Press Release

OneTrust Launches New Vendor Risk Management Module

OneTrust Vendor Risk Management, powered by Vendorpedia, the fast-growing intelligence network of third-party vendors, streamlines vendor risk and data processing addendum contract lifecycle workflows

October 08, 2018

Today at PrivacyTech, the leading event for privacy technology, OneTrust announced a new vendor risk management module integrated into the market-leading privacy management and marketing compliance platform. OneTrust Vendor Risk Management streamlines vendor risk, contract and data processing agreement lifecycle workflows for GDPR and other global privacy law compliance. OneTrust Vendor Risk Management is powered by Vendorpedia, OneTrust’s intelligent network of third-party vendors that provides details on security and privacy status, recent incidents, sub-processors and more.

Learn more about OneTrust Vendor Risk Management during our webinar on 16 October at 16:00 CET / 11:00 ET and during PrivacyTech: Introducing Vendor Risk Management: Automating 3rd Party Security & Privacy Risks on 8 October at 13:30 in the Avize Room

The GDPR and other global privacy laws hold data controllers liable for personal data breaches caused by their processors (vendors). As a result, companies need to be acutely aware of their vendor privacy policies, practices, certifications and data processing activities.

The OneTrust Vendor Risk Management is a holistic solution to manage vendors, identify risks and streamline assessment and contract lifestyles. With Vendorpedia, customers can view their vendor’s privacy and security status, understand recent breaches and incidents and evaluate fourth-party sub-processors the vendor may be utilising. With templated questionnaires built in partnership with the Cloud Security Alliance (CSA), OneTrust Vendor Risk Management helps customers identify vendor risks, track progress and require third parties to submit evidence when risks are mediated.

Key capabilities of OneTrust’s Vendor Risk Management solution includes:

  • Vendorpedia by OneTrust, a highly innovative and scalable information sharing network of pre-populated vendor data
  • Vendor privacy and security scanning to proactively detect and monitor critical privacy and security terms and credentials for vendors
  • Fourth-party supply chain management to auto-detect and auto-assess sub-processors that are used by your vendors
  • Vendor and business self-service onboarding and offboarding
  • Contract and Data Processor Agreement (DPA) management to track and report on key contractual clauses such as data breach notification terms
  • Bulk import and integrations for existing vendors, contracts, and procurement systems
  • Built-in standardized assessment frameworks in multiple languages from Cloud Security Alliance (CSA CAIQ), VSA, Share Assessments SIG and SIG-Lite, Google VSAQ, as well as ability to tailor and create custom assessments
  • Integration with OneTrust’s widely adopted data mapping technology to streamline the task of keeping an organisations data map and records of processing up to date

Related: OneTrust and the Cloud Security Alliance Announce Strategic Partnership to Make Vendor Risk Assessment Technology Available Globally

“Managing vendors can be one of the most burdensome processes for our customers, and OneTrust’s Vendor Risk Management module, powered by Vendorpedia, simplifies and streamlines the vendor risk lifecycle for organisations,” said Kabir Barday, OneTrust CEO and Fellow of Information Privacy (FIP). “With deep integrations into the suite of OneTrust solutions, our customers can now incorporate vendor risk into their comprehensive privacy programme management.”

OneTrust Vendor Risk Management is available today. Contact your account executive or visit for more information.


About OneTrust

OneTrust is the global leader in privacy management and marketing compliance software. More than 1,500 customers, including 200 of the Global 2,000, use OneTrust to comply with global data privacy regulations across sectors and jurisdictions, including the EU GDPR, ePrivacy (Cookie Law) and California Consumer Privacy Act. An additional 10,000 organisations use OneTrust’s technology through a partnership with the International Association of Privacy Professionals (IAPP), the world’s largest global information privacy community.

The comprehensive platform is based on a combination of intelligent scanning, regulator guidance-based questionnaires, automated workflows and developer plugins used together to automatically generate the record keeping required for an organisation to demonstrate compliance to regulators and auditors. The platform is enriched with content from hundreds of templates based on the world-class privacy research conducted by our 300+ in-house certified privacy professionals.

The software, available in 50+ languages, is backed by 27 awarded patents and can be deployed in an EU cloud or on-premise.

OneTrust helps organisations implement GDPR requirements, including Data Protection by Design and Default (PbD), Data Protection Impact Assessments (PIA/DPIA), Vendor Risk Management, Incident and Breach Management, Records of Processing (Data Mapping), Consent Management, ePrivacy Cookie Consent, Data Subject Access Rights, Portability and Right to Be Forgotten, as well as demonstrating accountability and compliance.

PrivacyConnect, OneTrust’s GDPR community, hosts free workshops in 85 international cities, and is attended by thousands of privacy professionals to share best practices.

PrivacyTech, OneTrust’s global user conference, is taking place 8-10 October in London. OneTrust PrivacyTECH brings together privacy professionals breakdown the latest technology innovations driving global privacy compliance.

OneTrust is co-headquartered in Atlanta, GA and in London, UK, with additional offices in Bangalore, Melbourne, Munich and Hong Kong. The fast-growing team of privacy and technology experts surpasses 500 employees worldwide. To learn more, visit

You may also like


Ethics Program Management

Ethics Exchange: Risk assessments

Join our risk assessments experts as we discuss best practices, program templates, and how provide an assessment that provides the best value for your organization.

October 25, 2023

Learn more


Third-Party Risk

5 Ways to save time when assessing third parties for privacy and security risks webinar

Join our webinar and learn how to save time and streamline third-party risk assessment throughout the TPRM lifecycle.

October 25, 2023

Learn more


Third-Party Risk

Live demo: Building your third-party risk management program with OneTrust

Explore how OneTrust can help you build an efficient third-party risk management program that streamlines manual processes and uncovers hidden risks.

September 28, 2023

Learn more