IT Central Station is now PeerSpot: Here's why

OneTrust GRC OverviewUNIXBusinessApplication

OneTrust GRC is #3 ranked solution in top GRC tools and top IT Vendor Risk Management tools. PeerSpot users give OneTrust GRC an average rating of 10 out of 10. OneTrust GRC is most commonly compared to RSA Archer: OneTrust GRC vs RSA Archer. OneTrust GRC is popular among the large enterprise segment, accounting for 67% of users researching this solution on PeerSpot. The top industry researching this solution are professionals from a computer software company, accounting for 24% of all views.
Buyer's Guide

Download the GRC Buyer's Guide including reviews and more. Updated: June 2022

What is OneTrust GRC?

OneTrust is the largest and most widely used technology platform to operationalize privacy, security and third-party risk management. More than 2,500 customers, both big and small and across 100 countries, use OneTrust to demonstrate compliance with privacy regulations including the GDPR, California Consumer Privacy Act, Brazil LGPD, and hundreds of the world's privacy laws.

OneTrust's size and scale allows it to offer the easiest-to-use and most affordable solution for implementing use cases including: Privacy Maturity Benchmarking, Data Protection by Design and Default (PbD), Data Protection Impact Assessments (PIA/DPIA), Third-Party Vendor Risk Management, Incident and Breach Response, Data Mapping (Records of Processing), Customer Preference Management, Consent Management, Website Scanning & Cookie Compliance, Mobile App Scanning, Data Subject/Consumer Rights Management and Policy & Notice Management.

The platform's intelligence comes from DataGuidance by OneTrust, an in-depth and up-to-date source of privacy and security regulatory summaries, guidance, templates, case law, and analysis. The database is updated daily by over 20 in-house privacy researchers, along with a network of 500 lawyers across over 300 jurisdictions.

OneTrust's 700 employees are located across co-headquarters in Atlanta and in London with additional locations in Bangalore, Melbourne, San Francisco, New York, Munich and Hong Kong. To learn more, visit OneTrust.com.

OneTrust GRC was previously known as OneTrust Vendor Risk Management.

OneTrust GRC Customers

randstand, into, halfbrick

OneTrust GRC Video

OneTrust GRC Reviews

Filter by:
Filter Reviews
Industry
Loading...
Filter Unavailable
Company Size
Loading...
Filter Unavailable
Job Level
Loading...
Filter Unavailable
Rating
Loading...
Filter Unavailable
Considered
Loading...
Filter Unavailable
Order by:
Loading...
  • Date
  • Highest Rating
  • Lowest Rating
  • Review Length
Search:
Showingreviews based on the current filters. Reset all filters
Manager, Information Security Risk at a university with 1,001-5,000 employees
Real User
Increases productivity, multiple level vendor reviews, and is reliable
Pros and Cons
  • "One of the valuable features of this solution is it has the ability to review fourth and fifth parties to the nth degree."
  • "They could improve by offering free help. A solution, a lot of times, is not just the use of the solution. For example, it is the overall engagement, how well do they support the system, what is their SLA, and how long their response time is to an issue. It would be beneficial if they had some type of professional services where they offer the first five hours of professional services a year for free. That would be a substantial benefit rather than having to buy professional services or professional services packages."

What is our primary use case?

I use the solution when internal customers want to engage with a third party through some type of cloud-based system. Right away I start reviewing from that perspective and I get the vendor's information that they are looking to engage with, I input the information into this solution. This solution has a process where I can send questionnaires out to the new prospective vendor. That prospective vendor will provision themselves into the solution by inputting all their information. This prevents me from inputting any information incorrectly.  At this stage, I review all the information. The vendor will also upload all of their security documentation. This includes anything they can show that they are performing security best practices on behalf of their customers like us. This solution gives me the ability to double-check that information. I can do a risk review and risk rate it. There is a backend that will do a crowdsourcing type feature. For example, if there are other customers that have reviewed this particular vendor before, I can actually piggyback on that collected information and make my own judgment on whether or not it is a good fit for our environment.

How has it helped my organization?

By using this solution it has allowed me to free up some of my time and use my resources in other areas. Prior to using this solution, everything was done through a spreadsheet. Now with this solution, a lot of it is relational databases rather than a spreadsheet flat table. This solution also allows automation. You can start automating a lot of your processes as opposed to the manual process of using spreadsheets.

What is most valuable?

One of the valuable features of this solution is it has the ability to review fourth and fifth parties to the nth degree.  What this means is, a vendor that is going to engage with us is called a third party. However, sometimes these vendors have their own vendors. The first example, this solution is a third party to us, but this solution uses Azure as their backend database, this is the fourth party to us. I am fine with this because I know Azure is doing its best due diligence with security best practices. The comparative example, this solution wanted to start using an unknown company, such as Mike and Bob's server farm in Bob's garage as a vendor. I do not know who Mike and Bob are, if they had followed security best practices, do they close that garage door at the end of the night, or do they leave it wide open. All of our data could be sitting on those servers in that garage exposed. I would want to review that fourth party. As vendors, as our internal customers are bringing these vendors on board with us, they go through this committee. I look at the third party level and question if they have any significant fourth parties. I do not really care about all the small little vendors, such as the person that mows their lawn outside of their office building. However, I do care about a significant fourth party, for example, someone that may be hosting our data on behalf of this third party. This solution allows me to go deep into that information, where other third party risk management platforms that we have reviewed are not able to do. They typically only do the third party level and not the fourth.

What needs improvement?

They could improve by offering free help. A solution, a lot of times, is not just the use of the solution. For example, it is the overall engagement, how well do they support the system, what is their SLA, and how long their response time is to an issue. It would be beneficial if they had some type of professional services where they offer the first five hours of professional services a year for free. That would be a substantial benefit rather than having to buy professional services or professional services packages.
Buyer's Guide
GRC
June 2022
Find out what your peers are saying about OneTrust, RSA, ProcessUnity and others in GRC. Updated: June 2022.
610,518 professionals have used our research since 2012.

For how long have I used the solution?

I have been using the solution for two months.

What do I think about the stability of the solution?

I have not had any issue with the stability of the solution.

What do I think about the scalability of the solution?

The solution is in the cloud which allows it to scale very well.

How was the initial setup?

The initial installation is straightforward. However, it can be as complex as you want to make it depending on how many internal systems you want to add. The time for installation typically takes three weeks.

Which other solutions did I evaluate?

We have evaluated other similar solutions and we choose this solution because it allows reviews of more than just the third party vendors.

What other advice do I have?

I rate OneTrust GRC a ten out of ten.

Which deployment model are you using for this solution?

Hybrid Cloud
Disclosure: I am a real user, and this review is based on my own experience and opinions.
Buyer's Guide
Download our free GRC Report and find out what your peers are saying about OneTrust, RSA, ProcessUnity, and more!
Updated: June 2022
Product Categories
GRC IT Vendor Risk Management
Buyer's Guide
Download our free GRC Report and find out what your peers are saying about OneTrust, RSA, ProcessUnity, and more!