figure 2 shows a dashboard displaying the summary for the risk registered based on the risk category defined, the risk stage level, the risk owner, and the net critical risk.

Figure 2: Data Risk Dashboard in OneTrust.

As part of the GRC application, OneTrust offers the option to record processing activities that an organization plans to implement. This shows an inventory of the activities and an overview of what the organization is doing with the concerned data subject’s personal data. Risks are created for the processing activities along with inherent, residual, and target risk levels. The risk is further related to the controls that are to be applied. Figure 3, shows the risk information and the related controls.

Figure 3: Risk details and related controls.
Share on facebook
Share on twitter
Share on linkedin

Let us know how we can help you.

Looking for a new career?

We use cookies to ensure we give you the best experience on our website. If you continue to use this site, we will assume you consent to our privacy policy.