OneTrust, the market-defining leader for trust intelligence, today announced new enhancements across the Trust Intelligence Platform, the first platform designed to help companies manage trust across privacy, risk, ethics, and environmental and social governance (ESG) and sustainability. These latest innovations give customers the visibility, control, intelligence, and efficiency needed to make trust a competitive advantage.
“Trust is quickly becoming a top priority for business leaders, and they are looking for a whole new level of automation to scale their programs,” said Blake Brannon, chief product and strategy officer at OneTrust. “OneTrust took a bold step to deliver the world’s first Trust Intelligence Platform that enables customers to operationalize privacy management and data ethics, remain resilient with robust governance and third-party risk management, drive a speak-up culture rooted in ethical practices, and demonstrate progress against ESG and sustainability commitments.”
Brannon added, “Organizations of all sizes are increasingly needing to be more transparent about each of these trust indices as a critical enabler for their top line growth as a business. Our continued innovation and cloud-native platform allow us to remain unique in the comprehensiveness of our solutions and depth of capabilities we’re enabling for our customers. This gives organizations a strategic advantage through scale, automation, and transparency.”
The Trust Intelligence Platform is the first in a new software category to break down siloes across privacy, GRC, ethics, and ESG to offer the visibility, action, and accountability organizations need to generate a centralized understanding of business trust. OneTrust continues to advance the flagship Trust Intelligence Platform:
- Platform-wide OneTrust insights and analytics: As every organization becomes more data-driven, privacy, marketing, and security teams can leverage new reporting and decision-making capabilities with OneTrust Insights and Analytics on the Trust Intelligence Platform. Solution-based dashboards can be viewed across multiple risk domains to monitor programs, generate actionable insights, and break down siloes between workstreams for a unified view of the business.
As five new state privacy laws come into effect in the United States in 2023, new innovations help customers beat regulatory complexity and build holistic privacy programs that encompass cross-regulation frameworks and best practices:
- Out-of-the-box regulatory content and support: Comprehensive privacy program management capabilities help further streamline requirements with new laws, such as CTDPA and UCPA in the United States and APPI in Japan, including out-of-the-box templates for managing risk, record keeping, and subject rights and deletion requests.
- Improved response deadline accuracy: Customers can pause the countdown for data subject right to appeal request and response deadlines.
- Cross-border data transfers: Improved support allows teams to capture specific details of a data transfer and classify the legal basis for each set of data elements, as well as the ability to model and calculate the risk of transfers.
- Data deletion: Customers can set up data deletion of personal data based on consent withdrawal or data subject rights requests to comply with new privacy guidelines. Updates to hundreds of data retention schedules enable users to validate compliance with internal data retention policies.
OneTrust continues to enhance its privacy management, data governance, and consent and preferences solutions allowing customers to gain regulatory agility, improve data quality, and enable trusted data use:
- Intelligent consent and data policy management: Dynamic governance and management enable companies with a highly flexible consent management solution that can be configured based on where, how, and for what purpose consumer consent needs to be collected. Customers can also merge multiple identities into a single source of truth to prevent the creation of duplicate data subjects and disparate audit records, reduce database costs, and ensure communications preferences are respected.
- New data discovery risk insights: A single-pane-of-glass experience allows users to gain visibility into the sensitive data housed throughout their organization, including personal and sensitive information, and obsolete and trivial data. Dynamic insights allow users to report on sensitive data where it does not belong, as well as violations of retention and access policies. Users can leverage AI-based classifiers to tag data and take action to remediate violations via out-of-the-box and custom integrations, and reference regulatory guidance to meet compliance obligations.
- Improved Google data safety mobile app report: Coverage has doubled, with more than 800 SDK detectors minimizing risk by validating actual data. To simplify Google Data Safety Requirements, users can export mobile app metadata in a spreadsheet from the mobile app scanner, pre-formatted for direct upload when publishing on Google Play.
As the global threat landscape evolves, automation helps customers more efficiently manage certification for and compliance with increasingly complex security standards, as well as scale their risk management programs to keep pace with fast-expanding IT ecosystems:
- Automate evidence collection for ISO certifications: Certification Automation dramatically reduces the time and manual effort required to achieve certification, prepare for third-party audits, and prove compliance across ISO 27001 and adjacent security and privacy frameworks, including to the new ISO 27001:2022 standard.
- Risk lifecycle and aggregation improvements: With expanded risk automation, customers can better manage and remediate risk with new capabilities to streamline the risk lifecycle, including enhanced risk assessments, custom risk workflows, and risk lifecycle automation. With engagement risk quantification and reporting for Third-Party Risk Management, users can now calculate risk at an individual engagement level, and aggregate as factors into the overall Vendor Risk Score.
OneTrust also unveiled multiple integrations, providing companies with the analytics and intelligence to more accurately measure and address third-party risk and drive trusted supply chains:
- Cybersecurity and supplier ESG ratings available in the Third-Party Risk Exchange: A new integration with RiskRecon, a Mastercard Company, makes cybersecurity ratings available out-of-the-box to all Third-Party Risk Exchange customers. Cybersecurity ratings from SecurityScorecard help customers determine the cyber risk posture of third-parties. ISS scores available within the Third-Party Risk Exchange enable companies to understand external cybersecurity risk posture with the ISS Cyber Risk Score, and how companies can manage ESG risks through the ISS ESG rating.
- Contract lifecycle management: Through an integration with Ironclad, customers can better understand contract risk by increasing oversight control, streamlining approvals, reducing workflow complexity, and generating data-driven insights to improve business processes.
- New third-party due diligence capabilities: Ethics and compliance teams can now leverage data from Dow Jones on the OneTrust Third-Party Due Diligence platform to drive a more trusted supply chain. Customers can identify ethics and compliance violations among partners and stay up to date with ongoing monitoring.
Customers can also drive more effective ethics and compliance programs with a higher level of transparency and accountability:
- Improved ethics and compliance disclosure and policy management: Ethics and Compliance teams can strengthen their programs with automation, collaboration, deeper management capabilities, and more flexible workflows. Increased visibility helps teams make data-driven decisions and drive organizational awareness.
As society redefines risk and opportunity, OneTrust empowers tomorrow’s leaders to succeed through trust and impact with the Trust Intelligence Platform. The market-defining Trust Intelligence Platform from OneTrust connects privacy, GRC, ethics, and ESG teams, data, and processes, so all companies can collaborate seamlessly and put trust at the center of their operations and culture by unlocking their value and potential to thrive by doing what’s good for people and the planet.