Press Release

OneTrust Launches Vendorpedia Third-Party Risk Exchange

Scale your third-party risk program with pre-populated privacy and security profiles on over 6,000 third-party vendors in OneTrust’s Vendorpedia

March 04, 2019

Today at RSA Conference, OneTrust, the largest and most widely-used dedicated privacy management technology platform with 2,000 customers, announced Vendorpedia™, the industry’s only security and privacy third-party risk exchange, providing a single source to access detailed third-party security and privacy profiles.

The Vendorpedia Third-Party Risk Exchange is a critical element of the OneTrust Vendor Risk Management platform and empowers enterprises to access detailed profiles, retrieve pre-completed risk assessments, and monitor third-party risks over time for more than 6,000 global third-party vendors. OneTrust’s vendor risk capabilities earned the Cyber Defense Magazine Infosec Award for Best Product Vendor Risk Management, announced today at RSA.

Register for the webinar: First Look: OneTrust Launches Vendorpedia Vendor Risk Management Exchange on March 14 at 16:00 GMT/11:00am ET

Increased reliance on vendors, new privacy regulations, shifting cybersecurity threats and frequent data breaches create ongoing and complex challenges for enterprises assessing, mitigating and monitoring risks throughout the vendor risk management lifecycle. The Vendorpedia Third-Party Risk Exchange simplifies the complexities of ongoing third-party security and privacy risk identification, mitigation, and monitoring on a global scale.

Vendorpedia is the only third-party risk exchange the bridges the gap between security and privacy vendor risk, mapping to frameworks, standards and regulations including NIST, SIG, CSA CAIQ, ISO, FedRAMP, GDPR, CCPA and NYDFS Cybersecurity Regulation. Enterprises can streamline third-party vendor risk management at scale with Vendorpedia by leveraging:

Security and privacy profiles on 6,000+ third-party vendors: Instantly access a repository of third-party vendor information, including active privacy and security certifications, trust registrations, and much more.
Pre-completed and validated assessments: Quickly retrieve pre-completed assessments from third-party vendors map and support NIST, SIG, CSA CAIQ, ISO, FedRAMP, GDPR, CCPA, NYDFS Cybersecurity Regulation, and more.
Ongoing updates with third-party vendor risk monitoring: Information within third-party security and privacy profiles and answers to pre-completed assessments are continuously updated as changes occur.

Visit Vendorpedia to access privacy and security profiles of more than 6,000 third-party vendors

Since many companies work with multiple third parties without the resources to support ongoing compliance, OneTrust will work diligently with specified vendors to help accelerate risk assessment time-to-completion with ongoing managed services, including:

Self Attestation: Third–party vendors complete and self-attest to the validity of their pre–completed assessment.
Automated Validation: OneTrust, via a risk identification algorithm, will validate that risk assessment answers are fully completed and relevant.
Onsite & Remote Audit: Request a remote or onsite audit directly through the exchange, performed by our extensive global network of auditing partners.

“Vendorpedia is the first and only third-party risk exchange that brings together the information both security and privacy professionals need for the complete vendor lifecycle,” said Kabir Barday, OneTrust CEO and Fellow of Information Privacy (FIP). “We built Vendorpedia with our world-class privacy and security research expertise to be a scalable, automated and user-friendly solution for security, IT, privacy and procurement professionals alike to tackle the complex and changing third-party vendor risk management lifecycle.”

Learn more about OneTrust Vendor Risk Management at RSA Conference, booth #4236. Hear OneTrust discuss “From GDPR to California Privacy: Managing Cloud Vendor Risk” at the CSA Summit at RSA Conference on Monday, March 4 at 10:55 AM PDT in Moscone South Second Floor.

For additional information, or to request a live OneTrust Privacy Management Software demo, visit OneTrust.com or email Info@OneTrust.com.

Resources:

Register for the webinar: First Look: OneTrust Launches Vendorpedia Vendor Risk Management Exchange on March 14 at 16:00 GMT/11:00am ET
Learn more and watch a video about Vendorpedia
Download the Vendor Risk Management Handbook
Read about OneTrust Vendor Risk Management
Access the Ovum report: OneTrust accelerates vendor risk capabilities with CSA partnership

OneTrust, Vendorpedia, PrivacyConnect and PrivacyTech are registered trademarks or trademarks of OneTrust LLC in the United States and other jurisdictions.

About OneTrust

OneTrust is the largest and most widely used dedicated privacy management technology platform for compliance with global privacy laws. More than 2,000 customers, including 200 of the Global 2,000, use OneTrust to comply with global data privacy regulations across sectors and jurisdictions, including the EU GDPR, California Consumer Privacy Act (CCPA), ePrivacy (Cookie Law) and more.

 OneTrust helps organizations implement global privacy requirements, including Data Protection by Design and Default (PbD), Data Protection Impact Assessments (PIA/DPIA), Vendor Risk Management, Incident and Breach Management, Records of Processing (Data Mapping), Consent Management, Cookie Consent Banners, GDPR Data Subject Rights and CCPA Consumer Rights.

 The comprehensive platform enables privacy and security teams automate recordkeeping and demonstrate compliance to regulators and auditors through a combination of intelligent scanning, regulator guidance-based questionnaires, automated workflows and developer plugins. Consumer-facing modules empower marketers to create on-brand experiences for users to customize and manage privacy and marketing preferences. The platform is enriched with content from hundreds of templates based on world-class privacy research conducted by our 300+ in-house certified privacy professionals. The software, available in 50+ languages and can be deployed in the cloud or on-premise. 

 The OneTrust Global Privacy Community brings together thousands of professionals each year to share best practices and breakdown the latest technology innovations driving global privacy compliance. Events include PrivacyConnect, free workshops in 80+ international cities focused on practical implementation of global privacy laws and PrivacyTech, OneTrust’s global user conference.

 OneTrust is co-headquartered in Atlanta and in London with additional offices in Bangalore, Melbourne, Munich and Hong Kong. The fast-growing team of privacy and technology experts surpasses 600 employees worldwide. To learn more, visit OneTrust.com or connect on LinkedIn, Twitter and Facebook.

Press Release

OneTrust Launches Vendorpedia Third-Party Risk Exchange

You may also like

Third-Party Risk

OneTrust Using OneTrust: Managing third parties & vendors

Our Chief Information Security Officer (CISO) department's approach to assessing and mitigating third-party risks using our platform.

July 09, 2025

Technology Risk & Compliance

Unifying third-party and tech risk in an AI-driven world

Join our webinar to learn how risk and security leaders are aligning third-party and tech risk for scalable, AI-ready compliance programs.

July 08, 2025

Third-Party Risk

DORA: Evidencing compliance with minimal effort

Join Protiviti and OneTrust where we’ll explore how to evidence DORA compliance effectively and with minimal effort. You’ll gain practical advice on aligning your third-party risk program to regulatory expectations—without slowing down innovation.

June 17, 2025

Third-Party Risk

Data privacy compliance and Third-Party Risk Management: A unified approach

These days, organizations are required to safeguard their customer data and comply with privacy regulations — a task that becomes even more challenging with the increase in third-party relationships.

May 23, 2025

Third-Party Risk

OneTrust Digital Operational Resilience Act DORA demo video

Discover how OneTrust helps financial institutions comply with the DORA regulation by streamlining ICT risk and third-party management at scale.

May 22, 2025

Third-Party Risk

Integrated risk management: Aligning third party risk across the enterprise

Join this session to explore strategies for breaking down silos, integrating risk insights, and strengthening security and compliance postures with a unified risk management approach.

May 21, 2025

Third-Party Risk

Spring 2025 product release for third-party management

OneTrust’s spring 2025 product release introduces three powerful features designed to accelerate contextual risk visibility by streamlining third-party risk assessment processes.

May 09, 2025

Third-Party Risk

Beyond compliance: Scaling third-party risk management with automation

Join this live webinar to explore how automated vendor assessments, real-time monitoring, and compliance workflows can enhance risk insights and operational efficiency.

May 07, 2025

Third-Party Risk

Laying the foundation for effective third-party risk management

Join this webinar to discover how automation enhances third-party risk management. Learn best practices for vendor risk assessment, due diligence, and compliance.

April 30, 2025

Third-Party Risk

Navigating the U.S. DOJ Cybersecurity Rule on Cross-Border Data Transfers: Key insights & compliance strategies

Join OneTrust and Deloitte to explore the U.S. DOJ Cybersecurity Rule, key risks, and best practices for managing cross-border data transfers and ensuring compliance.

April 21, 2025

Third-Party Risk

Empowering business with Unified Data Privacy & TPRM

Join our webinar to explore actionable strategies powered by OneTrust solutions to foster collaboration across privacy and TPRM stakeholders to better support your organizations.

April 03, 2025

Third-Party Risk

Understanding the DORA: Unpacking risk and compliance requirements and best practices

Join our expert panel to explore DORA compliance post-deadline. Learn key lessons, risk challenges, and best practices for operational resilience.

April 01, 2025

Third-Party Due Diligence

Understanding and implementing APRA's CPS 230 Standard

For financial institutions in Australia, the Australian Prudential Regulation Authority’s (APRA) CPS 230 standard is a clarion call to fortify cyber resilience.

February 05, 2025

Third-Party Risk

Live Demo: Building a more resilient Third-Party Management program

Register for our live demo webinar to see how OneTrust Third-Party Management can revolutionize your third-party risk management approach.

January 30, 2025

Third-Party Risk

DORA Compliance Countdown: Are you ready?

Join us to learn more about the Digital Operational Resilience Act (DORA) and how OneTrust can help organizations research, implement, and monitor compliance at scale with DORA and other related regulations and standards like NIS2 and ISO.

January 16, 2025

Third-Party Risk

Are you ready for DORA compliance?

The Digital Operational Resilience Act (DORA) is the first regulation to oversee the security functions of financial entities across the European Union.

January 16, 2025

Third-Party Risk

Virtual Lunch and Learn: A deep dive into OneTrust's Third Party Management capabilities

Join us for a virtual Lunch & Learn session and explore how OneTrust’s Third Party Management solution can streamline your risk management processes.

December 17, 2024

Technology Risk & Compliance

The PDPL in Saudi Arabia is now in effect: is your business ready?

Join our Saudi Arabia PDPL webinar for an overview on the data protection law, its requirements, and how to prepare for full enforcement.

December 12, 2024

Third-Party Risk

Unpacking global regulatory frameworks to enhance third-party operational resilience

Register for this OneTrust webinar to learn about the relevant resilience focused requirements of DORA, NIS 2, and other global regulations.

December 11, 2024

OneTrust named a Leader in Operational Resilience Software 2024