Connector Improvement: OneTrust Connector support for Third Party Risk Management module
Answered
OneTrust has a Third Party Risk Management module that is used for evaluating the risks of onboarding new suppliers and applications. The Third Party Risk Management module collects questionnaire and assessment data. The existing OneTrust connector has the assessments table in the schema but it is not able to access it using the privileges it expects have for either Cookie Consent or the Universal Consent Management features. Our organization does not use those modules so the connector is running into access denied errors.
-
Official comment
Hi Brent,
Thank you for taking the time to share your request regarding the OneTrust Third Party Risk Management module. We understand the importance of accessing questionnaire and assessment data for evaluating supplier and application risks, and we appreciate the detailed context you provided.
We are currently investigating the access issues related to the assessments table and the permissions required for the Third Party Risk Management module. Our team is actively looking into this and will share an update with you over email as soon as we have more information.
Best regards,
Syead Mujtaba Imam Rizwi -
After researching more about the OneTrust API's and testing them in Postman I see that the Assessments API is officially listed under the Privacy & Data Governance Cloud module. The scope required to retrieve assessment data is ASSESSMENT_READ
https://developer.onetrust.com/onetrust/reference/oauth-20-scopes#privacy--data-governance-cloud
Fetching all data for assessments would be a two step operation:
1) Get list of assessments: api/assessment/v2/assessments
2) Get the details of each assessment: api/assessment/v2/assessments/<assessment id>/export
Please sign in to leave a comment.
Comments
2 comments