Sanjeev Varma- CEO | Bhelcy Nadar- Solution Architect
Data Risk Management is a comprehensive approach to Define, Monitor, and Enforce the risks associated with data. Information Asset has a comprehensive framework for Data Risk Management (see Figure 1).
OneTrust offers a Governance, Risk, Compliance (GRC) platform to help organizations register risk, conduct assessments, define policies, and manage audits. The OneTrust Risk Management app enables organizations to register Data Management Processes, the associated Data Risks, and the Controls that are associated with each risk. Figure 2 shows a dashboard displaying the summary for the risk registered based on the risk category defined, the risk stage level, the risk owner, and the net critical risk.
As part of the GRC application, OneTrust offers the option to record processing activities that an organization plans to implement. This shows an inventory of the activities and an overview of what the organization is doing with the concerned data subject’s personal data. Risks are created for the processing activities along with inherent, residual, and target risk levels. The risk is further related to the controls that are to be applied. Figure 3, shows the risk information and the related controls.