Press Release

OneTrust Launches Vendorpedia Third-Party Risk Exchange

Scale your third-party risk program with pre-populated privacy and security profiles on over 6,000 third-party vendors in OneTrust’s Vendorpedia

March 04, 2019

Today at RSA Conference, OneTrust, the largest and most widely-used dedicated privacy management technology platform with 2,000 customers, announced Vendorpedia™, the industry’s only security and privacy third-party risk exchange, providing a single source to access detailed third-party security and privacy profiles.

The Vendorpedia Third-Party Risk Exchange is a critical element of the OneTrust Vendor Risk Management platform and empowers enterprises to access detailed profiles, retrieve pre-completed risk assessments, and monitor third-party risks over time for more than 6,000 global third-party vendors. OneTrust’s vendor risk capabilities earned the Cyber Defense Magazine Infosec Award for Best Product Vendor Risk Management, announced today at RSA

Register for the webinar: First Look: OneTrust Launches Vendorpedia Vendor Risk Management Exchange on March 14 at 16:00 GMT/11:00am ET 

Increased reliance on vendors, new privacy regulations, shifting cybersecurity threats and frequent data breaches create ongoing and complex challenges for enterprises assessing, mitigating and monitoring risks throughout the vendor risk management lifecycle. The Vendorpedia Third-Party Risk Exchange simplifies the complexities of ongoing third-party security and privacy risk identification, mitigation, and monitoring on a global scale.  

Vendorpedia is the only third-party risk exchange the bridges the gap between security and privacy vendor risk, mapping to frameworks, standards and regulations including NIST, SIG, CSA CAIQ, ISO, FedRAMP, GDPR, CCPA and NYDFS Cybersecurity Regulation. Enterprises can streamline third-party vendor risk management at scale with Vendorpedia by leveraging: 

  • Security and privacy profiles on 6,000+ third-party vendors: Instantly access a repository of third-party vendor information, including active privacy and security certifications, trust registrations, and much more. 
  • Pre-completed and validated assessments: Quickly retrieve pre-completed assessments from third-party vendors map and support NIST, SIG, CSA CAIQ, ISO, FedRAMP, GDPR, CCPA, NYDFS Cybersecurity Regulation, and more.  
  • Ongoing updates with third-party vendor risk monitoring: Information within third-party security and privacy profiles and answers to pre-completed assessments are continuously updated as changes occur. 

Visit Vendorpedia to access privacy and security profiles of more than 6,000 third-party vendors

Since many companies work with multiple third parties without the resources to support ongoing compliance, OneTrust will work diligently with specified vendors to help accelerate risk assessment time-to-completion with ongoing managed services, including:

  • Self Attestation: Third–party vendors complete and self-attest to the validity of their pre–completed assessment. 
  • Automated Validation: OneTrust, via a risk identification algorithm, will validate that risk assessment answers are fully completed and relevant.  
  • Onsite & Remote Audit: Request a remote or onsite audit directly through the exchange, performed by our extensive global network of auditing partners.

“Vendorpedia is the first and only third-party risk exchange that brings together the information both security and privacy professionals need for the complete vendor lifecycle,” said Kabir Barday, OneTrust CEO and Fellow of Information Privacy (FIP). “We built Vendorpedia with our world-class privacy and security research expertise to be a scalable, automated and user-friendly solution for security, IT, privacy and procurement professionals alike to tackle the complex and changing third-party vendor risk management lifecycle.”

Learn more about OneTrust Vendor Risk Management at RSA Conference, booth #4236. Hear OneTrust discuss “From GDPR to California Privacy: Managing Cloud Vendor Risk” at the CSA Summit at RSA Conference on Monday, March 4 at 10:55 AM PDT in Moscone South Second Floor. 

For additional information, or to request a live OneTrust Privacy Management Software demo, visit or email


  • Register for the webinar: First Look: OneTrust Launches Vendorpedia Vendor Risk Management Exchange on March 14 at 16:00 GMT/11:00am ET 
  • Learn more and watch a video about Vendorpedia  
  • Download the Vendor Risk Management Handbook  
  • Read about OneTrust Vendor Risk Management 
  • Access the Ovum report: OneTrust accelerates vendor risk capabilities with CSA partnership

 OneTrust, Vendorpedia, PrivacyConnect and PrivacyTech are registered trademarks or trademarks of OneTrust LLC in the United States and other jurisdictions.  


About OneTrust

OneTrust is the largest and most widely used dedicated privacy management technology platform for compliance with global privacy laws. More than 2,000 customers, including 200 of the Global 2,000, use OneTrust to comply with global data privacy regulations across sectors and jurisdictions, including the EU GDPR, California Consumer Privacy Act (CCPA), ePrivacy (Cookie Law) and more. 

 OneTrust helps organizations implement global privacy requirements, including Data Protection by Design and Default (PbD), Data Protection Impact Assessments (PIA/DPIA), Vendor Risk Management, Incident and Breach Management, Records of Processing (Data Mapping), Consent Management, Cookie Consent Banners, GDPR Data Subject Rights and CCPA Consumer Rights. 

 The comprehensive platform enables privacy and security teams automate recordkeeping and demonstrate compliance to regulators and auditors through a combination of intelligent scanning, regulator guidance-based questionnaires, automated workflows and developer plugins. Consumer-facing modules empower marketers to create on-brand experiences for users to customize and manage privacy and marketing preferences. The platform is enriched with content from hundreds of templates based on world-class privacy research conducted by our 300+ in-house certified privacy professionals. The software, available in 50+ languages and can be deployed in the cloud or on-premise. 

 The OneTrust Global Privacy Community brings together thousands of professionals each year to share best practices and breakdown the latest technology innovations driving global privacy compliance. Events include PrivacyConnect, free workshops in 80+ international cities focused on practical implementation of global privacy laws and PrivacyTech, OneTrust’s global user conference. 

 OneTrust is co-headquartered in Atlanta and in London with additional offices in Bangalore, Melbourne, Munich and Hong Kong. The fast-growing team of privacy and technology experts surpasses 600 employees worldwide. To learn more, visit or connect on LinkedInTwitter and Facebook

You may also like


Ethics Program Management

Ethics Exchange: Risk assessments

Join our risk assessments experts as we discuss best practices, program templates, and how provide an assessment that provides the best value for your organization.

October 25, 2023

Learn more


Third-Party Risk

5 Ways to save time when assessing third parties for privacy and security risks webinar

Join our webinar and learn how to save time and streamline third-party risk assessment throughout the TPRM lifecycle.

October 25, 2023

Learn more


Third-Party Risk

Live demo: Building your third-party risk management program with OneTrust

Explore how OneTrust can help you build an efficient third-party risk management program that streamlines manual processes and uncovers hidden risks.

September 28, 2023

Learn more