Data Risk Management

According to Wikipedia, Risk Management is the identification, evaluation, and prioritization of risks followed by coordinated and economical application of resources to minimize, monitor, and control the probability or impact of unfortunate events or to maximize the realization of opportunities.

Data Risk Management is the management of Data Risk. Data Risk is a component of Operational Risk. Data Risk Management is a comprehensive approach to Define, Monitor, and Enforce the risks associated with data. Premier International has built a comprehensive framework for managing Data Risks (see Figure 1).

Figure 1: Premier International's Data Risk Management Framework.

OneTrust offers a Governance, Risk, Compliance (GRC) platform to help organizations register risk, conduct assessments, define policies, and manage audits. The OneTrust Risk Management app enables organizations to register Data Management Processes, the associated Data Risks, and the Controls that are associated with each risk. Figure 2 shows a dashboard displaying the summary for the risk registered based on the risk category defined, the risk stage level, the risk owner, and the net critical risk.

Figure 2: Data Risk Dashboard in OneTrust.

As part of the GRC application, OneTrust offers the option to record processing activities that an organization plans to implement. This shows an inventory of the activities and an overview of what the organization is doing with the concerned data subject’s personal data. Risks are created for the processing activities along with inherent, residual, and target risk levels. The risk is further related to the controls that are to be applied. Figure 3, shows the risk information and the related controls.

Figure 3: Risk details and related controls.