OneTrust’s commitment to trust begins and ends with privacy, security and compliance. We strive to not only comply and implement best practices, but to stay one step ahead, pioneering the future of privacy & security as technology continues to evolve.
Privacy
As a global leader in privacy and data protection, our goal is to make our practices as transparent as possible and to give you control over your data. Privacy is at the core of what we do, which is why we are at the forefront of driving and adopting industry standards and best practices. Learn More
Security
Security is embedded throughout our organization, from our products to the people. We’ve put the controls and processes in place to safeguard your data, taking a risk-based approach and making continuous improvement a mandate. Learn More
Compliance
OneTrust provides highly resilient and secure cloud-based services to customers all over the world. The security of the infrastructure and data is a foundational requirement. This must be demonstrated consistently both to maintain customer trust and for regulatory and compliance reasons. OneTrust maintains accreditation with many common standards such as those shown.
Reliability
Deployed in the cloud or on-premises, our platform is designed to deliver stable solutions so our customers can scale with confidence. OneTrust’s SOC 2 report provides assurance that our team has designed an effective system of security, availability and confidentiality controls.
Ethics
Ethics and values form the foundation of what we do and how we do it. At OneTrust, we are OneTeam grounded in integrity, trust, and accountability. Our actions are guided by and taken in accordance with our Code of Trust and the principles within that Code. We understand our collective responsibility to ensure our company and our actions are ethical, legal and promote our values and we take that responsibility seriously.
ESG and Sustainability
We are built on trust, and our commitment to protecting human rights, caring for communities, and strengthening our society is at the heart of our work. We nurture responsible business in three ways: lead by example; share our knowledge with the world; and create technology that helps companies accelerate their ESG integration. Learn More
Certifications

ISO/IEC 27001 Information Security Management System Certification
OneTrust’s Integrated Management System (IMS) has achieved and maintains ISO/IEC 27001:2013 certification for establishing, implementing, maintaining and continually improving an information security management system within the context of the organization. OneTrust’s certificate can be found here.

ISO/IEC 27701 Privacy Information Management System Certification
OneTrust LLC’s Integrated Management System (IMS) earned an ISO/IEC 27701:2019 (Security techniques — Extension to ISO/IEC 27001 and ISO/IEC 27002 for privacy information management – Requirements and guidelines) certification, which can be found here. OneTrust was the first organization in the world to achieve this new certification, which provides guidance for establishing, implementing, maintaining, and continually improving a Privacy Information Management System.

SOC 2 Type II Report Security Controls
OneTrust annually executes and completes a SOC 2 for Service Organizations: Trust Services Criteria (i.e., a SOC 2 Type II Report on Controls at a Service Organization Relevant to Security, Availability, Processing Integrity, Confidentiality or Privacy). OneTrust is happy to provide a copy of the SOC 2 Type II Report upon request under NDA.

PCI DSS
OneTrust has been certified as compliant with the Payment Card Industry Data Security Standard (PCI DSS) v3.2.1. As a Service Provider, OneTrust provides an application solution to aid customers with Privacy, Security, and Data Governance to meet privacy management, third-party risk monitoring, GRC functions, and data governance for various information security standards. Customers upload their data, (which may contain elements of cardholder data), from their devices to the OneTrust application platform.
Bring Your Own Key (BYOK) Solutions for US Data Transfers
In light of the Austrian DPA’s 2021 ruling on Google Analytics, concerns over how to legally transfer data to the US have only grown, and the process has only become more complex. To address this, OneTrust supports a Bring Your Own Key (BYOK) solution as a supplementary measure. By leveraging BYOK, organizations can confidently transfer data, controlling sole access to the encryption keys, without ever sharing them with any entity – even OneTrust.
Address International Data Transfer Concerns
Overcome Schrems II cross-border data transfer concerns by implementing BYOK as a supplementary data protection measure.*
Take Control Over Access to Your Data
Maintain full control to create, disable, and revoke access to your encryption keys, protecting your data from unauthorized access by external parties, including OneTrust.
Deploy in Cloud or Private Cloud
Leverage a private or multi-tenant cloud environment without sacrificing security while still having the flexibility to migrate at any time.
*OneTrust has implemented many other organizational measures by default based on the EDPB Guidelines and EC updated SCCs including adoption of the new SCCs, Transfer Impact Assessment processes, and quarterly updates to our Transparency Report.
Going Cloud? Choose From 12 Global Data Centers
AUSTRALIA | BRAZIL | CANADA | FRANCE | GERMANY | INDIA | UNITED KINGDOM | UNITED STATES | SINGAPORE | SWITZERLAND | JAPAN | UNITED ARAB EMIRATES
*Cloud hosting provided by Microsoft Azure

OneTrust registered with the Cloud Security Alliance, please follow this link for further information.
View
View Our Trust Profile
See additional certifications and details by visiting our OneTrust Trust Profile, a centralized portal where you can access security, privacy, and compliance details.