The OneTrust GRC & Security Assurance Cloud helps companies and supply chains stay resilient in the face of continuous cyber threats, global crises, and natural disasters – so organizations can operate with confidence.
The following APIs are available for areas within the GRC & Security Assurance Cloud.
Audit Management
| Overview | Details |
|---|---|
| Description | The OneTrust Audit Management module allows your organization to transform the auditing process to a dynamic measure of logged activity. OneTrust Audit Management is also used as an internal audit tool to help your organization's auditors in collecting information, managing the audit process, and producing audit reports. For more information on Audit Management, see the Audit Management Knowledge Base. |
| Use Cases | - Create an audit - Update an audit scope and details - Delete an audit - Retrieve the list of workpapers |
| Available APIs | Audit Management APIs |
Controls
| Overview | Details |
|---|---|
| Description | Controls aim to help automate your organization’s control management process by creating and managing master controls for your organization and by creating and managing implementations of controls across your inventories. The Controls Library includes controls from both recognized and custom frameworks which your organization can use to evaluate and describe security and privacy requirements. With this, you can create controls tied directly to any entity within your OneTrust setup. For more information on Controls, see the IT & Security Risk Management Knowledge Base. |
| Use Cases | - Manage master control details - Add master controls to the Controls Library - Manage control details - Manage vulnerability details - Add new vulnerabilities to the Vulnerabilities Library - Manage threat details - Add new threats to the Threats Library - Create and manage control implementations |
| Available APIs | Controls APIs |
Risk Automation
| Overview | Details |
|---|---|
| Description | Risk automation helps automate your organization’s risk management process by creating and managing risks across different inventories and assessments. You can track the risk treatment process by adding the required controls and tasks. For more information on Risk Automation, see the IT & Security Risk Management Knowledge Base. |
| Use Cases | - Create risks - Update existing risks - Retrieve risk lists - Retrieve risk entity types list - Retrieve risk source types list - Delete risks - Change risk stages - Add threats, vulnerabilities and controls to risks |
| Available APIs | Risk Automation APIs |
Risk Template
| Overview | Details |
|---|---|
| Description | The Risk Template API group contains the API to retrieve the template details for a given risk. |
| Use Cases | - Retrieve template details |
| Available APIs | Risk Template APIs |
Third-Party Risk Management
| Overview | Details |
|---|---|
| Description | The Third-Party Risk Management module offers users the ability to track vendors that are used in an organization and the different product/services that are being used across the vendors. The tool helps to keep track of risks that are identified with usage of vendors and completing due diligence in risk mitigation via assessments, risk treatment tasks, application of controls, and tracking documents/contracts. Third-Party Risk Management offers support with annual re-assessments and risk tracking as the levels and criticality changes from a year-to-year basis. For more information on Third-Party Risk Management, see the Third-Party Risk Management Knowledge Base. |
| Use Cases | - Retrieve the organization's vendor list - Create new vendors - Update and delete existing vendors - Manage vendor engagements - Create, edit, and delete contracts to track the relationship with vendors |
| Available APIs | Third-Party Risk Management APIs |