Press Release

OneTrust GRC Launches Two New Tools to Support ISMS Programs

OneTrust GRC Audit Management and Policy Management solutions help automate agile GRC programs

May 07, 2020

OneTrust today launched two new products to support organizations in establishing ISO compliance and ISMS programs: OneTrust GRC Audit Management and Policy Management. The solutions help organizations power a proactive, risk-based approach to auditing while streamlining policy development, distribution and enforcement.

Register for the webinar: First Look | A Complete ISMS Solution – Audit Management & Policy Management taking place on May 14 at 11:00 AM EST / 4:00 PM GMT

OneTrust GRC customers can leverage both Audit Management and Policy Management to reinforce consistent security and operational controls across their business. Combined with OneTrust’s existing Vendor Risk Management as well as IT & Security Risk Management solutions, teams can holistically manage ISMS programs, contribute to maintaining compliance and improve their risk posture for ISO requirements and more.

“OneTrust has managed to do something quite unusual in the GRC space: they’ve underpromised, and overdelivered. We use other OneTrust products heavily within our organization, so it was an easy choice to begin evaluating their new GRC platform and functionality.” – Security and Risk Management Professional at a $30B+ media company review on Gartner Peer Insights platform.

Power a proactive, risk-based to approach to auditing with OneTrust GRC Audit Management

Audit is traditionally a siloed and manual function compromised of “check-the-box” exercises. It’s important for the validity of an audit to have timely and complete information for an investigation.

OneTrust GRC’s Audit Management gives customers the data access and context needed to take a proactive risk-based audit approach. Leveraging the OneTrust Athena AITM and robotic process automation technology, the Audit Management solution helps organizations access real time data, prioritize actions, and execute previously manual tasks. Using Audit Management, customers can review audit-ready control and risk records in line with their systems, processes, and data stored across departments or engage directly with stakeholders for further evidence collection and interviews. Key product features include:

  • Define Audit Scope: Select risk or framework, leverage a templated audit plan to collect data, measure progress along a workflow, and assign an auditor.
  • Test Control Design & Effectiveness: Review control implementation, engage stakeholders, and access a dynamic record of activity.
  • Consolidate Findings: Review historical audit findings, collect evidence and summarize recommendations.
  • Apply Recommendations: Revise risk scores, prioritize actions, and schedule future audits.

Streamline policy development, distribution, and enforcement with OneTrust GRC Policy Management

The static nature of document repositories has long been the nature of policy management for both mature and growing organizations. This creates several challenges, first with drafting initial content, measuring distribution, consistently auditing practices and actioning recommended improvements.

OneTrust GRC’s Policy Management streamlines policy development and distribution to educate stakeholders and align corporate policies with IT, security, and operational controls. Policy Management helps organizations collaborate across teams to draft policies, measure distribution, and monitor ongoing compliance with both external regulations and internal corporate rules. Key product features include:

  • Store & Author Policies: Centralize efforts to develop internal guidelines throughout your the organization.
  • Align to Controls & Regulatory Standards: Measure and monitor compliance and business practices.
  • Facilitate Collaboration & Control Distribution: Designate role-based access to enable authors, collaborators and others to engage along a guided workflow.
  • Enhance Policy Enforcement & Attestation: Confirm receipt and measure understanding with dynamic questionnaire and knowledge testing exercises.

Register for the webinar: First Look | A Complete ISMS Solution – Audit Management & Policy Management taking place on May 14 at 11:00 AM EST / 4:00 PM GMT

“Creating a cohesive ISO and ISMS compliance program is imperative for successful GRC operations,” said Kabir Barday, OneTrust CEO. “By introducing two new tools built on our agile GRC platform, combined with our existing Vendor Risk Management and IT & Security Risk Management solutions, OneTrust uniquely positions us to meet the distinct needs of ISMS programs. We remain committed to innovating flexible technology solutions that organizations can grow into, not out of.”

To learn more or to request a live OneTrust GRC demo, visit or email


Gartner Disclosure

Gartner Peer Insights reviews constitute the subjective opinions of individual end users based on their own experiences and do not represent the views of Gartner or its affiliates.


About OneTrust GRC

OneTrust GRC enables risk, compliance and audit professionals to identify, measure, and remediate risk across their business to comply with internal rules and external regulations. With OneTrust GRC, companies can seamlessly integrate risk management into their day to day activities.

OneTrust GRC is a part of OneTrust, the #1 most widely used privacy, security and third-party risk platform used by more than 5,000 customers and powered by 75 awarded patents. OneTrust GRC is powered by the OneTrust Athena™ AI and robotic automation engine, and integrates seamlessly with the full OneTrust platform, including OneTrust Privacy Management Software, OneTrust Vendorpedia™, OneTrust PreferenceChoice™, OneTrust Ethics, OneTrust DataGuidance™, and OneTrust DataDiscovery™.

To learn more, visit or connect on LinkedIn.

You may also like


Third-Party Risk

5 Ways to save time when assessing third parties for privacy and security risks webinar

Join our webinar and learn how to save time and streamline third-party risk assessment throughout the TPRM lifecycle.

October 25, 2023

Learn more


Third-Party Risk

Live demo: Building your third-party risk management program with OneTrust

Explore how OneTrust can help you build an efficient third-party risk management program that streamlines manual processes and uncovers hidden risks.

September 28, 2023

Learn more


Third-Party Risk

Live Demo EMEA: How OneTrust can help advance your third-party risk management program

Join us for a live demo of OneTrust's third-party risk management solution and see how it can help automate and streamline your TPRM program.

September 19, 2023

Learn more