OneTrust Security Process
OneTrust Security process is for getting new and renewed plugins approved through our Security team. Plugins must be approved before they are allowed to be installed and used on any Relias website. Typically Okta access to OneTrust is given to people managers.
The Process
Start assessment
Gather general information
Name of Vendor
Quote - For items under $10k, provide a screenshot or PDF of quote. For items over $10k, must submit an SOW.
Vendor contact first and last name - If no name then enter ‘N/A’
Phone number - Normally can find this in the contact section but if not available then enter ‘N/A’
Email address - If email address isn’t provided, then enter the contact url
Address - If not available, enter ‘N/A’
Product Service - Detailed description of what the service is providing
Additional Vendors Considered - List any other vendors considered that other teams may be using and why those vendors were not chosen
What data (if any) will be shared? - List what data is being shared with the plugin. Most importantly, answer the question are we sharing PII (personal identifiable information) data
Which teams will be using it - list any other teams that will be using the plugin
Compliance Confirmation - Is the vendor based in the US or not.
Relias prefers to use vendors based in the US. If you choose a vendor not based in the US, please find one that offers a similar service that is within the US.
Enter Finance Budget
Expenditure
Department - list name of department/team managing tool
Budget Approval - send email to Kristin Slotnick. Kristin will submit it to the leadership approver and download as a PDF and attach to the Budget Approval section.
Submit Assessment Request Info to Kristin Slotnick.
Additional Notes
Relias prefers to use vendors based in the US. If you choose a vendor not based in the US, please find one that offers a similar service that is within the US.
Assessments takes 2 - 3 weeks for review
Security team, legal team, and the financial team must approve
If not approved, we reach out to Wes Vaux on the Security team.
Every Friday the Security Team has review meetings and we can attend and repeal items that aren’t approved.
For additional questions about process, please reach out to itsecurity@relias.com.
Table of Contents