As a global leader in privacy and data protection, our goal is to make our practices as transparent as possible and to give you control over your data. Privacy is at the core of what we do, which is why we are at the forefront of driving and adopting industry standards and best practices.  Learn More

Verify transfers


Security is embedded throughout our organization, from our products to the people. We’ve put the controls and processes in place to safeguard your data, taking a risk-based approach and making continuous improvement a mandate.  Learn More

data redaction


OneTrust provides highly resilient and secure cloud-based services to customers all over the world. The security of the infrastructure and data is a foundational requirement. This must be demonstrated consistently both to maintain customer trust and for regulatory and compliance reasons. OneTrust maintains accreditation with many common standards such as those shown.


Deployed in the cloud or on-premises, our platform is designed to deliver stable solutions so our customers can scale with confidence. OneTrust’s SOC 2 report provides assurance that our team has designed an effective system of security, availability and confidentiality controls.


Ethics and values form the foundation of what we do and how we do it. At OneTrust, we are OneTeam grounded in integrity, trust, and accountability. Our actions are guided by and taken in accordance with our Code of Trust and the principles within that Code. We understand our collective responsibility to ensure our company and our actions are ethical, legal and promote our values and we take that responsibility seriously.

ESG and Sustainability

We are built on trust, and our commitment to protecting human rights, caring for communities, and strengthening our society is at the heart of our work. We nurture responsible business in three ways: lead by example; share our knowledge with the world; and create technology that helps companies accelerate their ESG integration. Learn More


ISO/IEC 27001 Information Security Management System Certification

OneTrust’s Integrated Management System (IMS) has achieved and maintains ISO/IEC 27001:2013 certification for establishing, implementing, maintaining and continually improving an information security management system within the context of the organization. OneTrust’s certificate can be found here.

ISO/IEC 27701 Privacy Information Management System Certification

OneTrust LLC’s Integrated Management System (IMS) earned an ISO/IEC 27701:2019 (Security techniques — Extension to ISO/IEC 27001 and ISO/IEC 27002 for privacy information management – Requirements and guidelines) certification, which can be found here. OneTrust was the first organization in the world to achieve this new certification, which provides guidance for establishing, implementing, maintaining, and continually improving a Privacy Information Management System.

SOC 2 Type II Report Security Controls

OneTrust annually executes and completes a SOC 2 for Service Organizations: Trust Services Criteria (i.e., a SOC 2 Type II Report on Controls at a Service Organization Relevant to Security, Availability, Processing Integrity, Confidentiality or Privacy). OneTrust is happy to provide a copy of the SOC 2 Type II Report upon request under NDA.


OneTrust has been certified as compliant with the Payment Card Industry Data Security Standard (PCI DSS) v3.2.1. As a Service Provider, OneTrust provides an application solution to aid customers with Privacy, Security, and Data Governance to meet privacy management, third-party risk monitoring, GRC functions, and data governance for various information security standards. Customers upload their data, (which may contain elements of cardholder data), from their devices to the OneTrust application platform.

Options for EU Customers In Light of "Schrems II" Decision

On July 16, 2020 the Court of Justice of the European Union invalidated EU-US Privacy Shield as a data transfer mechanism between the EU and US. Since then, additional guidance on supplementary measures for international data transfers has been released by the European Data Protection Board, and updated draft Standard Contractual Clauses by the European Commission. OneTrust is dedicated to offering our customers flexible options that meet their unique business needs along with their interpretation of these new guidelines, and therefore offers the following options to our customers:


Customers can choose to host OneTrust fully on-premises in their data center or in a private cloud, local to a country of their choice and under their control.


Customers can leverage a multi-tenant SaaS instance of OneTrust deployed in any of our 10 data centers, including Germany, France or Switzerland, with limited data transfers. These data transfers will be based on the updated SCCs from the European Commission as well as European Data Protection Board recommendations on measures that supplement transfer tools to ensure compliance with the EU level of protection of personal data


Customers can host in our cloud environments while maintaining full control to create, disable, and revoke access to their encryption keys, preventing OneTrust or any entity from having the ability to decrypt customer data.

OneTrust is committed to transparency in its privacy practices. We will continue to provide our policy for government and law enforcement requests for customer data and a publish Transparency Report that documents the number of requests received and how we responded to them. You can view this report at the link below

Going Cloud? Choose From 10 Global Data Centers


Data Centers

*Cloud hosting provided by Microsoft Azure

CSA Onetrust star level one

OneTrust registered with the Cloud Security Alliance, please follow this link for further information.


Want to learn more about our compliance program or how we can help with yours?

Onetrust All Rights Reserved