Introducing OneTrust GRC’s Audit & Policy Management

Navigating risk and upholding information security management system (ISMS) programs across an organization relies heavily on the ability to streamline and execute on internal audits and policy management operations.

On one hand, GRC teams face unique challenges in maintaining and objective and independent perspective, while also needing to engage the business to collect authentic and timely information for a valid investigation. On the other hand, GRC teams face challenges in streamlining the development, distribution and enforcement of policies across the organizations.

OneTrust today announced two new solutions to help manage these challenges and maintain ISMS success: Audit Management and Policy Management. OneTrust GRC customers can leverage both new solutions to reinforce consistent security and operational controls across their business. Combined with the IT & Security Risk Management product, teams can holistically contribute to maintaining compliance and improving their risk posture for ISO requirements and more.

To learn more about OneTrust GRC’s new solutions register for the webinar: First Look | A Complete ISMS Solution – Audit Management & Policy Management taking place on May 14 at 11:00 AM EST / 4:00 PM GMT

What is OneTrust GRC Audit Management?

OneTrust GRC Audit Management is designed to support the planning, execution and reporting for internal audits. By integrating across the traditional three lines of defense within an organization, the OneTrust Audit Management tool helps to streamline auditing efforts without interrupting everyday activities.

How does OneTrust GRC Audit Management work?

OneTrust GRC Audit Management gives customers the data access and context needed to take a proactive risk-based audit approach. Leveraging the OneTrust Athena AI^TM and robotic process automation technology, Audit Management helps organizations access real time data, prioritize actions, and execute previously manual tasks. Using Audit Management, customers can review audit-ready control and risk records in line with their systems, processes, and data stored across departments or engage directly with stakeholders for further evidence collection and interviews. Key product features include:

Define Audit Scope
Streamline Audit Execution and Response
Test Control Strength and Design
Consolidate and Document Findings

What is OneTrust Policy Management?

Policy Management is designed to support both the development and distribution of internal and public-facing policies across your organization. Companies can streamline, structure, and organize processes to create and publish policies across departments. Organizations have flexible options to operate within a single platform to author, review, and collaborate on policy development or integrate into third-party document repositories. Policy Management goes beyond just publishing policies, by automating policy distribution and measuring attestation to confirm both receipt and understanding.

How does OneTrust Policy Management work?

Policy Management streamlines policy development and distribution to educate stakeholders and align corporate policies with IT, security, and operational controls. Policy Management helps organizations collaborate across teams to draft policies, measure distribution, and monitor ongoing compliance with both external regulations and internal corporate rules. Key product features include:

Store & Author Policies
Align to Controls & Regulatory Standards
Facilitate Collaboration & Control Distribution
Enhance Policy Enforcement & Attestation

How do these two new solutions for ISMS compliance fit into the broader OneTrust platform?

Audit Management and Policy Management integrate across the entire OneTrust platform and power different use cases and compliance obligations across an organization. Users can embed compliance initiatives from evolving privacy and security standards into their policy verbiage to communicate requirements in terms of practical business application, as well as test or audit controls to measure practices in process.

Resources: