Privacy

As a global leader in privacy and data protection, our goal is to make our practices as transparent as possible and to give you control over your data. Privacy is at the core of what we do, which is why we are at the forefront of driving and adopting industry standards and best practices.  Learn More

Verify transfers

Security

Security is embedded throughout our organization, from our products to the people. We’ve put the controls and processes in place to safeguard your data, taking a risk-based approach and making continuous improvement a mandate.  Learn More

data redaction

Compliance

OneTrust provides highly resilient and secure cloud-based services to customers all over the world. The security of the infrastructure and data is a foundational requirement. This must be demonstrated consistently both to maintain customer trust and for regulatory and compliance reasons. OneTrust maintains accreditation with many common standards such as those shown.

Reliability

Deployed in the cloud or on-premises, our platform is designed to deliver stable solutions so our customers can scale with confidence. OneTrust’s SOC 2 report provides assurance that our team has designed an effective system of security, availability and confidentiality controls.

Ethics

Ethics and values form the foundation of what we do and how we do it. At OneTrust, we are OneTeam grounded in integrity, trust, and accountability. Our actions are guided by and taken in accordance with our Code of Trust and the principles within that Code. We understand our collective responsibility to ensure our company and our actions are ethical, legal and promote our values and we take that responsibility seriously.

ESG and Sustainability

We are built on trust, and our commitment to protecting human rights, caring for communities, and strengthening our society is at the heart of our work. We nurture responsible business in three ways: lead by example; share our knowledge with the world; and create technology that helps companies accelerate their ESG integration. Learn More

Certifications


ISO/IEC 27001 Information Security Management System Certification

OneTrust’s Integrated Management System (IMS) has achieved and maintains ISO/IEC 27001:2013 certification for establishing, implementing, maintaining and continually improving an information security management system within the context of the organization. OneTrust’s certificate can be found here.

ISO/IEC 27701 Privacy Information Management System Certification

OneTrust LLC’s Integrated Management System (IMS) earned an ISO/IEC 27701:2019 (Security techniques — Extension to ISO/IEC 27001 and ISO/IEC 27002 for privacy information management – Requirements and guidelines) certification, which can be found here. OneTrust was the first organization in the world to achieve this new certification, which provides guidance for establishing, implementing, maintaining, and continually improving a Privacy Information Management System.

SOC 2 Type II Report Security Controls

OneTrust annually executes and completes a SOC 2 for Service Organizations: Trust Services Criteria (i.e., a SOC 2 Type II Report on Controls at a Service Organization Relevant to Security, Availability, Processing Integrity, Confidentiality or Privacy). OneTrust is happy to provide a copy of the SOC 2 Type II Report upon request under NDA.

PCI DSS

OneTrust has been certified as compliant with the Payment Card Industry Data Security Standard (PCI DSS) v3.2.1. As a Service Provider, OneTrust provides an application solution to aid customers with Privacy, Security, and Data Governance to meet privacy management, third-party risk monitoring, GRC functions, and data governance for various information security standards. Customers upload their data, (which may contain elements of cardholder data), from their devices to the OneTrust application platform.

Bring Your Own Key (BYOK) Solutions for US Data Transfers


In light of the Austrian DPA’s 2021 ruling on Google Analytics, concerns over how to legally transfer data to the US have only grown, and the process has only become more complex. To address this, OneTrust supports a Bring Your Own Key (BYOK) solution as a supplementary measure. By leveraging BYOK, organizations can confidently transfer data, controlling sole access to the encryption keys, without ever sharing them with any entity – even OneTrust.

Assess 3rd Country

Address International Data Transfer Concerns​

Overcome Schrems II cross-border data transfer concerns by ​implementing BYOK as a supplementary data protection measure.*​

Take Control Over Access to Your Data

Maintain full control to create, disable, and revoke access to your encryption keys, protecting your data from unauthorized access by external parties, including OneTrust.

TIA Response

Deploy in Cloud or Private Cloud

Leverage a private or multi-tenant cloud environment without sacrificing security while still having the flexibility to migrate at any time.

*OneTrust has implemented many other organizational measures by default based on the EDPB Guidelines and EC updated SCCs including adoption of the new SCCs, Transfer Impact Assessment processes, and quarterly updates to our Transparency Report.

Going Cloud? Choose From 12 Global Data Centers


AUSTRALIA | BRAZIL | CANADA | FRANCE | GERMANY | INDIA | UNITED KINGDOM | UNITED STATES | SINGAPORE | SWITZERLAND | JAPAN | UNITED ARAB EMIRATES

*Cloud hosting provided by Microsoft Azure

CSA Onetrust star level one

OneTrust registered with the Cloud Security Alliance, please follow this link for further information.

View
OneTrust

View Our Trust Profile

See additional certifications and details by visiting our OneTrust Third-Party Risk Exchange Trust Profile, a centralized portal where you can access security, privacy, and compliance information.

View Profile
Onetrust All Rights Reserved