Press Release

OneTrust and the Cloud Security Alliance Announce Strategic Partnership to Make Vendor Risk Assessme

OneTrust and CSA will partner to provide CSA members with a free Vendor Risk Assessment Online Platform, with built-in translated Consensus Assessment (CAIQ), Common Controls Matrix and GDPR code of conduct templates

October 08, 2018

Today at PrivacyTECH, the leading event for privacy technology, OneTrust and the Cloud Security Alliance (CSA) announced a strategic partnership to equip the over 80,000 CSA members with the resources and tools needed for GDPR and global privacy law compliance. As a part of the partnership, OneTrust will offer CSA members a free Vendor Risk Assessment Online Platform with built-in CSA Consensus Assessment CAIQ, CSA Common Controls Matrix, and CSA GDPR code of conduct templates translated into a number of languages common in the European Union. OneTrust is also a founding member of the recently-announced Cloud Security Alliance GDPR Centre of Excellence.

The GDPR and other global privacy laws hold companies and their vendors jointly liable, resulting in an increased focus on vendors’ data protection and compliance policies. OneTrust and CSA’s partnership will equip vendor members of the CSA with the tools and resources required to achieve and maintain GDPR compliance in three main ways:

  • OneTrust will offer CSA members a free version of the OneTrust Vendor Risk Assessment module via an online platform. The SaaS edition of the OneTrust platform will provide vendor risk assessment automation capabilities using the CSA CAIQ framework, self-assessment and attestation capabilities using the CSA GDPR Code of Conduct, and built-in CSA Common Controls Matrix (CCM).
  • OneTrust will translate the CSA CAIQ, CCM, and GDPR code of conduct templates into a number of languages, including Danish, Dutch, French, German, Italian, Japanese, Portuguese, Romanian, Spanish, Swedish. These translated templates will better equip CSA members to operate in local markets.
  • OneTrust will serve as a founding member of the Cloud Security Alliance GDPR Centre of Excellence and on the advisory board, playing an active role in the CSA’s strategy in Europe and the roadmap of CSA’s GDPR capabilities.

Related: OneTrust Joins Cloud Security Alliance to Simplify Vendor Risk Management for GDPR Compliance

“Our continued partnership with OneTrust will provide our members the tools and resources they need to maintain successful GDPR and privacy programmes,” said Jim Reavis, CEO, Cloud Security Alliance. “We’re excited to empower our members with their market-leading Vendor Risk Assessment module and give our members access to translated templates leveraging OneTrust’s in-house global privacy translations team. Together we are enabling cloud vendors to maintain compliance and be successful across GDPR and other global privacy laws.”

“We’re proud to build upon our partnership with the CSA and provide their members with new resources for successful privacy and security teams,” said Kabir Barday, OneTrust CEO and Fellow of Information Privacy (FIP). “Together we can provide members and customers with the industry’s best in vendor risk management tools and templates for GDPR and global privacy law compliance.”

CSA members will have access to the platform and translated templates rolling out starting this month, October 2018.

For additional information, or to request a live OneTrust Privacy Management Software demo, visit or email


About Cloud Security Alliance

The Cloud Security Alliance (CSA) is the world’s leading organization dedicated to defining and raising awareness of best practices to help ensure a secure cloud computing environment. CSA harnesses the subject matter expertise of industry practitioners, associations, governments, and its corporate and individual members to offer cloud security- specific research, education, certification, events and products. CSA’s activities, knowledge and extensive network benefit the entire community impacted by cloud — from providers and customers, to governments, entrepreneurs and the assurance industry — and provide a forum through which diverse parties can work together to create and maintain a trusted cloud ecosystem.


About OneTrust

OneTrust is the global leader in privacy management and marketing compliance software. More than 1,500 customers, including 200 of the Global 2,000, use OneTrust to comply with global data privacy regulations across sectors and jurisdictions, including the EU GDPR, ePrivacy (Cookie Law) and California Consumer Privacy Act. An additional 10,000 organisations use OneTrust’s technology through a partnership with the International Association of Privacy Professionals (IAPP), the world’s largest global information privacy community.

The comprehensive platform is based on a combination of intelligent scanning, regulator guidance-based questionnaires, automated workflows and developer plugins used together to automatically generate the record keeping required for an organisation to demonstrate compliance to regulators and auditors. The platform is enriched with content from hundreds of templates based on the world-class privacy research conducted by our 300+ in-house certified privacy professionals.

The software, available in 50+ languages, is backed by 28 awarded patents and can be deployed in an EU cloud or on-premise.

OneTrust helps organisations implement GDPR requirements, including Data Protection by Design and Default (PbD), Data Protection Impact Assessments (PIA/DPIA), Vendor Risk Management, Incident and Breach Management, Records of Processing (Data Mapping), Consent Management, ePrivacy Cookie Consent, Data Subject Access Rights, Portability and Right to Be Forgotten, as well as demonstrating accountability and compliance.

PrivacyConnect, OneTrust’s GDPR community, hosts free workshops in 85 international cities, and is attended by thousands of privacy professionals to share best practices.

PrivacyTech, OneTrust’s global user conference, is taking place 8-10 October in London. OneTrust PrivacyTECH brings together privacy professionals breakdown the latest technology innovations driving global privacy compliance.

OneTrust is co-headquartered in Atlanta, GA and in London, UK, with additional offices in Bangalore, Melbourne, Munich and Hong Kong. The fast-growing team of privacy and technology experts surpasses 500 employees worldwide. To learn more, visit

You may also like


Third-Party Risk

Staying vigilant: 7 practical tips for ongoing third-party risk monitoring

In this webinar, we'll share seven practical tips for effective third-party risk monitoring, helping you to identify new risks and take timely action to protect your business.

August 02, 2023

Learn more


Third-Party Risk

Automating third-party management workflows: 5 ways to drive alignment across teams

Join us as we explore how automating third-party management workflows streamlines processes, drives alignment across teams, and reduces reduntant work.

July 19, 2023

Learn more


Third-Party Risk

Are your third parties a privacy compliance liability? 5 tips to reduce your exposure

Join our webinar and learn how to create an effective, privacy-focused third-party risk management (TPRM) program that streamlines recordkeeping and reduces your risk exposure.

July 05, 2023

Learn more