Assessment Risk Treatment

Owned by Logan Massey, created
Last updated: Feb 13, 2025 by Cassandra Rinker
2 min read

Risk owners are responsible for remediating risks when there is a noncompliant answer in a OneTrust risk assessment. Follow these steps to review assigned risks and their treatment plans.

  1. Risk owners will receive an Action Required - Risk Assigned email from OneTrust. Click the View Risk link in the email and log in.

    WVU OneTrust Notification email

  2. You will be directed to the risk within OneTrust. Read and develop a plan to implement the Treatment Plan to remediate this risk.

    Treatment Plan description box within OneTrust

  3. Once you have implemented the Treatment Plan, click Submit in the top-right corner.

  4. Enter the actions you took to address the Treatment Plan in the Comments text box. Be very detailed with your comments to identify all actions you took and the dates they were completed. Click Submit.

  5. Your submission will be forwarded to the HIPAA Privacy and Security Team to approve or deny.

    • If the actions you took to address the risk were approved, you will receive a Risk Treatment Approved email.

    • If the actions you took to remediate the risk were rejected, you will receive an email stating an approver has sent back a risk treatment. Any rejection will include specific actions that need completed before the HIPAA Privacy and Security Team will consider the risk as being remediated. Address the comments provided and resubmit with an updated description.

Related content

Cybersecurity Risk Assessments
Cybersecurity Risk Assessments
WVU ITS
More like this
COI Respond to a Clarification Request
COI Respond to a Clarification Request
WRAP
More like this
Create and Submit a Pre-Approval Request
Create and Submit a Pre-Approval Request
WRAP
More like this