May 24, 2022
Announcing the OneTrust GRC & Security Assurance Cloud
7 Min Read
Just as business risk grows and compliance evolves, so too do the solutions that help mitigate threats and keep companies resilient. That’s why OneTrust is proud to announce the launch of the GRC & Security Assurance Cloud, presenting a holistic solution that streamlines all components of the governance, risk, compliance, and overall assurance needed for a business to be proactive and resilient.
Third-Party Management evolves into OneTrust GRC & Security Assurance
OneTrust began as a company providing a solution for the protection of personal data and overall privacy management in the face of the General Data Protection Regulation (GDPR), which was enacted in 2018. The solution provided a simplified user experience to streamline tracking, reporting, and maintaining records for compliance.
When businesses realized the immediate value of the solution, they quickly turned back to OneTrust and sought the same answers for managing data across their expanding ecosystems, as reliance on third parties and vendors increased by the day.
That solution was quickly brought online, which is now the company’s Third-Party Management solution to help businesses assess and mitigate vendor-related risks.
This brought forth our Third-Party Risk Exchange, a global community designed to enable the seamless “exchange” of privacy, security, and compliance information between businesses. This reduced the need for in-depth and ad hoc questionnaires.
OneTrust helped businesses secure their data and remain compliant, and those same companies could now also effectively manage the risk brought on by third parties. It was time for IT risk, audit, and policy management solutions to be put in place.
Companies were constantly working in silos – many still are – and unable to coordinate processes and data sources across various systems and tools when it came to compliance, risk, and resiliency. They needed the visibility, action, and automation to address tactical and strategic risk management proactively across an ecosystem that includes IT, operations and enterprise, and regulatory and compliance. Using an integrated platform, organizations can streamline audits while effectively centralizing policy development and distribution.
And why must companies take this proactive approach? All too often security and risk programs are playing the reaction game, which leads to falling behind and suffering the consequences. According to analyst firm IDC’s Trust Events as GRC Implementation Instigators, 65% of businesses reported it was a security breach that led them to implementing their current GRC solution. Another 30% said their GRC solution was implemented because of a third-party or supplier failure.
Before a company decides to launch a product, make an acquisition, go through a reorganization – whatever business decisions are on the horizon – leadership needs to be empowered to make risk-informed decisions. The business leaders and decision makers in those situations should have risk insights at their fingertips to make the best decisions possible. Risk management leads to better judgment and better decision-making, which creates organizations that run more efficiently.
“We evolved this way because of our customers,” said Scott Bridgen, Offering Lead, OneTrust GRC. “It was a natural evolution and we were led into this by the needs of our customer base. And that’s why we are evolving into the GRC & Security Assurance Cloud.”
Where are we headed?
Businesses can’t be effective when internal departments work in silos or lack visibility into their third parties. This is, without a doubt, the quickest way to ensure threats turn into breaches and bring a company to its knees.
Businesses that have been considered leaders in their respective compliance programs cited several areas where automation will play a key role in their GRC process. Categories including risk quantification, external data ingestion automation, and risk workflows were all considered top priorities with 75% of respondents agreeing those were the areas for greatest opportunity, according to IDC’s GRC Maturity Survey.
We launched the OneTrust GRC & Security Assurance Cloud to offer a holistic solution that will create cyber resiliency for businesses to make risk-informed decisions that drive growth.
It’s also the next step in transforming the security and risk management departments into centers of trust.
What is the OneTrust GRC & Security Assurance Cloud?
There are four trust domains within the Cloud that address overarching friction points faced by all companies. By pulling them together in a single solution, businesses will have the ability to automate processes that have long been time and resource intense, and burdensome for companies trying to build proactive processes.
These trust domains include:
Governance & Policy Management: Automate the end-to-end management of policies, standards, and procedures.
IT Risk & Security Assurance: Identify and assess IT and cyber risk to make better risk-informed decisions.
Third-Party Risk: Assess, mitigate, monitor, and report on risks associated with vendors, and access a data sharing community with information on thousands of third parties.
Audit & Compliance Management: Manage internal compliance with frameworks and standards and prepare for independent audits.
The importance of this transition cannot be understated. Here’s why we did it:
Connected data: Integrating platforms will drive Trust outward from the security and risk management groups.
Forward focus: Accessibility puts a priority on how users need to experience GRC, fostering a culture of adoption across the entire business.
Paradigm shift: The thought process is no longer risk management; it’s now Trust Management.
Defining the Trust Intelligence Software Category
The Trust Intelligence Platform from OneTrust introduces the first in a new category of software for businesses to start and scale trust initiatives. Trust Intelligence delivers visibility across trust domain areas, action based on AI and regulatory intelligence, and automation to build trust by design as a reflex in organizations. The platform unifies Privacy & Data Governance, GRC & Security Assurance, Ethics & Compliance, and ESG & Sustainability programs where teams, data, and processes can integrate, giving businesses a centralized view, report, and understanding of business trust.
The OneTrust platform is built on an intelligent engine that integrates global frameworks, standards, and regulations so companies can track compliance with various laws. Benchmarking, insights, and reporting capabilities enable leaders to understand how their program is developing and assess program maturity compared to industry peers. Trust Centers give stakeholders a dynamic, engaging, and centralized view of a company’s relevant policies, data, and reports in a way everyone can trust from OneTrust and verify.
Companies can choose to start their journey to building trust with one cloud in the platform and build into other trust domains as the program matures. The Trust Intelligence Platform includes:
- The OneTrust Privacy & Data Governance Cloud: People demand greater control of their data, unlocking an opportunity for organizations to use digital interactions to go beyond compliance and build trust through transparency, choice, and control. The OneTrust Privacy & Data Governance Cloud helps companies adopt best-in-class privacy practices, so individuals trust them with their data, allowing them to deliver more valuable experiences and create business value through trust. Trust domains include Privacy Management, Data Governance, Consent & Preferences, and Responsible AI.
- The OneTrust GRC & Security Assurance Cloud: The global threat landscape evolves each day, bringing new and unexpected risks to people and organizations. The OneTrust GRC & Security Assurance Cloud helps companies and supply chains stay resilient in the face of continuous cyber threats, global crises, and natural disasters—so organizations can operate with confidence. Trust domains include Governance & Policy Management, IT Risk & Security Assurance, Third-Party Risk, and Audit & Compliance Management.
- The OneTrust Ethics & Compliance Cloud: The most resilient organizations nurture a culture that fosters ethical behavior where everyone feels empowered to speak up, share their perspectives, ask challenging questions, and raise concerns without fear of retaliation. The OneTrust Ethics & Compliance Cloud fosters and promotes an open and safe environment for employees, maximizing insights into the health of a company’s culture, so leaders can act decisively upon areas of risk. Trust domains include Ethics Program Management, Third-Party Due Diligence, and Speak-Up Culture Assurance.
- The OneTrust ESG & Sustainability Cloud: People want to buy from, work for, and invest in businesses that positively impact people and the planet in ways that everyone can understand and verify. The OneTrust ESG & Sustainability Cloud offers organizations the ability to define core environmental and sustainability metrics, track progress towards those goals, and foster trust with key stakeholders through enhanced transparency. Trust domains include Carbon Accounting, ESG Program Management, and Supplier Sustainability & Responsibility.
Learn more about The Trust Intelligence Platform from OneTrust.