Each week OneTrust hosts industry experts to discuss the latest privacy, security, data governance, and compliance updates, trends, and developments in the world via LinkedIn Live. In this session, Kabir Barday, CEO of OneTrust, was joined by Scott Bridgen, Offering Manager of OneTrust GRC, to discuss what is OneTrust GRC.
Watch the LinkedIn Live now: What is OneTrust GRC
As a Governance, Risk, and Compliance (GRC) professional with over 20 years of experience, Scott is well versed in today’s market drivers and challenges. Scott, having met Kabir several years ago at a privacy conference, explains how he saw a natural progression in expanding OneTrust’s privacy technology to the GRC landscape.
“Privacy is intrinsically part of GRC, however, on the heels of the GDPR, we saw each component become more siloed,” he said. “Now that time has passed, businesses are beginning to realize that both privacy and GRC must work hand-in-hand to support operations.”
Kabir elaborated on this and explained how GRC is a broad concept and privacy is just part of this. Specifically, when privacy regulations came about, the requirements to operationalize privacy were more complex than what a legacy GRC tool could support (e.g., consent and preference management, data subject access rights requests). As a result, there was an entire technology market built around privacy management. As privacy practices and business programs continue to mature, organizations realize that using two tools means you are inputting data in two separate systems. Understanding what is GRC, as a privacy professional will ultimately help you understand where common objectives can align for better business insights.
Follow OneTrust GRC on LinkedIn to receive notifications for upcoming LinkedIn Live events.
What’s more, organizations can’t effectively leverage advanced technology such as AI or machine learning for predictive analytics when using two systems. Maturing programs invested in AI require a common ontology that can map the latest data updates to adequality gain insights.
Simply put, “The beauty of implementing a technology platform that progresses from privacy to GRC is that you have a helicopter view of your data handling operations, so incidents are less likely to happen,” said Scott.
What is OneTrust GRC and how does it help InfoSec professionals? Scott explained that solutions consists of sets of modules specifically built to tackle information security challenges. He did so by using a car as an analogy.
“Our IT and Security Risk Management solution drives the GRC platform and acts as the engine of the car. It gives you the ability to take the privacy information that you’ve already recorded in OneTrust and put a different lens on it.”
For example, you can look at it from a cybersecurity perspective to track initiatives, and apply mitigating risk controls. Or you can look at it from an IT risk perspective which brings together privacy and security while providing more business context on things like whether you’ll hit quota for the quarter or if your customers are satisfied. Depending on your business or role, GRC may mean different things. Your organization may evaluate what GRC is as it relates to regulatory compliance, IT Risk, and more depending on your maturity.
Related: Check out the OneTrust GRC product suite
Scott continues to explain how OneTrust’s Policy Management solution acts as the seats of the car.
“Policy management entails the documentation, distribution, attestation, and management of policies which fall nicely within the GRC suite of solutions. Beyond that, we have Audit Management which is someone coming and checking that the car is operating safely. Next is vendor risk which is optional, but oftentimes important, and entails someone not only checking within the car but around the car. Last is incident management, someone who comes in to fix your car which there’s an issue,” added Scott.
So, what is OneTrust GRC? Ultimately, OneTrust GRC is a mean driving machine that provides privacy and security professionals with a single platform to streamline and automate operations.
2020 has been a compelling year and OneTrust is taking GRC further than ever before by placing an emphasis on trust.
“The reason companies invest in privacy is because they want to be more trusted,” concludes Kabir. “If we think about privacy and security as a means to the end, and the end being trust, that helps us look at the OneTrust platform more broadly.”
In a final note, Scott explains how the big picture goes beyond privacy and GRC. Business should be creating a framework for trust or trust-by-design. When a business does this and combines people, processes, and technology to adequately handle fundamental data, they demonstrate to customers, employees, and vendors that they’re a trustworthy company and worth doing business with.