IT Central Station is now PeerSpot: Here's why

OneTrust GRC OverviewUNIXBusinessApplication

OneTrust GRC is #3 ranked solution in top GRC tools and top IT Vendor Risk Management tools. PeerSpot users give OneTrust GRC an average rating of 10 out of 10. OneTrust GRC is most commonly compared to RSA Archer: OneTrust GRC vs RSA Archer. OneTrust GRC is popular among the large enterprise segment, accounting for 67% of users researching this solution on PeerSpot. The top industry researching this solution are professionals from a computer software company, accounting for 24% of all views.
Buyer's Guide

Download the GRC Buyer's Guide including reviews and more. Updated: June 2022

What is OneTrust GRC?

OneTrust is the largest and most widely used technology platform to operationalize privacy, security and third-party risk management. More than 2,500 customers, both big and small and across 100 countries, use OneTrust to demonstrate compliance with privacy regulations including the GDPR, California Consumer Privacy Act, Brazil LGPD, and hundreds of the world's privacy laws.

OneTrust's size and scale allows it to offer the easiest-to-use and most affordable solution for implementing use cases including: Privacy Maturity Benchmarking, Data Protection by Design and Default (PbD), Data Protection Impact Assessments (PIA/DPIA), Third-Party Vendor Risk Management, Incident and Breach Response, Data Mapping (Records of Processing), Customer Preference Management, Consent Management, Website Scanning & Cookie Compliance, Mobile App Scanning, Data Subject/Consumer Rights Management and Policy & Notice Management.

The platform's intelligence comes from DataGuidance by OneTrust, an in-depth and up-to-date source of privacy and security regulatory summaries, guidance, templates, case law, and analysis. The database is updated daily by over 20 in-house privacy researchers, along with a network of 500 lawyers across over 300 jurisdictions.

OneTrust's 700 employees are located across co-headquarters in Atlanta and in London with additional locations in Bangalore, Melbourne, San Francisco, New York, Munich and Hong Kong. To learn more, visit

OneTrust GRC was previously known as OneTrust Vendor Risk Management.

OneTrust GRC Customers

randstand, into, halfbrick

OneTrust GRC Video

Archived OneTrust GRC Reviews (more than two years old)

Filter by:
Filter Reviews
Filter Unavailable
Company Size
Filter Unavailable
Job Level
Filter Unavailable
Filter Unavailable
Filter Unavailable
Order by:
  • Date
  • Highest Rating
  • Lowest Rating
  • Review Length
Showingreviews based on the current filters. Reset all filters
Privacy Manager at Broadcom
Real User
An all-in-one solution for our privacy program that assists with data collection and compliance
Pros and Cons
  • "Vendors can be assessed and rated out of the tool, and assessments can be scheduled for updates at certain intervals."
  • "The Vendor Risk dashboard is quite basic today and not interactive, but improvements are in coming the next releases."

What is our primary use case?

We use this solution for the management of our Privacy Program with a single solution. It helps to show compliance with regulations like GDPR, or CCPA. Vendor Risk Management was one of the main modules we wanted, but having the benefit of additional solutions within the same platform was what convinced us to go with OneTrust. In particular, we were interested in Application inventory, Records of Processing Activities, Website Scanning and Cookie Compliance, Incident Response, Data Mapping, and Assessment Automation. The Data Subject Request Module is very helpful to deal with requests and automate data collection. OneTrust also includes Maturity and Benchmark assessments.

How has it helped my organization?

We are still at the beginning, but OneTrust will help us to tie all of the components together for our Privacy Program. Vendors can be assessed and rated out of the tool, and assessments can be scheduled for updates at certain intervals. We can tie the Applications and Processing activities to the vendor to obtain a complete picture.

What is most valuable?

The biggest plus for us is that everything we need for our Privacy Program is in one single tool. There is no switching between different applications, or merging data from different tools, needed to generate our reports. It is a single platform with everything we need. OneTrust is also very easy and intuitive to use. The Vendorpedia library is very useful when adding new vendors, as it contains information about the Privacy Shield status and other risk framework certificates. OneTrust offers to assess vendors on behalf of the customer, which offloads the follow-up work with vendors on assessments.

What needs improvement?

For the Vendor Risk Module I see only minor functionality improvements needed. Many are already being addressed and OneTrust is very responsive to customer feedback and suggestions. The Vendor Risk dashboard has seen a lot of improvement and is now interactive. Release frequency is three to four weeks.
Buyer's Guide
June 2022
Find out what your peers are saying about OneTrust, RSA, ProcessUnity and others in GRC. Updated: June 2022.
610,518 professionals have used our research since 2012.

For how long have I used the solution?

Eight months.

What do I think about the stability of the solution?

We have not seen any stability issues. This includes both before and after version upgrades.

What do I think about the scalability of the solution?

So far, the product seems to scale very well.

How are customer service and support?

The support team is very responsive to requests and questions, although we haven't had major issues that would necessitate having to fully use it. They quickly add escalation resources to overcome challenges.

Which solution did I use previously and why did I switch?

We did not use a different solution. We chose OneTrust to build our Privacy Program including Vendor Risk Management.

How was the initial setup?

This initial setup of this solution was easy. The data import depends on the quality and completeness of your data, but that would be the same for every tool.

What about the implementation team?

We used vendor resources to perform the basic configuration and help with the initial data import. I have no complaints with their knowledge and expertise, and the team is very responsive.

What was our ROI?

We have a lot of different functionality and automation in one single tool. This helps a small team to tackle different areas easily.

What's my experience with pricing, setup cost, and licensing?

I found the pricing and setup cost very reasonable.

Which other solutions did I evaluate?

We looked at RSA Archer and MetricStream. Both were very good at what they do, but we wanted the additional options that OneTrust gave us in areas outside of Vendor Risk in the same tool. Pricing did play a role, as well as ease of use. 

What other advice do I have?

You always need to do your homework and determine what you need. With that, you can go out and compare products to determine what the best fit is for your organization. For us, having many different modules in one solution was a big plus.

Which deployment model are you using for this solution?

Private Cloud

If public cloud, private cloud, or hybrid cloud, which cloud provider do you use?

Disclosure: I am a real user, and this review is based on my own experience and opinions.
Buyer's Guide
Download our free GRC Report and find out what your peers are saying about OneTrust, RSA, ProcessUnity, and more!
Updated: June 2022
Product Categories
GRC IT Vendor Risk Management
Buyer's Guide
Download our free GRC Report and find out what your peers are saying about OneTrust, RSA, ProcessUnity, and more!