Vendor Risk Management

Streamline Vendor Risk Assessment Workflows

Relevant GDPR Articles

  -  Article 24(1): Responsibility of the Controller

  -  Article 28(1): Processor

  -  Article 29: Processing Under the Authority of the Controller or Processor

  -  Article 46(1): Transfers Subject to Appropriate Safeguards


OneTrust Focused on Identifying and Managing Risk in Vendor Management

Shared Liability Between Controllers and Processors (Vendors and Suppliers)

Companies increasingly rely on third party vendors to meet their operational needs. Yet managing the data risks in an outsourced world has become a major challenge for security, compliance, procurement, legal and executive management.

The General Data Protection Regulation (GDPR) outlines data controller and processor obligations in Articles 24, 28, 29, and 46. There is shared liability for companies using vendors to process data, and organizations should look to have the correct protections in place.

OneTrust Vendor Risk Management Lifecycle Automation

Because the GDPR holds companies and their vendors (controllers and processors) jointly liable, it is critical to analyze vendor data transfers and contractual obligations with the same level of diligence as internal processing activities to have a defensible posture in the unfortunate event that a supplier or vendor has a breach.

OneTrust enables organizations to conduct vendor due diligence both during the initial vendor onboarding phase as well as re-audit existing vendors on a risk-based schedule. Vendor privacy and security assessment questionnaires can be sent directly to the supplier or third party to complete and generate a central record of all your vendors, contracts, data transfers, the legal basis for any cross-border transfers, and the proper security obligations.


Customize Vendor Risk Assessments

Vendor Onboarding

Add and manage vendors either being evaluated for the first time or reassess established partners. View the status of all vendors including action items, contracts, assessments, risks, and vendor score.

Customize, Build, or Import Templates

Choose a questionnaire template available in the OneTrust Gallery, including privacy and security, infrastructure, physical and data center security, and web application security assessments. Our point-and-click UI makes building and customizing vendor assessment questionnaires easy.

Automate Vendor Evaluation Workflows

Manage Assessment Workflows

Automate the assessment workflow for deadlines, validation, assignment and extensions directly within the OneTrust platform. Once assessments are completed, flag calculated risks and setup automatic vendor follow-ups for mitigation.

Streamline Contract Management

With OneTrust, track all vendor engagements and associated contracts using the Vendor Risk Management tool. Trigger assessments across business units and locations as new vendors are contracted.

Capture Analytics and Centralize Records

Integrate with Data Mapping

Seamlessly integrate vendor management and workflows with your underlying data map inventory. Approved vendors can be dynamically added to your system.

View Risk Analytics & Reporting

OneTrust gives you the ability to export assessments into PDF reports, so you can easily provide status updates to your executive team. Our comprehensive reports contain detailed responses including analytics and visualization of risk.

Why OneTrust Vendor Risk Management?

  • Deep regulatory guidance-based privacy research, reporting, and built-in templates
  • Option for self-service deployment or additional support from OneTrust implementation team
  • Fully scalable solution for small and medium businesses to large multinational enterprises
  • Multi-lingual product translated by OneTrust’s in-house, privacy-trained localization team
  • Flexible and modular pricing structure to meet program maturity and budgetary uncertainties
  • Out-of-the-box ready solution with a highly tailorable and customizable platform
  • Deployment flexibility in EU cloud, US cloud, or on-premises with the ability to migrate
  • Available as stand-alone module or as part of OneTrust’s comprehensive and integrated platform