ITRM/GRC Tool (OneTrust)

OneTrust is the Information Technology Risk Management (ITRM) and Governance, Risk and Compliance (GRC) tool used in the UCI Information Security Program that serves as our IT Security Risk Management Platform.

OneTrust is currently used for collecting protected data & systems inventory (PDSI) information, third-party vendor supplier reviews, performing risk assessments, tracking gap remediation, documenting risk acceptance and risk reporting. See those pages for more specific usage instructions.

• • To request OneTrust access, please submit a KSAMS role request.
  • To access OneTrust, go to https://app.onetrust.com/ and enter your UCInetID@uci.edu as email address which will send you to UCI single sign-on to login and access the application.
  • For questions email securityrisk@uci.edu

Security assessments and security gaps downloaded from OneTrust are classified at Protection Level 3. If you need to export security data from OneTrust, please ensure it is properly protected as required by the UCI Information Security Standard.

Additional Resources

• • OneTrust IT and Security Risk Management User Guide
  • OneTrust Vendor Risk Management Step-by-Step Guide
  • OneTrust Learning Portal