OneTrust | Principal UX Designer | 2024
420 million issues.
Miscategorised across
14,000 clients.
Real legal risk.
Redesigning OneTrust Issues Management
Solving a zero-adoption crisis by rebuilding the bridge between Risks, Controls, and Incidents
Role
Principal UX Designer
Duration
Jan–Oct 2024 (10 months)
Team
PM, Content Designer, Eng Lead
Scope
Migration System Redesign
What I shipped
Research & Discovery
12 interviews across internal power users and enterprise clients — including Workday, John Deere, and Woolworths — surfaced two critical themes: platform functionality gaps and the inability to analyse issues at scale.
Design Artifacts
Service blueprint, 3-stage migration flow, client-validated prototype, and a pattern library covering accordion compression, save state, and reversibility — all handed off production-ready to engineering.
Cross-Functional Leadership
Aligned 4 designers across verticals under shared conventions, co-led client validation sessions with PM and Content Designer, and ran a parallel Ethics SpeakUp investigation workspace concurrently.
Design phase completed Jan–Oct 2024. Engineering implementation continued after transition to EA Frostbite. Rollout to 14,000 client organisations ongoing.
Add a video URL in the inspector to embed your walkthrough
Act 1 — The Challenge
The Situation
When I inherited this product, clients were avoiding it with a 10-foot pole.
The Stakes: Issues Management had near-zero adoption
Client Feedback: "Change management takes too long — we're already using JIRA and Excel"
The Reality: Workday, John Deere, Woolworths, and other major clients had found workarounds
My Mission: Get this "F1 racer with no engine" onto the track
420 million issues.
Misclassified. Audit-exposed.
The Numbers
- 14,000
enterprise clients affected - 35,000+
misclassified issues per client - Product built with NO UX support
Why It Mattered
Legal and compliance risk — ISO audits, potential fines, broken data integrity. Every misclassified issue represented a potential compliance violation waiting to be found.
The Constraint
Time to value was 6+ months for clients
They needed it working out-of-the-box in DAYS
Everything is connected. Nothing was communicating.
The Intended System
- • Controls are meant to prevent risks from materialising
- • Unresolved risks escalate into Issues — the critical failure state
- • Issues connect to Incidents, Vendors, Assets, Audits, and more
- • All verticals meant to be holistic and interconnected across the GRC ecosystem
The Reality
- • Systems barely talking to each other
- • Data in the wrong category
- • Connections to 12 product verticals half-formed and haphazard
- • Navigation from Issues to Vendors, Entities, Incidents, Audits inconsistent and unreliable
- • No clear migration path for 420 million misclassified records
Already connected. Not yet communicating.
- • Mapping the existing build revealed 12 product verticals already surfacing inside issue records — Assets, Vendors, Standards, Procedures, Policies, Evidence, Tasks, Entities, Incidents, Audits, Findings — signals of intent, not accidents
- • My Controls & Risks counterpart and I onboarded simultaneously and compared notes independently — we arrived at the same conclusion: cross-vertical dependency was structural, not incidental
- • Our platform principal designer confirmed the same pattern held across the full GRC ecosystem — three independent lines of evidence pointing to the same truth
- • The system wasn't failing by design — it was waiting for someone to see what it was trying to become
Diagram I drew of the current state of Issues connectivity
Act 2 — The Approach
Client Interviews Revealed the Path Forward
Turning to the clients who had been actively avoiding the product, we conducted in-depth interviews. Their unfiltered feedback illuminated the critical gaps and underlying needs that the previous design had failed to address.
"The clients didn't just tell us what was broken; they helped us imagine what 'good' truly looked like."
Research conducted with Product Manager and Content Designer. 6 internal power users + 6 enterprise client validation sessions (Woolworths, Workday, +4 others).
A 3-stage migration process
Configure attributes → Configure workflows → Execute migration
Stage 1: Attribute Mapping
Map data fields from Risk bucket to Issues bucket, handle required vs. optional data, flag conflicts before migration
Stage 2: Workflow Configuration
Map workflow stages (parent-child relationships), accordion pattern for scalability (10+ workflows), save/draft capability
Stage 3: Migration Execution
Select which risks to migrate, execute with reversibility (recycling bin), no data duplication
The pivots that defined the design
1
Full-Page vs. Modal
Too much data for scrollable modals. Dedicated full-page flows with persistent stepper.
2
Save State / Draft Mode
Users pause mid-migration, any authorized user can pick up where someone left off
3
Accordion Compression
Client asked "what if 100 workflows?" Evolved from horizontal mapping to vertical accordion pattern.
Act 2 — The Outcome
Delivered.
Documented.
Ready to build.
Ten months of research, blueprinting, cross-functional alignment, and iterative design — completed before handing off to engineering and transitioning to EA Frostbite. Everything that follows represents work left in a state ready to build, not just ready to present.
Research & Discovery
- ✓6 internal power user interviews — Chief Trust Architect, InfoSec analysts, GRC specialists
- ✓6 enterprise client validation sessions — Workday, John Deere, and Woolworths
- ✓2 core research themes: platform functionality gaps and the inability to analyse issues at scale
- ✓Service blueprint workshops with engineering — run at 5am Toronto time to reach Asia-based leads in their peak hours
- ✓Current-state diagramming across all interconnected verticals: Issues, Risks, Controls, Ethics, Vendors, Audits, Findings, Incidents
Design Artifacts
- ✓Full service blueprint mapping the complete migration ecosystem from Risks to Issues resolution
- ✓3-stage migration flow: attribute mapping → workflow configuration → execution
- ✓Working prototype validated across 6 client sessions, video documented
- ✓Pattern library: accordion compression, save state, reversibility via recycling bin
- ✓Production-ready specifications handed off to engineering at transition
Cross-Functional Leadership
- ✓Co-led client validation sessions with PM and Content Designer
- ✓Initiated cross-vertical design alignment — unified 4 designers working on parallel data mapping patterns under shared conventions
- ✓Patterns documented in enterprise design system: dropdown states, directional arrows, accordion compression
- ✓Parallel initiative: Ethics SpeakUp investigation workspace designed concurrently
- ✓Design phase complete before transition to EA Frostbite — engineering implementation ongoing across 14,000 client organisations
Design phase completed Jan–Oct 2024. Engineering implementation continued after transition to EA Frostbite. Rollout to 14,000 client organisations ongoing.
The proactive response
After the handoff:
the work the
research demanded
The research had surfaced something the original engagement never had time to address: clients who had abandoned the platform hadn't left because the product was inadequate — they left because the cost of change management was too high.
The data was sitting in JIRA and Excel. They needed a reason to come back.
After the engagement ended, I returned to that gap on my own initiative. The goal: build two live, interactive prototypes that showed a lapsed client exactly what their data could look like inside the platform — not as a pitch, but as proof.
The principle
Recognition before action.
Return, not restart.
The deliverable
2 live, interactive prototypes — deployed and navigable.
On the build process
Both prototypes were built using an AI-assisted design and development workflow — a methodology I'm actively developing as a portfolio practice in its own right. The sprint included navigating real resource constraints: model degradation mid-build required systematic troubleshooting, regression testing, and a deliberate decision to upgrade tools in order to carry the work across the finish line. Both components are live, navigable, and connected via two-way routing.
Component 1 — Live Prototype
GRC Issues Management Dashboard
An executive summary dashboard that transforms raw compliance data into actionable intelligence. Designed around the needs of a composite Senior Compliance Analyst persona drawn from Workday, John Deere, and Woolworths — facing an ISO audit with 180,000 potentially misclassified issues and six weeks to act.
- →4 KPI cards — Total Issues, Overdue, Critical, Closed This Month with trend indicators
- →Issue Volume Over Time chart with 4 time-range filters spanning 7 days to 12 months
- →Department breakdown with status filtering across 6 business units
- →Full issues table with type, severity, owner, and status — paginated and filterable
- →Teaser widget linking directly into the Relationship Map
- →Built with Chart.js, deployed to Netlify
Live prototype — explore it below
Component 2 — Live Prototype
Relationship Map
A cross-entity network visualisation showing how Issues, Risks, Controls, and Vendors connect across a compliance ecosystem. Designed to surface the systemic consequences of a single unaddressed issue — and give compliance teams the spatial intelligence to act before an audit finds it first.
- →11 nodes, 14 connections across 4 entity types — Issues, Risks, Controls, Vendors
- →Pyramid node hierarchy with 4 distinct shapes and a semantic colour system
- →Three-layer interaction: hover tooltip → cluster drill-down panel → detail sidebar
- →Ghost resolution workflow for orphaned nodes with no active connections
- →Filter bar: Show All / Issues Only / Risks Only / Misclassified Only
- →Cluster grouping with severity, days unaddressed, and owner surfaced at a glance
- →Built with Vis Network, deployed to Netlify
Live prototype — explore it below
Closing Thoughts
Designing
for the
Long Game.
A powerful system. No user input.
When I joined OneTrust, Issues Management was a cautionary tale: a powerful system built without user input, avoided by the very clients it was meant to serve. The technical infrastructure existed, but trust did not.
The workarounds were a warning.
The breakthrough came not from redesigning screens, but from understanding why clients had given up. Their workarounds with JIRA and Excel were not just habits — they were protective measures against a system that had burned them before.
Resistant clients became collaborators.
By turning those resistant clients into collaborators, we transformed the problem. The service blueprint became our shared language. The 3-stage migration became their safe path forward. The recycling bin became their safety net.
Delivered at the handoff. Not finished at the handoff.
I left OneTrust to join EA Frostbite before seeing the migration system ship to all 14,000 clients. But I left behind something more valuable than shipped features: a validated approach, production-ready specifications, and a team aligned on solving the right problem.
The research kept asking questions.
After leaving OneTrust, the research kept surfacing an unanswered gap: lapsed clients hadn't left because the product failed them — they left because the cost of return felt too high. The dashboard and relationship map were the response — not a side project, but the work the research had always been pointing toward.
