at Financial Technnology Year
Please contact them if you have any questions.
OneTrust GRC Operational Risk Management from OneTrust
Cloud-based operational risk management solution with risk assessment, control mapping, incident management, and reporting functions. Includes specific configurations for pension fund governance, third-party risk, and retirement plan administration compliance.
Product analysis by function
Operational Risk Management Software for Risk Management
Systems that identify, monitor, and mitigate risks related to internal processes, people, and systems, including incident tracking, control testing, and key risk indicator monitoring specific to pension operations.
More Operational Risk Management Software
More Risk Management ...
Risk Identification & Assessment
(9 Yes /9 Known /10 Possible features)
|
Automated Risk Identification System automatically detects new and emerging risks within pension operations. |
Product supports automated risk identification via AI & automation as per product site and GRC literature. | |
|
Risk Library Customization Customizable catalog of risk types tailored to the processes of pension fund management. |
The platform allows risk library customization for pension-relevant risks. | |
|
Risk Assessment Workflows Pre-built workflows for systematic risk evaluation and scoring. |
Provides pre-built and configurable risk assessment workflows for systematic evaluation. | |
|
Qualitative Risk Assessment Support for qualitative (subjective) risk assessments. |
Supports qualitative assessments as included in standard risk evaluation workflows. | |
|
Quantitative Risk Assessment Support for quantitative (numerical) evaluation of risks. |
Offers quantitative risk assessment with scoring and metrics, as described in product literature. | |
|
Inherent vs. Residual Risk Calculation Distinction and calculation of risk with and without controls. |
Inherent and residual risk calculations supported per solution overview. | |
|
Heatmap Visualization Graphical heatmaps for risk assessment results. |
Heatmap and graphical risk visualization are core platform features. | |
|
Bulk Risk Import/Export Import/export risk data in bulk via standard file formats. |
Bulk import/export options are indicated in data management sections. | |
|
Risk Scoring Customization Ability to define custom risk scoring and weighting rules. |
Custom risk scoring and weighting supported via configuration options. | |
|
Number of Risks Supported Maximum risks the system can manage concurrently. |
No information available |
Incident & Event Management
(9 Yes /9 Known /10 Possible features)
|
Incident Capture Tools for front-line staff to submit operational incidents easily. |
Incident reporting by users is listed as a feature for front-line staff. | |
|
Incident Categorization Customizable fields to classify incident types, sources, and impacts. |
Product includes customizable fields for incidents, per platform screenshots. | |
|
Automated Incident Notification Automatic notifications to relevant personnel upon incident recording. |
Automated notifications for incidents are supported (alerts/assignments). | |
|
Root Cause Analysis Support Template-driven process for investigating and assigning incident causes. |
Root cause analysis and assignment built-in to incident management workflow. | |
|
Corrective Action Tracking Assign, monitor, and follow up on remediation actions. |
Corrective and remediation action tracking available for incidents. | |
|
Near-Miss Logging Ability to log and analyze near-miss events. |
Near-miss (event logging) is available in incident module. | |
|
Loss Data Repository Centralized database for historical operational loss data. |
Operational loss data repository/incident database functionality is described. | |
|
Incident Resolution Time Average time taken to resolve an incident. |
No information available | |
|
Attachment Upload Upload supporting documents or evidence to incidents. |
Attachments/document upload available in all incident and risk records. | |
|
Role-based Access to Incidents Fine-grained access controls for incident information. |
Role-based access provided for sensitive incident data (RBAC is a standard feature). |
Control Management & Testing
(9 Yes /9 Known /10 Possible features)
|
Control Inventory Management Central register of all operational controls tied to processes and risks. |
Control inventory/centralized control register is documented in product features. | |
|
Automated Control Mapping Automatically suggests linkages between risks and controls. |
Suggests or assists with automated risk-control mappings. | |
|
Control Testing Campaigns Schedule and manage periodic and ad hoc control effectiveness tests. |
Control testing scheduling & management part of standard offering. | |
|
Control Design & Operating Effectiveness Separate documentation and evaluation of design and operating effectiveness. |
Distinction of design/effectiveness for controls supported in platform. | |
|
Sampling Methods for Testing Enables random or systematic sample selection for control testing. |
Sampling methods (random/systematic) selectable during control test creation. | |
|
Test Evidence Attachment Upload evidence files for each control test conducted. |
Attachment of test evidence is available per product documentation. | |
|
Automated Test Reminders Alerts and reminders for upcoming or overdue control tests. |
Automated test reminders and overdue notifications are available. | |
|
Control Weakness Management Logging and remediation workflows for failed control tests. |
Workflow to manage and remediate failed/weak controls included. | |
|
Segregation of Duties Detection Identifies potential conflicts in user duties within controls. |
Segregation of duties conflict detection is available as per GRC suite description. | |
|
Number of Controls Supported Maximum controls the system can handle. |
No information available |
Key Risk Indicator (KRI) Monitoring
(8 Yes /8 Known /10 Possible features)
|
KRI Library Maintains a centralized list of KRIs linked to risks or processes. |
KRI (key risk indicator) library maintained and customizable. | |
|
Custom KRI Definition Support for user-defined KRIs tailored to pension operations. |
Custom KRI definitions are supported by user configuration. | |
|
Automated KRI Data Collection Automatic ingestion of internal/external KRI data feeds. |
Product advertises auto ingestion/collection of KRI data from various sources. | |
|
Thresholds and Escalation Rules Configurable threshold levels and escalation triggers when exceeded. |
Thresholds and escalation triggers are configurable for KRIs. | |
|
Historical KRI Trend Analysis Visualization and analysis of trends in KRI values over time. |
Historical trend and KRI analysis available on dashboards. | |
|
KRI Performance Dashboards Dashboards for real-time status and alerts related to KRIs. |
KRI dashboards are part of product's analytics suite. | |
|
Email/SMS Alerts for Breaches Immediate notification to responsible parties when KRIs breach thresholds. |
Alerts for KRI breaches via email and SMS available. | |
|
Integration with External Systems Ability to collect KRI data from third-party tools (e.g., HR, ITSM systems). |
Integration with external sources, such as HR and ITSM, supported via connectors/APIs. | |
|
Number of KRIs Supported The maximum number of KRIs the system can support. |
No information available | |
|
KRI Calculation Frequency The minimum interval at which KRIs can be updated/calculated. |
No information available |
Reporting & Analytics
(9 Yes /9 Known /10 Possible features)
|
Pre-built Risk Reports Templates for standard and regulatory reporting of operational risk. |
Provides templates for standard and regulatory risk reports. | |
|
Ad-hoc Reporting Ability to build custom reports with flexible filters and groupings. |
Custom/ad-hoc report builder is available in reporting module. | |
|
Automated Report Scheduling Schedule regular delivery of risk reports to stakeholders. |
Automated/scheduled risk reports are documented as a feature. | |
|
Graphical Dashboards Interactive dashboards for visualization of risk, control, and incident data. |
Graphical interactive dashboards supported, per product screenshots. | |
|
Export to PDF/Excel/CSV Exports reports in standard business formats. |
Export to standard formats (PDF, Excel, CSV) supported according to product details. | |
|
Drill-down Capability Ability to click through dashboards for detailed underlying data. |
Drill-down on dashboards to view detailed data is available. | |
|
Real-Time Analytics Near real-time updates of dashboards and reports. |
Supports real-time analytics/updates for reporting. | |
|
Role-based Report Access Access controls for sensitive reports or dashboards. |
Provides role-based security on reports and dashboards. | |
|
Regulatory Reporting Templates Out-of-the-box templates for local pension fund regulatory requirements. |
Some regulatory reporting templates for pension/retirement compliance available. | |
|
Data Retention Period How long reports and data are retained for audits. |
No information available |
Workflow & Task Automation
(9 Yes /9 Known /10 Possible features)
|
Custom Workflow Designer Drag-and-drop interface for custom workflows relevant to pension operations. |
Custom workflow designer (drag-and-drop) highlighted among workflow features. | |
|
Automated Task Assignment Automatically assigns and notifies responsible staff for tasks. |
Automated task assignment and notification are platform features. | |
|
Escalation Matrix Rule-based escalation of overdue or critical tasks. |
Escalation matrix (rules for escalation of tasks) included in workflow engine. | |
|
Approval Routing Flexible approval chains for risk actions and exceptions. |
Approval routing for actions and exceptions available in workflows. | |
|
Commenting & Collaboration Internal notes, comments, and tagging for improved collaboration. |
Comments, internal notes, and tagging available for collaborative work. | |
|
Calendar Integration Sync with corporate calendars for reminders and deadlines. |
Calendar (Outlook/Google) integration for reminders and workflow deadlines. | |
|
Workflow Runtime Performance Average time to execute automated workflow steps. |
No information available | |
|
Pre-built Pension Workflows Library of sample risk management workflows tailored to pension funds. |
Provides pre-built workflow templates for pension/retirement operations. | |
|
Workflow Audit Trails Complete log of workflow activities and task handovers. |
Workflow audit trails (logging of workflow steps) are documented in audit section. | |
|
User Notification Preferences Customizable notification methods per user or group. |
Custom notification preferences per user/group available in user profile settings. |
Access Control & Security
(9 Yes /9 Known /10 Possible features)
|
Role-Based Access Control Granular user role and permission specification. |
Role-based access control (permissions, user roles) is a core security function. | |
|
Single Sign-On (SSO) Supports enterprise authentication (e.g., SAML, OAuth2). |
Supports enterprise SSO using SAML, OAuth2 as per security documentation. | |
|
Multi-factor Authentication (MFA) Requires an additional verification step for logins. |
Provides multi-factor authentication as an option for user logins. | |
|
Data Encryption At Rest All stored data is encrypted. |
Cloud database encrypted at rest per InfoSec product documentation. | |
|
Data Encryption In Transit Data transmissions are encrypted end-to-end. |
Data in transit encrypted with TLS/SSL as standard for SaaS solutions. | |
|
Audit Logging Complete and immutable logs of system and user actions. |
Audit logging is a standard security and compliance control in the GRC platform. | |
|
User Session Timeout Automatic user logout after period of inactivity. |
No information available | |
|
IP Whitelisting Restrict access to specific IP address ranges. |
IP whitelisting for system access controlled via security settings. | |
|
Data Masking Sensitive fields are masked from unauthorized users. |
Data masking configurable for sensitive fields based on access permissions. | |
|
GDPR/Privacy Compliance Features Enables privacy rights requests, consent tracking, and data portability. |
GDPR and global privacy tools, including data subject rights and consent management, described. |
Integration & Data Exchange
(8 Yes /8 Known /10 Possible features)
|
API Availability Open APIs for importing/exporting risk, incident, and control data. |
Open APIs (REST and other) available for system integration per developer portal. | |
|
Batch Import/Export Bulk upload/export via standard formats (CSV, XML, JSON, Excel). |
Bulk data import/export in standard formats (CSV, Excel, JSON) supported. | |
|
Pre-built Integrations Ready-made connectors for common pension or ERP platforms. |
Integration marketplace advertises pre-built connectors to common pension/ERP software. | |
|
Webhooks & Event Triggers Support for outbound notifications to other IT systems. |
Supports outbound webhooks/event triggers to external systems/workflows. | |
|
Real-Time Data Sync Bi-directional updates with other systems in near real-time. |
Real-time (bi-directional) data integration supported for connected systems. | |
|
Custom Field Mapping User-defined field mapping for data transfer. |
Custom field mapping for data integration provided in system settings. | |
|
Flat File Transfer Scheduling Automated batch file exchange by schedule. |
Allows scheduled flat/batch file exchange for system integration. | |
|
Number of Integration Endpoints Supported Maximum number of simultaneous third-party endpoints. |
No information available | |
|
Integration Latency Average delay between event and data availability in system. |
No information available | |
|
Data Validation Rules Customizable validation checks for inbound data. |
Custom data validation rules available for imported/integrated datasets. |
Configurability & Usability
(9 Yes /9 Known /10 Possible features)
|
Custom Field Creation Define new data fields meeting unique pension business needs. |
System admins can create new custom data fields for risk records. | |
|
Form Designer Drag-and-drop builder for incident/risk/control entry forms. |
Drag-and-drop designer for forms is available for capturing risk/incident/control data. | |
|
Localization (Language & Currency) Supports multiple languages and currencies used by pension funds. |
Supports multiple languages/currencies for international pension clients. | |
|
Mobile Access Native or web-optimized apps for incident and risk management on-the-go. |
Accessible via mobile-responsive interface and mobile app. | |
|
User Training Documentation Comprehensive help guides and onboarding materials included. |
Includes user training documentation, user guides, and onboarding help. | |
|
Accessibility Compliance Meets standards (e.g., WCAG) for disability access. |
Accessibility/wcag compliance required for US and EU markets; product claims compliance. | |
|
System Navigation Speed Average time for page-to-page navigation. |
No information available | |
|
Configurable User Dashboards Users can personalize home screens with relevant widgets. |
User-configurable dashboards are available for risk and compliance modules. | |
|
Bulk Data Edit Edit multiple records at once via bulk actions. |
Bulk data edit/update for records available in admin/data maintenance views. | |
|
Search & Filter Tools Advanced search and filter options across all data modules. |
Advanced search and filtering tools available in each module. |
Audit, Compliance & Regulatory Support
(9 Yes /9 Known /10 Possible features)
|
Full Audit Trail Automatic logging of all changes to risks, controls, incidents, and users. |
Full audit trail for all data changes included for compliance. | |
|
Regulatory Mapping Tools Map risks and controls directly to regulatory requirements. |
Platform maps risks/controls directly to regulations (regulatory mapping). | |
|
Attestation Workflow Facilitates routine sign-off by control/process owners. |
Attestation workflows are supported for sign-off and evidence tracking. | |
|
Audit Evidence Repository Centralized location for storing audit documentation. |
Central audit evidence/document repository is available. | |
|
Custom Compliance Checklists User-defined checklists for regulatory or procedural checks. |
Custom compliance checklists can be defined per organizational requirement. | |
|
Automated Compliance Alerts Automatic notifications of non-compliance or overdue certifications. |
Automated alerts for non-compliance/overdue certifications included. | |
|
Audit Scheduling Calendar-based planning for audits and reviews. |
Audit scheduling and calendar support documented in audit module. | |
|
Findings Management Tracking, remediation, and reporting on audit findings. |
Audit findings management and reporting included. | |
|
On-demand Audit Reports Generate audit-ready documentation instantly. |
On-demand audit report generation for compliance and audit support. | |
|
Number of Audit Logs Retained How many audit trail entries are retained per record. |
No information available |
This data was generated by an AI system. Please check
with the supplier. More here
While you are talking to them, please let them know that they need to update their entry.