OneTrust’s commitment to trust begins and ends with privacy, security and compliance. We strive to not only comply and implement best practices, but to stay one step ahead, pioneering the future of privacy & security as technology continues to evolve.
You Trust Us For Your Compliance Program, Learn More About Ours
Privacy
As a global leader in privacy and data protection, our goal is to make our practices as transparent as possible and to give you control over your data. Privacy is at the core of what we do, which is why we are at the forefront of driving and adopting industry standards and best practices.
Security
Security is embedded throughout our organization, from our products to the people. We’ve put the controls and processes in place to safeguard your data, taking a risk-based approach and making continuous improvement a mandate.
Compliance
Our in-house Integrated Management System (IMS) Team uses OneTrust tools to operationalize privacy, security and third-party risk management. Compliance is a company imperative as we continually undergo independent third-party audits to validate our commitments.
Reliability
Deployed in the cloud or on-premises, our platform is designed to deliver stable solutions so our customers can scale with confidence. OneTrust’s SOC 2 report provides assurance that our team has designed an effective system of security, availability and confidentiality controls.
Practicing What We Preach
We strive to help our customers build world-class privacy programs, and therefore believe that we should hold ourselves to the same standards. We’ve demonstrated this by not only pursuing industry standard security certifications, but also by being the first organization in the world to achieve the ISO 27701 certification, the privacy extension to the popular ISO 27001 security standard.
Certifications
ISO 27001 Certification
ISO 27701 Certification
SOC 2 Type II
Options for EU Customers In Light of "Schrems II" Decision
On July 16, 2020 the Court of Justice of the European Union invalidated EU-US Privacy Shield as a data transfer mechanism between the EU and US, and also cast added uncertainty on the use of Standard Contractual Clauses (SCC) as part of the “Schrems II” decision. OneTrust is dedicated to offering our customers flexible options that meet their unique business needs along with their interpretation of how the decision impacts SCCs. OneTrust is offering the following options to our customers, all fully available today:
FULLY EU CONTAINERIZED SOLUTION: ON-PREM / PRIVATE CLOUD
Customers can choose to host OneTrust fully on-premises in their data center or in a private cloud, local to a country of their choice and fully containerized in the EU and under their control. The OneTrust platform is engineered on a single codebase with the ability to be hosted on-premises where required, so customers will not experience any diminished features or functionality.
FULLY EU CONTAINERIZED SOLUTION: MULTI-TENANT SaaS
OneTrust offers a SaaS solution hosted in a German data center operated by T-Systems German entity. This solution has already been available to OneTrust customers for multiple years, and is governed by a Trustee agreement to provide the controls for EU containerization. You can view the Trustee agreement here and learn more at the myOneTrust link below.
GLOBAL SCC BASED SOLUTION: MULTI-TENANT SaaS
Customers can leverage a multi-tenant SaaS instance of OneTrust, choosing from any of our 10 data centers and continuing to rely on Standard Contractual Clauses (SCC). OneTrust limits data transfers strictly to provide 24/7 resilience and security monitoring, and customers will have the option to migrate to modernized SCCs when the EU makes them available.
Going Cloud? Choose From 10 Global Data Centers
AUSTRALIA | BRAZIL | CANADA | FRANCE | GERMANY | INDIA | UNITED KINGDOM | UNITED STATES | SINGAPORE | SWITZERLAND
*Cloud hosting provided by Microsoft Azure
