OneTrust Security Process

Owned by Sanantanita Burnette
Last updated: Jul 20, 2021 by Kristin Slotnick (Deactivated)
2 min read

 

OneTrust Security process is for getting new and renewed plugins approved through our Security team. Plugins must be approved before they are allowed to be installed and used on any Relias website. Typically Okta access to OneTrust is given to people managers.

The Process

  • Start assessment

    • Gather general information

      • Name of Vendor

      • Quote - For items under $10k, provide a screenshot or PDF of quote. For items over $10k, must submit an SOW.

      • Vendor contact first and last name - If no name then enter ‘N/A’

      • Phone number - Normally can find this in the contact section but if not available then enter ‘N/A’

      • Email address - If email address isn’t provided, then enter the contact url

      • Address - If not available, enter ‘N/A’

      • Product Service - Detailed description of what the service is providing

      • Additional Vendors Considered - List any other vendors considered that other teams may be using and why those vendors were not chosen

      • What data (if any) will be shared? - List what data is being shared with the plugin. Most importantly, answer the question are we sharing PII (personal identifiable information) data

      • Which teams will be using it - list any other teams that will be using the plugin

      • Compliance Confirmation - Is the vendor based in the US or not.

        • Relias prefers to use vendors based in the US. If you choose a vendor not based in the US, please find one that offers a similar service that is within the US.

    • Enter Finance Budget

      • Expenditure

      • Department - list name of department/team managing tool

      • Budget Approval - send email to Kristin Slotnick. Kristin will submit it to the leadership approver and download as a PDF and attach to the Budget Approval section.

    • Submit Assessment Request Info to Kristin Slotnick.

Additional Notes

  • Relias prefers to use vendors based in the US. If you choose a vendor not based in the US, please find one that offers a similar service that is within the US.

  • Assessments takes 2 - 3 weeks for review

    • Security team, legal team, and the financial team must approve

  • If not approved, we reach out to Wes Vaux on the Security team.

    • Every Friday the Security Team has review meetings and we can attend and repeal items that aren’t approved.

  • For additional questions about process, please reach out to itsecurity@relias.com.

 

Table of Contents