Privacy, security, and other risk functions are all familiar with the process of conducting an internal review. These are usually done through interviewing the business user procuring a vendor or building a new product, sometimes over a call and sometimes via a lengthy questionnaire. Findings are recorded in sheets or documents in an unstructured format that might be difficult to digest at scale.
This entire review process is dramatically streamlined in TerraTrue via a Launch. Launches combine the intake process, the review process, and the flagging of any required remediations all in one place. Structured information gathered in a launch flows downstream to reporting tools, giving you a dynamic map of your organization’s activities that’s constantly and automatically updated.
Launches can be used to review any project that may pose a risk to your organization, such as:
- A new product feature
- A substantial change to an existing feature
- A prospective vendor or service provider going through evaluation
- An HR initiative using employee data
What does a launch consist of?
Out of the box, a standard TerraTrue launch contains two key worksheets:
- A Data Spec: this is a flexible set of questions that susses out what data is being used, whose data it is, where they’re located, and why it’s being used. It will also ask if any third parties are accessing this data.
- A Privacy Worksheet: this is a dynamic worksheet that will change depending on the applicable regions, and guide privacy teams through a review of what was collected in the Data Spec. TerraTrue’s built-in modules for GDPR, CPRA, and more will flag region-specific concerns. Privacy Worksheets will also determine if a DPIA or LIA is needed, then guide you through the process of completing one directly inside the worksheet.
The Data Spec and the Privacy Worksheet combined result in a record, which gets added to your Record of Processing Activities and flows down to your reporting hub where you can easily see how data is being used across your organization.
For teams who work outside of Privacy, you can also build a Custom Workflow that sits on the launch as an additional assessment when applicable. Review teams use these custom workflows to document security reviews, trust reviews, etc.
To recap what we’ve covered so far:
- A Launch is the building block of TerraTrue. Launches are ideal for documenting and reviewing any initiative that may pose some kind of privacy or security risk to the business.
- Launches combine the intake process (the Data Spec) with the review process (Privacy Worksheet and/or Custom Workflows) into one collaborative component.
Who is supposed to create a launch?
TerraTrue is designed to work with your business users, and make it easy for them to create a launch anytime they need to flag something for a review. They can complete the Data Spec to tell you what data they're using and how. Reviewers are then notified to begin their review by completing a Privacy Worksheet or a Custom Workflow, and add any findings or feedback to the launch for the business user to act on. This is a collaborative process between reviewers and business users.
Launch creation can be even more streamlined when leveraging one of our integrations, such as Jira or Ironclad.
However, some review teams may prefer to own the end-to-end launch creation flow if their cross-functional partners aren’t ready to work with them in this way. Your Customer Success Manager will work with you to determine how TerraTrue can best adapt to your organization’s current processes and culture.
That’s it for the introduction to TerraTrue. There’s much more to cover, such as:
- How to build your intake process to collect the information you need
- How to configure your review teams
- How to vet and review third parties
- How to assign tasks and remediation requests
But first, we’re going to dive deeper into what’s under the hood at TerraTrue, and that is your TerraTrue Taxonomy.