Blog

How to maintain an up-to-date data map with OneTrust vendor risk management

May 7, 2019

Auto-populate vendor information
Build automated reassessment triggers
Sync third-party risks
Add the latest contracts & DPAs to relevant assets

In aiding more than 2,500 companies mature their privacy and security compliance programs, we’ve heard one question more than any other: “How do I keep my data map up to date?”

There are many methods to maintaining an evergreen data map, such as with integrations and assessment automation. But emerging techniques, ones that use the OneTrust Vendor Risk Management platform in combination with our data mapping tool, are helping companies sustain an up-to-date data map and automate alerts and actions. Here’s how:

Auto-populate vendor information with Vendorpedia

Gathering information about vendors doesn’t have to require a dozen Google searches. Companies are leveraging Vendorpedia, OneTrust’s Third-Party Risk Exchange, as a quick way to auto-populate information into their data map. OneTrust aggregates critical vendor information into Vendorpedia, and with a click of a button, you can link it to your data map. This research would typically take valuable resources away from more high-priority projects. Third-party information that can be added to your data map from Vendorpedia includes:

In-depth Vendor Details: Company name, vendor contact information (phone, email, address), type of data collected, purpose of data collection, and covered entities
Certifications & Validations: Common security and privacy certificates at a vendor and service-level, such as Privacy Shield, FedRAMP, and many more
Services: All relevant services (e.g. Microsoft Azure, Microsoft Office, etc.) offered by the third-party
Controls: Using certifications and validations as guides, customers can bulk add controls to related vendors and assets within their data map

Build automated reassessment triggers

Within the OneTrust Vendor Risk Management tool, you can configure reassessment rules. These rules use triggers to send out assessments, which feed the latest information into your data map. For example, build reassessment triggers based on:

Inventory: Send assessment if an inventory item has not been updated in a set number of days
Time: Set a recurring assessment cycle based on a specific number of days
Contract Expiration: Send a risk assessment as contract expiration dates near
Last Assessment: Trigger a reassessment based on the date of the last completed assessment
Alerts: Reassess vendors based on alerts, such as a third-party data breach or regulatory change
Risk Score: Configure an assessment to send when a vendor’s risk score reaches a certain threshold

When a reassessment is sent, answers from the previous assessment are pre-populated, making the reassessment process much simpler and efficient.

Sync third-party risks with related processing activities & assets

OneTrust Vendor Risk Management and the Data Inventory & Mapping tool work in synchronicity, adding business context while helping risks tied to your data map remain accurate. Any third-party risks identified via the OneTrust Vendor Risk Management tool are linked and synced to related processing activities and assets within your data map. And as these vendor risks are mitigated, your data map updates dynamically. To summarize, risks within your data map are:

Pulled and synced directly from third-party risk assessments
Auto-associated with related processing activities and assets
Mapped to known vendor controls to simplify risks scoring
Generate an activity trail for simplified auditing

Add the latest contracts & DPAs to relevant assets and processing activities

As new laws place greater emphasis on data processing agreements (DPAs) and specific clauses in contracts, companies are seeking to ensure that processing activities fall within the scope of a contract. By leveraging OneTrust Vendor Risk Management, your team can automatically link your DPAs and contracts to processing activities within your data map. This helps your team:

Confirm processing activities fall within the scope of your contract
Hold third-party vendors accountable to their DPAs
Maintain a defensible audit posture in the event of an inquiry

Request a demo today or contact your OneTrust representative to learn more about how OneTrust Vendor Risk Management can help your company build a more complete and up-to-date data map.

Blog

How to maintain an up-to-date data map with OneTrust vendor risk management

Table of contents

Auto-populate vendor information with Vendorpedia

Build automated reassessment triggers

Sync third-party risks with related processing activities & assets

Add the latest contracts & DPAs to relevant assets and processing activities

You may also like

Third-Party Risk

Integrated risk management: Aligning third party risk across the enterprise

Join this session to explore strategies for breaking down silos, integrating risk insights, and strengthening security and compliance postures with a unified risk management approach.

May 21, 2025

Third-Party Risk

Beyond compliance: Scaling third-party risk management with automation

Join this live webinar to explore how automated vendor assessments, real-time monitoring, and compliance workflows can enhance risk insights and operational efficiency.

May 07, 2025

Third-Party Risk

Laying the foundation for effective third-party risk management

Join this webinar to discover how automation enhances third-party risk management. Learn best practices for vendor risk assessment, due diligence, and compliance.

April 30, 2025

Third-Party Risk

Navigating the U.S. DOJ Cybersecurity Rule on Cross-Border Data Transfers: Key insights & compliance strategies

Join OneTrust and Deloitte to explore the U.S. DOJ Cybersecurity Rule, key risks, and best practices for managing cross-border data transfers and ensuring compliance.

April 21, 2025

Third-Party Risk

Empowering business with Unified Data Privacy & TPRM

Join our webinar to explore actionable strategies powered by OneTrust solutions to foster collaboration across privacy and TPRM stakeholders to better support your organizations.

April 03, 2025

Third-Party Risk

Understanding the DORA: Unpacking risk and compliance requirements and best practices

Join our expert panel to explore DORA compliance post-deadline. Learn key lessons, risk challenges, and best practices for operational resilience.

April 01, 2025

Third-Party Due Diligence

Understanding and implementing APRA's CPS 230 Standard

For financial institutions in Australia, the Australian Prudential Regulation Authority’s (APRA) CPS 230 standard is a clarion call to fortify cyber resilience.

February 05, 2025

Third-Party Risk

Live Demo: Building a more resilient Third-Party Management program

Register for our live demo webinar to see how OneTrust Third-Party Management can revolutionize your third-party risk management approach.

January 30, 2025

Third-Party Risk

DORA Compliance Countdown: Are you ready?

Join us to learn more about the Digital Operational Resilience Act (DORA) and how OneTrust can help organizations research, implement, and monitor compliance at scale with DORA and other related regulations and standards like NIS2 and ISO.

January 16, 2025

Third-Party Risk

Are you ready for DORA compliance?

The Digital Operational Resilience Act (DORA) is the first regulation to oversee the security functions of financial entities across the European Union.

January 16, 2025

Third-Party Risk

Virtual Lunch and Learn: A deep dive into OneTrust's Third Party Management capabilities

Join us for a virtual Lunch & Learn session and explore how OneTrust’s Third Party Management solution can streamline your risk management processes.

December 17, 2024

Technology Risk & Compliance

The PDPL in Saudi Arabia is now in effect: is your business ready?

Join our Saudi Arabia PDPL webinar for an overview on the data protection law, its requirements, and how to prepare for full enforcement.

December 12, 2024

Third-Party Risk

Unpacking global regulatory frameworks to enhance third-party operational resilience

Register for this OneTrust webinar to learn about the relevant resilience focused requirements of DORA, NIS 2, and other global regulations.

December 11, 2024

OneTrust named a Leader in Operational Resilience Software 2024

Download this Verdantix report to learn the importance of operational resilience for your business and why OneTrust was named a leader in the space.

December 05, 2024

Technology Risk & Compliance

Understanding the NIS 2 Directive: Compliance insights and best practices

This DataGuidance webinar explores the latest and expected developments in the implementation of the NIS 2 Directive, focusing on practical compliance strategies to ensure your organization is prepared.

December 04, 2024

Third-Party Risk

Rise above risk: Third-party management in technology

This infographic gives an overview on how third-party management affects technology, growing threats, and how OneTrust Third-Party Management can help combat them.

November 21, 2024

Third-Party Risk

Live Demo: Building a more resilient Third-Party Management program

Join for a live demo of new features from OneTrust’s Fall release and understand how OneTrust Third-Party Management can revolutionize your third-party risk management approach.

November 19, 2024

Privacy Automation

Defining a new direction for data

As AI continues to offer unparalleled opportunities for business innovation, it also presents risks that organizations must tackle head-on through scalable governance programs that span multiple data sources. Six key trends are defining these challenges.

November 13, 2024

Third-Party Risk

APAC - Third-party risk management and due diligence: What’s the difference and why does it matter?

Master Third-Party Risk Management with OneTrust: Live Demo and Secrets to Success