Search

Data Processing Inherent Risk

AI Inherent Risk Calculation
The Data Mapping & Risk Manager automatically assigns an inherent risk score — High, Medium, Low, or Incomplete — to each data inventory and business process record.
Scores appear faded until reviewed.
To review a score, click the inherent risk label. A pop-up opens showing the current score, where you can:
View the score and risk indicators
Adjust the score manually if needed
Add notes or comments for context
Inherent risk score pop-up showing the current score, risk indicators, manual adjustment controls, and notes field
System Records

TrustArc automatically calculates an inherent risk score for System Records created in the Data Mapping & Risk Manager by evaluating the inputs below.

Fields required to calculate inherent risk
Hosting location(s)
Data subjects
Data subject location
Volume of data subjects
Data elements
Processing purposes
How risk level is determined
High — 2 or more risk factors (e.g., processing purpose + data element), or a processing purpose with more than one risk level
Medium — 1 risk factor
Low — 0 risk factors
System Record inherent risk calculation diagram showing how risk factors map to High, Medium, and Low scores
Business Process Records

TrustArc automatically calculates an inherent risk score for Business Process Records created in the Data Mapping & Risk Manager by evaluating the inputs below.

Fields required to calculate inherent risk
Range of people involved
System selection — at least one system must be linked to the Business Process record. The system's information is used when calculating the Business Process record's risk score. The inherent risk score is calculated automatically once the above fields are complete.
A minimum of one system must be added to the Business Process record before risk can be calculated.
The system's information is used in calculating the Business Process record's risk score. TrustArc calculates the inherent risk score automatically once the above fields are complete.
Business Process Record inherent risk calculation diagram showing how system selection and people range map to the inherent risk score
Company Entity Records
TrustArc automatically calculates an inherent risk score for Company Entity records once a Company Entity is the owner of a Business Process or System record.
Designate a Company Entity as the owner of a System or Business Process record by selecting it in the Owned By dropdown field on the record.
The Company Entity inherent risk score is the highest inherent risk score across all Business Process and System records the entity owns.
At least one completed record must be associated with the Company Entity before its inherent risk score can be calculated.
If the Company Entity owns zero records, the inherent risk column displays Unavailable.
Company Entity record showing the Owned By field and the resulting inherent risk score calculated from associated records
Third Party Records
TrustArc automatically calculates an inherent risk score for Third Party records once a third party is the owner of a System record.
When a System record is created, you must select the owning entity — either a company within your organization or a third-party entity.
The Third Party inherent risk score is the highest inherent risk score across all System records owned by that third party.
At least one System record must be owned by the Third Party before the inherent risk score can be calculated.
The System record must have all fields completed that are used to calculate the System record's inherent risk score.
Third Party record showing the system records it owns and the resulting inherent risk score calculated from those records
TrustArc Data Mapping & Risk Manager  ·  AI Inherent Risk Calculation  ·  support.trustarc.com