Skip to main content

On-demand webinar coming soon...

Blog

CNIL publishes guidance on incident management and notification

August 10, 2017

N/A

CNIL publishes guidance on Incident management and notification

The French data protection authority (“the CNIL”) has published guidance on the notification of security incidents to regulatory authorities.

According to the CNIL, an organisation’s incident management process must be thought out, tested, evaluated, and corrected, and the obligation to notify competent regulatory authorities should be fully baked into this process.

Under the EU General Data Protection Regulation (GDPR), data controllers will be required to notify competent supervisory authorities, such as the CNIL, in the event of a personal data breach. [See GDPR Article 33-34.]

The GDPR defines a personal data breach as “a breach of security leading to the accidental or unlawful destruction, loss, alteration, unauthorised disclosure of, or access to, personal data transmitted, stored or otherwise processed.” [GDPR Article 4(12)]

The guidance published by the CNIL includes a standard 5-step incident management process based on ISO/IEC 27035, and suggests integrating notification obligations into that process.

1. Plan and Prepare. Create a directory and incident management procedures.

Identify internal personnel involved in incident management, including those involved in:

  • Senior management
  • Information security
  • Personal data protection
  • Risk management and quality assurance
  • Communications
  • Technical support

Identify external stakeholders, including:

  • Service providers
  • Regulatory authorities
  • Links to external notification forms

Formalise and test internal incident management procedures.

2. Detect and Report. Monitor and implement incident detection tools.

  • Set up a monitoring system to detect current threats, via internal or external sources, and analyse them on a case-by-case basis.
  • Set up detection devices to alert you to any abnormal, suspicious, and malicious activities, as well as to specifically defined “security events.” As always, it is important to take into account the privacy interests and rights of internal and external users when considering the implementation of such tools.

3. Assess and Decide. Qualify the incident.

After evaluating the information detected and reported on, determine whether the particular event rises to the level of an incident, and whether notification of competent authorities or individuals is required under law. Document the incident in an internal registry with facts about the violation, its effects and remediation measures taken.

4. Resolve and notify.

Deal with the incident by:

  • Identifying and implementing measures to reduce its effects; and
  • Notifying competent authorities.

Use available notification forms provided by competent authorities, such as:

5. Draw Lessons. Prevent recurrence.

  • Identify deficiencies and correct them, to reduce the risk of recurrence.
  • Review identified risks and update data protection impact assessments (DPIAs) accordingly.

CNIL is also creating a new teleservice, to be operational beginning in May 2018, for reporting “personal data breaches” under the GDPR. The service will allow data controllers to report meet their Article 33 notification obligations in an online format.

How OneTrust helps

OneTrust is the leading and fastest growing privacy management software platform used by hundreds of organisations globally to comply with data privacy regulations across sectors and jurisdictions, including the EU GDPR and Privacy Shield.

Our comprehensive, integrated, technology-based solutions include readiness and privacy impact assessments, data inventory and mapping automation, website scanning and consent management, subject rights requests, incident reporting, and vendor risk management.

With OneTrust, you can maintain incident and breach records, evaluate against notification requirements, and analyze overall risk with connections to underlying data inventory. Build a systematic process to document the incident, understand if it has resulted in a breach, analyse harm to the individual and determine if a notification to the supervisory authority or the data subject.

 


You may also like

Seminario web

GRC y garantía de seguridad

Cumplimiento de NIS2: cómo resolver los retos de la normativa con una demostración práctica

Acompáñanos en esta sesión dónde repasaremos los principales requisitos de la normativa NIS2 y su impacto. Además, podrás asistir a una demostración práctica y conocer cómo OneTrust te ayuda a resolver los retos de gobernanza, gestión de riesgos y terceros, gestión de incidentes y cumplimiento asociados a la normativa.

noviembre 26, 2024

Learn more

Seminario web

GRC y garantía de seguridad

Cumplimiento de NIS2: cómo resolver los retos de la normativa con una demostración práctica

Acompáñanos en esta sesión dónde repasaremos los principales requisitos de la normativa NIS2 y su impacto. Además, podrás asistir a una demostración práctica y conocer cómo OneTrust te ayuda a resolver los retos de gobernanza, gestión de riesgos y terceros, gestión de incidentes y cumplimiento asociados a la normativa.

noviembre 26, 2024

Learn more

Webinar

Third-Party Risk

Live Demo EMEA: Building a robust third-party risk management program with OneTrust

Join to explore how OneTrust's TPRM solution can revolutionize your third-party risk management approach. We will cover best practices for implementing and leveraging the software to minimize risks.

October 10, 2024

Learn more

Webinar

Third-Party Risk

Live Demo EMEA: Building a robust third-party risk management program with OneTrust

Join to explore how OneTrust's TPRM solution can revolutionize your third-party risk management approach. We will cover best practices for implementing and leveraging the software to minimize risks.

October 10, 2024

Learn more

Webinar

Third-Party Risk

APAC - Third-party risk management and due diligence: What’s the difference and why does it matter?​

Join this APAC webinar to learn the unique competencies of third-party risk and due diligence programs and examine when and how to align them to maximize the effectiveness of each.

September 18, 2024

Learn more

Webinar

Third-Party Risk

APAC - Third-party risk management and due diligence: What’s the difference and why does it matter?​

Join this APAC webinar to learn the unique competencies of third-party risk and due diligence programs and examine when and how to align them to maximize the effectiveness of each.

September 18, 2024

Learn more

Webinar

Third-Party Risk

Third-Party operational risk: Shifting from reliance to resilience

Join this webinar to learn best practices for building a resilient third-party ecosystem and maintaining operational continuity in the face of unforeseen challenges.

August 15, 2024

Learn more

Webinar

Third-Party Risk

Third-Party operational risk: Shifting from reliance to resilience

Join this webinar to learn best practices for building a resilient third-party ecosystem and maintaining operational continuity in the face of unforeseen challenges.

August 15, 2024

Learn more

Webinar

Technology Risk & Compliance

Tech risk & compliance masterclass: The anatomy of a framework

Master the fundamentals of constructing robust compliance frameworks that can seamlessly integrate with organizational operations while aligning with regulatory and strategic mandates to deliver measurable insights on your progress and gaps.

August 14, 2024

Learn more

Webinar

Technology Risk & Compliance

Tech risk & compliance masterclass: The anatomy of a framework

Master the fundamentals of constructing robust compliance frameworks that can seamlessly integrate with organizational operations while aligning with regulatory and strategic mandates to deliver measurable insights on your progress and gaps.

August 14, 2024

Learn more

Webinar

Technology Risk & Compliance

Tech risk and compliance masterclass

Unlock tech risk management & compliance excellence. Master risk management, build robust frameworks, and foster cross-functional collaboration for long-term resilience.

August 07, 2024

Learn more

Webinar

Technology Risk & Compliance

Tech risk and compliance masterclass

Unlock tech risk management & compliance excellence. Master risk management, build robust frameworks, and foster cross-functional collaboration for long-term resilience.

August 07, 2024

Learn more

Webinar

Technology Risk & Compliance

Introducing OneTrust Compliance Automation

Join us as we explore OneTrust Compliance Automation, a holistic and fully integrated solution that streamlines and optimizes workflows, compliance, and attestation.

July 25, 2024

Learn more

Webinar

Technology Risk & Compliance

Introducing OneTrust Compliance Automation

Join us as we explore OneTrust Compliance Automation, a holistic and fully integrated solution that streamlines and optimizes workflows, compliance, and attestation.

July 25, 2024

Learn more

Blog

Third-Party Risk

CrowdStrike outage highlights third-party risk 

See our key insights and discover why robust risk management across third parties, fourth parties, and beyond is crucial.

Hannah Middleton

July 25, 2024 3 min read

Learn more

Blog

Third-Party Risk

CrowdStrike outage highlights third-party risk 

See our key insights and discover why robust risk management across third parties, fourth parties, and beyond is crucial.

Hannah Middleton

July 25, 2024 3 min read

Learn more

Webinar

Third-Party Risk

Master Third-Party Risk Management with OneTrust: ​Live Demo and Secrets to Success

Join this free demo session to learn the ins an outs of OneTrust’s Third-Party Management solution.

July 02, 2024

Learn more

Webinar

Trust Intelligence

TPRM Virtual Roundtable Series

Join the series of expert Roundtables on the topic of Third Party Risk Management

Juli 01, 2024

Learn more

Webinar

Trust Intelligence

TPRM Virtual Roundtable Series

Join the series of expert Roundtables on the topic of Third Party Risk Management

Juli 01, 2024

Learn more

Webinar

Trust Intelligence

TPRM Virtual Roundtable Series

Join the series of expert Roundtables on the topic of Third Party Risk Management

July 01, 2024

Learn more

Blog

Third-Party Risk

From risk to return: How to measure the ROI of your risk management program

Learn how to communicate the ROI of your risk management program and its financial impact on an organization’s broader goals.

Katrina Dalao

June 27, 2024 5 min read

Learn more

Blog

Third-Party Risk

From risk to return: How to measure the ROI of your risk management program

Learn how to communicate the ROI of your risk management program and its financial impact on an organization’s broader goals.

Katrina Dalao

June 27, 2024 5 min read

Learn more

Blog

AI Governance

Managing AI compliance with ISO 42001

Get an overview of ISO 42001, the world's first AI management system standard and how it impacts your organization.

Katrina Dalao

June 05, 2024 5 min read

Learn more

Blog

AI Governance

Managing AI compliance with ISO 42001

Get an overview of ISO 42001, the world's first AI management system standard and how it impacts your organization.

Katrina Dalao

June 05, 2024 5 min read

Learn more

Blog

Technology Risk & Compliance

OneTrust introduces Compliance Automation

Learn how to centrally manage your compliance initiatives across regulations, standards, and frameworks and propel your team from research to action.

Katrina Dalao

June 03, 2024 2 min read

Learn more

Blog

Technology Risk & Compliance

OneTrust introduces Compliance Automation

Learn how to centrally manage your compliance initiatives across regulations, standards, and frameworks and propel your team from research to action.

Katrina Dalao

June 03, 2024 2 min read

Learn more

Checklist

Third-Party Risk

TPRM privacy compliance: Questions to ask when working with third parties

Download this checklist to learn what questions to ask when designing a third-party risk management program that enables privacy compliance.

May 31, 2024

Learn more

Checklist

Third-Party Risk

TPRM privacy compliance: Questions to ask when working with third parties

Download this checklist to learn what questions to ask when designing a third-party risk management program that enables privacy compliance.

May 31, 2024

Learn more

Webinar

Drittparteienrisiken

DORA Countdown: aktueller Stand und Umsetzungsansätze

Mai 28, 2024

Learn more

Webinar

GRC & Security Assurance

Empowering your cyber defense: Key insights into the latest NIST CSF update with PwC

Join this webinar with OneTrust and PwC and gain insights into the upcoming NIST CSF update and learn how to effectively deploy it across your organization.

May 08, 2024

Learn more

Webinar

GRC & Security Assurance

Empowering your cyber defense: Key insights into the latest NIST CSF update with PwC

Join this webinar with OneTrust and PwC and gain insights into the upcoming NIST CSF update and learn how to effectively deploy it across your organization.

May 08, 2024

Learn more

Infographic

Third-Party Risk

Streamline compliance with the Digital Operational Resilience Act (DORA)

Download our infographic to learn about the new DORA regulation, who needs to comply, and how OneTrust can help streamline the process.

April 29, 2024

Learn more

Blog

Third-Party Risk

Navigating the Digital Operational Resilience Act (DORA) with OneTrust

Read our article on the Digital Operational Resilience Act (DORA) and how organizations can effectively manage ICT risk and third-party risk to ensure compliance

Katrina Dalao

April 29, 2024 5 min read

Learn more

Blog

Third-Party Risk

Navigating the Digital Operational Resilience Act (DORA) with OneTrust

Read our article on the Digital Operational Resilience Act (DORA) and how organizations can effectively manage ICT risk and third-party risk to ensure compliance

Katrina Dalao

April 29, 2024 5 min read

Learn more

Infographic

Third-Party Risk

Streamline compliance with the Digital Operational Resilience Act (DORA)

Download our infographic to learn about the new DORA regulation, who needs to comply, and how OneTrust can help streamline the process.

April 29, 2024

Learn more

Blog

Rischi da parte di terzi

Esplora il regolamento sulla resilienza operativa digitale (DORA) con OneTrust

Leggi il nostro articolo sul regolamento sulla resilienza operativa digitale (Digital Operational Resilience Act, DORA) e su come le aziende possono gestire efficacemente i rischi legati alle TIC e alle terze parti per garantire la conformità

Katrina Dalao

aprile 29, 2024 5 min read

Learn more

Blog

Rischi da parte di terzi

Esplora il regolamento sulla resilienza operativa digitale (DORA) con OneTrust

Leggi il nostro articolo sul regolamento sulla resilienza operativa digitale (Digital Operational Resilience Act, DORA) e su come le aziende possono gestire efficacemente i rischi legati alle TIC e alle terze parti per garantire la conformità

Katrina Dalao

aprile 29, 2024 5 min read

Learn more

Blog

Riesgos de terceros

Explorando el Reglamento sobre resiliencia operativa digital (DORA) con OneTrust

Consulta nuestro artículo sobre el Reglamento sobre resiliencia operativa digital (DORA) y cómo las organizaciones pueden gestionar de forma eficaz el riesgo de las TIC y el riesgo de terceros con objeto de garantizar el cumplimiento normativo

Katrina Dalao

abril 29, 2024 5 min read

Learn more

Blog

Riesgos de terceros

Explorando el Reglamento sobre resiliencia operativa digital (DORA) con OneTrust

Consulta nuestro artículo sobre el Reglamento sobre resiliencia operativa digital (DORA) y cómo las organizaciones pueden gestionar de forma eficaz el riesgo de las TIC y el riesgo de terceros con objeto de garantizar el cumplimiento normativo

Katrina Dalao

abril 29, 2024 5 min read

Learn more

Webinar

Third-Party Risk

Live demo EMEA: Building your third-party risk management program with OneTrust

Join our webinar to learn how you can build an well-rounded Third-Party Risk Management Program that works for your organisation

April 23, 2024

Learn more

Webinar

Third-Party Risk

5 Best practices for increasing resilience when working with third parties webinar

Learn how to leverage financial, operations, compliance, ESG, and cyber scores to drive resilience insights and detect possible supply chain disruptions.

April 18, 2024

Learn more

Webinar

Third-Party Risk

5 Best practices for increasing resilience when working with third parties webinar

Learn how to leverage financial, operations, compliance, ESG, and cyber scores to drive resilience insights and detect possible supply chain disruptions.

April 18, 2024

Learn more

Webinar

GRC & Security Assurance

Certification Automation live product demo

Learn how OneTrust Certification Automation can help you scope, track, and manage security compliance holistically across complex operations.

April 10, 2024

Learn more

Webinar

GRC & Security Assurance

Certification Automation live product demo

Learn how OneTrust Certification Automation can help you scope, track, and manage security compliance holistically across complex operations.

April 10, 2024

Learn more

Video

Third-Party Risk

OneTrust third-party management demo video

Watch this demo video to learn how OneTrust third-party management helps organizations create resilient, secure, and scalable third-party ecosystems. 

April 04, 2024

Learn more

Video

Third-Party Risk

OneTrust third-party management demo video

Watch this demo video to learn how OneTrust third-party management helps organizations create resilient, secure, and scalable third-party ecosystems. 

April 04, 2024

Learn more

Checklist

Third-Party Risk

6 steps to effective third-party risk management

See the path to managing third-party risk effectively with a checklist that outlines the six steps for a sound TPRM program.

March 29, 2024

Learn more

Checklist

Third-Party Risk

6 steps to effective third-party risk management

See the path to managing third-party risk effectively with a checklist that outlines the six steps for a sound TPRM program.

March 29, 2024

Learn more

Webinaire

GRC & Security Assurance

IT compliance : Automatisez vos process de certifications (ISO, NIST, SOC2, HIPAA, PCI DSS)

Automatisez vos processus pour obtenir les normes requises en matière de sécurité de l'information, de confidentialité des données ou de cybersécurité.

mars 21, 2024

Learn more

Blog

GRC & Security Assurance

7 mythes sur la conformité à SOC 2

Comprenez ce dont votre entreprise a besoin pour se conformer à la norme SOC 2 et protéger les données de vos clients. 

mars 18, 2024

Learn more

Blog

GRC & Security Assurance

7 mythes sur la conformité à SOC 2

Comprenez ce dont votre entreprise a besoin pour se conformer à la norme SOC 2 et protéger les données de vos clients. 

mars 18, 2024

Learn more

Webinar

Third-Party Risk

TPRM privacy compliance: 10 best practices when working with third parties

How can you build a privacy-focused TPRM program? In this webinar, we discuss best practices for privacy compliance when working with third parties, from onboarding to offboarding.

March 13, 2024

Learn more

Webinar

Third-Party Risk

TPRM privacy compliance: 10 best practices when working with third parties

How can you build a privacy-focused TPRM program? In this webinar, we discuss best practices for privacy compliance when working with third parties, from onboarding to offboarding.

March 13, 2024

Learn more

Infographic

Technology Risk & Compliance

Rethinking risk assessments: Bridging the gap between best practices and action

Download our infographic to learn the main challenges faced during risk assessments, proven frameworks for assessing risks, and how to translate guidance into action.

March 07, 2024

Learn more

Infographic

Technology Risk & Compliance

Rethinking risk assessments: Bridging the gap between best practices and action

Download our infographic to learn the main challenges faced during risk assessments, proven frameworks for assessing risks, and how to translate guidance into action.

March 07, 2024

Learn more

Blog

Technology Risk & Compliance

Applying NIST CSF 2.0: Risk management vs. maturity assessments

Determine the best way to apply the NIST Cybersecurity Framework in your organization to help manage cyber risks and threats.

Katrina Dalao

March 06, 2024 4 min read

Learn more

Blog

Technology Risk & Compliance

Applying NIST CSF 2.0: Risk management vs. maturity assessments

Determine the best way to apply the NIST Cybersecurity Framework in your organization to help manage cyber risks and threats.

Katrina Dalao

March 06, 2024 4 min read

Learn more

Kundengeschichte

Drittparteienrisiken

PUMA

Multinationale Sportmarke erfindet das Lieferantenrisikomanagement neu – mit einem kollaborativen, unternehmensweiten Ansatz

März 04, 2024

Learn more

Kundengeschichte

Drittparteienrisiken

PUMA

Multinationale Sportmarke erfindet das Lieferantenrisikomanagement neu – mit einem kollaborativen, unternehmensweiten Ansatz

März 04, 2024

Learn more

Blog

Technology Risk & Compliance

7 myths about SOC 2 compliance

Understand what your company needs to achieve SOC 2 compliance and protect customer data. Read more about the seven myths about SOC 2 compliance.

Katrina Dalao

February 27, 2024 4 min read

Learn more

Blog

Technology Risk & Compliance

7 myths about SOC 2 compliance

Understand what your company needs to achieve SOC 2 compliance and protect customer data. Read more about the seven myths about SOC 2 compliance.

Katrina Dalao

February 27, 2024 4 min read

Learn more

Video

Third-Party Risk

6 must-know trends in third-party management

Watch this video for the five top trends shaping the third-party management industry this year.

February 15, 2024

Learn more

Video

Third-Party Risk

6 must-know trends in third-party management

Watch this video for the five top trends shaping the third-party management industry this year.

February 15, 2024

Learn more

Blog

Responsible AI

The importance of responsible AI use in data discovery

Learn more about the challenges AI usage presents to your data discovery process and how you can address them.

February 14, 2024 6 min read

Learn more

Blog

Responsible AI

The importance of responsible AI use in data discovery

Learn more about the challenges AI usage presents to your data discovery process and how you can address them.

February 14, 2024 6 min read

Learn more

Blog

Verantwortungsvolle KI

Die Bedeutung des verantwortungsvollen Einsatzes von KI bei der Datenermittlung

Erfahren Sie mehr darüber, welche Herausforderungen der Einsatz von KI für Ihren Datenermittlungsprozess mit sich bringt und wie Sie diese bewältigen.

Februar 14, 2024 6 min read

Learn more

Blog

Verantwortungsvolle KI

Die Bedeutung des verantwortungsvollen Einsatzes von KI bei der Datenermittlung

Erfahren Sie mehr darüber, welche Herausforderungen der Einsatz von KI für Ihren Datenermittlungsprozess mit sich bringt und wie Sie diese bewältigen.

Februar 14, 2024 6 min read

Learn more

Blog

IA responsable

La importancia del uso responsable de la IA en la localización de datos

Obtén más información sobre los desafíos que el uso de IA presenta en tu proceso de localización de datos y cómo puedes abordarlos.

febrero 14, 2024 6 min read

Learn more

Blog

IA responsable

La importancia del uso responsable de la IA en la localización de datos

Obtén más información sobre los desafíos que el uso de IA presenta en tu proceso de localización de datos y cómo puedes abordarlos.

febrero 14, 2024 6 min read

Learn more

Webinar

Technology Risk & Compliance

5 automation trends to modernize InfoSec compliance

Join our webinar for insights on transforming InfoSec program management. Navigate the complexities of modern security with a flexible, scalable, and cost-effective approach.

February 07, 2024

Learn more

Webinar

Technology Risk & Compliance

5 automation trends to modernize InfoSec compliance

Join our webinar for insights on transforming InfoSec program management. Navigate the complexities of modern security with a flexible, scalable, and cost-effective approach.

February 07, 2024

Learn more

Webinar

Third-Party Risk

A look back at 2023 & third-party management trends for the new year

Join this webinar as we discuss key trends for third-party management and lessons learned over the last year.

January 24, 2024

Learn more

Webinar

Third-Party Risk

A look back at 2023 & third-party management trends for the new year

Join this webinar as we discuss key trends for third-party management and lessons learned over the last year.

January 24, 2024

Learn more

Webinar

Third-Party Risk

Live demo EMEA: Master third-party risk management with OneTrust

Attend this demo to see how our TPRM solution can help you identify and mitigate risk as well as automate manual and repetitive tasks to ultimately reduce the time you spend managing your vendors

January 23, 2024

Learn more

Blog

Technology Risk & Compliance

Are you ready for PCI DSS v4.0? Countdown to compliance

Make sure your organization is ready for PCI DSS v4.0 with these simple action steps that help fast-track the path to compliance.

January 23, 2024 7 min read

Learn more

Blog

Technology Risk & Compliance

Are you ready for PCI DSS v4.0? Countdown to compliance

Make sure your organization is ready for PCI DSS v4.0 with these simple action steps that help fast-track the path to compliance.

January 23, 2024 7 min read

Learn more

Blog

GRC & Security Assurance

Gestion des risques IT et des risques tiers Retour d’expérience

Gestion des risques IT et des risques tiers avec la plateforme OneTrust : découvrez le témoignage du CISO d’Ubble –  Jérôme Raybaud !

janvier 04, 2024

Learn more

Blog

GRC & Security Assurance

Automatisation des certification ISO 27001, NIS2...

OneTrust Certification Automation vous aide à mettre en place, à développer et à automatiser votre programme de conformité InfoSec (ISO 27001, NIS2…).

janvier 03, 2024

Learn more

Blog

GRC & Security Assurance

Agir en matière de cybersécurité basée sur la confiance, de l’individu à l’entreprise

Face à l’augmentation des ransomwares et des incidents de sécurité,  tisser un tissu de confiance au sein de votre organisation est une opportunité de différenciation commerciale. 

janvier 03, 2024

Learn more

eBook

GRC & Security Assurance

Livre blanc : Certification ISO 27001, NIS2, SOC2… : automatisez votre programme InfoSec

Téléchargez notre e-book pour découvrir les fonctionnalités et les 23 cadres de référence pour automatiser votre programme de conformité InfoSec (ISO 27001, SOC2, NIS2, NIST, EUROPRIVACY, DORA…). 

décembre 28, 2023

Learn more

Webinaire

GRC & Security Assurance

Comment être certifié ISO 27001/NIS2 de manière rapide et efficace ?

Si vous êtes à la recherche d’opportunités d’automatisation pour renforcer les processus de certification et d’attestation de conformité, ne cherchez plus. Au cours de ce replay webinar démo, notre expert vous fera une démonstration de l’automatisation de la certification OneTrust.

décembre 21, 2023

Learn more

eBook

Technology Risk & Compliance

NIST CSF 2.0: Changes, impacts and opportunities for your Infosec program

Get your free guide to the NIST Cybersecurity Framework 2.0 and learn how its proposed changes will impact your InfoSec programs.

December 18, 2023

Learn more

eBook

Technology Risk & Compliance

NIST CSF 2.0: Changes, impacts and opportunities for your Infosec program

Get your free guide to the NIST Cybersecurity Framework 2.0 and learn how its proposed changes will impact your InfoSec programs.

December 18, 2023

Learn more

Resource Kit

Technology Risk & Compliance

NIST CSF essentials: Empowering cybersecurity excellence

Download our NIST CSF Essentials resource kit and master cybersecurity compliance with expert insights, strategies, and real-world case studies.

December 15, 2023

Learn more

Resource Kit

Technology Risk & Compliance

NIST CSF essentials: Empowering cybersecurity excellence

Download our NIST CSF Essentials resource kit and master cybersecurity compliance with expert insights, strategies, and real-world case studies.

December 15, 2023

Learn more

Blog

Technology Risk & Compliance

OneTrust prioritizes innovation to make trust a differentiator

Forrester recognizes OneTrust is on the path to become a holistic GRC solution.

December 11, 2023 3 min read

Learn more

Blog

Technology Risk & Compliance

OneTrust prioritizes innovation to make trust a differentiator

Forrester recognizes OneTrust is on the path to become a holistic GRC solution.

December 11, 2023 3 min read

Learn more

Report

Trust Intelligence

OneTrust named a strong performer in 2023 Forrester Governance, Risk, and Compliance Wave

Download the 2023 Forrester Wave report to explore why OneTrust is a strong performer in Governance, Risk, and Compliance, receiving top scores in vision, innovation, AI model risk, content delivery, and risk response. 

December 08, 2023

Learn more

Report

Trust Intelligence

OneTrust named a strong performer in 2023 Forrester Governance, Risk, and Compliance Wave

Download the 2023 Forrester Wave report to explore why OneTrust is a strong performer in Governance, Risk, and Compliance, receiving top scores in vision, innovation, AI model risk, content delivery, and risk response. 

December 08, 2023

Learn more

Blog

Data Discovery & Security

Collibra + OneTrust: Better together | Blog | OneTrust

Learn how OneTrust's collaboration with OneTrust can expand trust and compliance across your entire data landscape.

Ojas Rege

December 05, 2023 2 min read

Learn more

Blog

Data Discovery & Security

Collibra + OneTrust: Better together | Blog | OneTrust

Learn how OneTrust's collaboration with OneTrust can expand trust and compliance across your entire data landscape.

Ojas Rege

December 05, 2023 2 min read

Learn more

Blog

Data Discovery & Sicherheit

Collibra + OneTrust: Gemeinsam besser | Blog | OneTrust

Erfahren Sie, wie die Zusammenarbeit mit OneTrust das Vertrauen und die Compliance in Ihrer gesamten Datenlandschaft verbessern kann.

Ojas Rege

Dezember 05, 2023 2 min read

Learn more

Blog

Data Discovery & Sicherheit

Collibra + OneTrust: Gemeinsam besser | Blog | OneTrust

Erfahren Sie, wie die Zusammenarbeit mit OneTrust das Vertrauen und die Compliance in Ihrer gesamten Datenlandschaft verbessern kann.

Ojas Rege

Dezember 05, 2023 2 min read

Learn more

Webinar

Technology Risk & Compliance

Demonstrating GDPR compliance with Europrivacy criteria: The European Data Protection Seal

Join our webinar to learn more about the European Data Protection Seal and to find out what the key advantages of getting certified.

November 30, 2023

Learn more

Webinar

Technology Risk & Compliance

Demonstrating GDPR compliance with Europrivacy criteria: The European Data Protection Seal

Join our webinar to learn more about the European Data Protection Seal and to find out what the key advantages of getting certified.

November 30, 2023

Learn more

Webinar

Third-Party Risk

Utilizing inherent risk for more efficient third-party management

Insight into your third parties’ inherent risks can change the way you run your TPM program.

November 30, 2023

Learn more

Webinar

Third-Party Risk

Utilizing inherent risk for more efficient third-party management

Insight into your third parties’ inherent risks can change the way you run your TPM program.

November 30, 2023

Learn more

Data Sheet

Technology Risk & Compliance

Integrations to automate your framework compliance: ISO 27001, SOC 2, and NIST CSF

Explore how OneTrust integrations can help you automate compliance with today’s most popular InfoSec frameworks.

November 28, 2023

Learn more

Checklist

Technology Risk & Compliance

SOC 2 checklist: 8 steps to achieve compliance

This SOC 2 checklist provides clear action steps that enable you to mature your security program and fast-track your way to compliance.

November 28, 2023

Learn more

Checklist

Technology Risk & Compliance

SOC 2 checklist: 8 steps to achieve compliance

This SOC 2 checklist provides clear action steps that enable you to mature your security program and fast-track your way to compliance.

November 28, 2023

Learn more

Data Sheet

Technology Risk & Compliance

Integrations to automate your framework compliance: ISO 27001, SOC 2, and NIST CSF

Explore how OneTrust integrations can help you automate compliance with today’s most popular InfoSec frameworks.

November 28, 2023

Learn more

Blog

Internal Audit Management

SOC 2 compliance checklist: 8 steps to prepare your organization

Find the right SOC 2 compliance software that provides the features that best serve your business.

November 28, 2023 7 min read

Learn more

Blog

Internes Auditmanagement

SOC 2-Compliance-Checkliste: 8 Schritte zur Vorbereitung Ihres Unternehmens

Finden Sie die passende SOC 2-Compliance-Software für Ihr Unternehmen.

November 28, 2023 7 min read

Learn more

Blog

Internes Auditmanagement

SOC 2-Compliance-Checkliste: 8 Schritte zur Vorbereitung Ihres Unternehmens

Finden Sie die passende SOC 2-Compliance-Software für Ihr Unternehmen.

November 28, 2023 7 min read

Learn more

Blog

Internal Audit Management

SOC 2 compliance checklist: 8 steps to prepare your organization

Find the right SOC 2 compliance software that provides the features that best serve your business.

November 28, 2023 7 min read

Learn more

Webinar

Third-Party Risk

Elevating third-party safety: The art of TPRM and TPDD integration

Join our webinar to learn the primary goals of successful Third-Party Risk and Third-Party Due Diligence programs.

November 21, 2023

Learn more

Webinar

Third-Party Risk

Elevating third-party safety: The art of TPRM and TPDD integration

Join our webinar to learn the primary goals of successful Third-Party Risk and Third-Party Due Diligence programs.

November 21, 2023

Learn more

Blog

Third-Party Risk

Are your third parties a privacy compliance liability?

What role do third parties play in your privacy compliance efforts? Learn how the two functions overlap and ways to keep data secure across your supply chain.

Katrina Dalao

November 07, 2023 10 min read

Learn more

Blog

Third-Party Risk

Are your third parties a privacy compliance liability?

What role do third parties play in your privacy compliance efforts? Learn how the two functions overlap and ways to keep data secure across your supply chain.

Katrina Dalao

November 07, 2023 10 min read

Learn more

Blog

Gestion des risques tiers

Vos tiers constituent-ils un risque pour votre conformité en termes de confidentialité ?

Quel rôle les tiers jouent-ils dans votre conformité en matière de confidentialité ? Découvrez les connections entre les deux fonctions et comment garantir la sécurité des données dans votre chaîne d’approvisionnement.

Katrina Dalao

novembre 07, 2023 10 min read

Learn more

Blog

Gestion des risques tiers

Vos tiers constituent-ils un risque pour votre conformité en termes de confidentialité ?

Quel rôle les tiers jouent-ils dans votre conformité en matière de confidentialité ? Découvrez les connections entre les deux fonctions et comment garantir la sécurité des données dans votre chaîne d’approvisionnement.

Katrina Dalao

novembre 07, 2023 10 min read

Learn more

Blog

Riesgos de terceros

¿Son tus terceros una obligación en cuanto al cumplimiento normativo en materia de privacidad?

¿Qué papel desempeñan los terceros en tus esfuerzos de cumplimiento normativo en materia de privacidad? Descubre cómo se solapan las dos funciones y cómo mantener los datos seguros a lo largo de toda tu cadena de suministros.

Katrina Dalao

noviembre 07, 2023 10 min read

Learn more

Blog

Riesgos de terceros

¿Son tus terceros una obligación en cuanto al cumplimiento normativo en materia de privacidad?

¿Qué papel desempeñan los terceros en tus esfuerzos de cumplimiento normativo en materia de privacidad? Descubre cómo se solapan las dos funciones y cómo mantener los datos seguros a lo largo de toda tu cadena de suministros.

Katrina Dalao

noviembre 07, 2023 10 min read

Learn more

Webinar

Third-Party Risk

5 Ways to save time when assessing third parties for privacy and security risks webinar

Join our webinar and learn how to save time and streamline third-party risk assessment throughout the TPRM lifecycle.

October 25, 2023

Learn more

Webinar

Third-Party Risk

5 Ways to save time when assessing third parties for privacy and security risks webinar

Join our webinar and learn how to save time and streamline third-party risk assessment throughout the TPRM lifecycle.

October 25, 2023

Learn more

eBook

Technology Risk & Compliance

Navigating the ISO 27001 compliance journey eBook

In this guide, you’ll learn what ISO 27001 is, which steps to take at each phase of the process, and how automation can help you get and stay compliant.

October 16, 2023

Learn more

eBook

Technology Risk & Compliance

The ultimate survival guide to SOC 2 compliance

The SOC 2 compliance journey isn't an easy one. Use this guide to understand best practices to accomplish your goals.

October 16, 2023

Learn more

eBook

Technology Risk & Compliance

Navigating the ISO 27001 compliance journey eBook

In this guide, you’ll learn what ISO 27001 is, which steps to take at each phase of the process, and how automation can help you get and stay compliant.

October 16, 2023

Learn more

eBook

Technology Risk & Compliance

The ultimate survival guide to SOC 2 compliance

The SOC 2 compliance journey isn't an easy one. Use this guide to understand best practices to accomplish your goals.

October 16, 2023

Learn more

Blog

Data Discovery & Security

Data is the new currency: How to protect financial services information

The heavily-regulated financial services industry requires a thoughtful process for governing data.

Jason Koestenblatt

October 13, 2023 5 min read

Learn more

Blog

Data Discovery & Security

Data is the new currency: How to protect financial services information

The heavily-regulated financial services industry requires a thoughtful process for governing data.

Jason Koestenblatt

October 13, 2023 5 min read

Learn more

eBook

Third-Party Risk

Data privacy compliance and Third-Party Management: A unified approach

Understand the importance of data privacy in third-party risk management, and 10 best practices for achieving privacy compliance when working with third parties.

October 12, 2023

Learn more

eBook

Third-Party Risk

Data privacy compliance and Third-Party Management: A unified approach

Understand the importance of data privacy in third-party risk management, and 10 best practices for achieving privacy compliance when working with third parties.

October 12, 2023

Learn more

Blog

Third-Party Risk

Trust talks: Actioning trust-based cybersecurity from individual to enterprise

Security teams can help create and champion organizational trust despite interdepartmental silos

Jason Koestenblatt

October 09, 2023 4 min read

Learn more

Blog

GRC & Security Assurance

Digital transformation and the evolving cybersecurity landscape

As the technological landscape continues to evolve, teams are seeing increases in compliance obligations, regulations, and the proliferation of cloud technology.

Scott Solomon

October 09, 2023 3 min read

Learn more

Blog

Third-Party Risk

Trust talks: Actioning trust-based cybersecurity from individual to enterprise

Security teams can help create and champion organizational trust despite interdepartmental silos

Jason Koestenblatt

October 09, 2023 4 min read

Learn more

Blog

GRC & Security Assurance

Digital transformation and the evolving cybersecurity landscape

As the technological landscape continues to evolve, teams are seeing increases in compliance obligations, regulations, and the proliferation of cloud technology.

Scott Solomon

October 09, 2023 3 min read

Learn more

Infographic

Technology Risk & Compliance

Understanding Europe's Top InfoSec and Cybersec Frameworks

Learn the ins and outs of Europe’s top InfoSec and cybersec frameworks, including ISO 27001, UK Cyber Essentials, the NIS2 Directive, DORA, and more.

October 05, 2023

Learn more

Blog

Data Discovery & Security

Data governance principles: 4 best practices

Discovery and classification are necessary in data governance, but clarity and accountability are at the root of collaboration

Sam Curcuruto

October 05, 2023 3 min read

Learn more

Blog

Data Discovery & Security

Data governance principles: 4 best practices

Discovery and classification are necessary in data governance, but clarity and accountability are at the root of collaboration

Sam Curcuruto

October 05, 2023 3 min read

Learn more

Infographic

Technology Risk & Compliance

Understanding Europe's Top InfoSec and Cybersec Frameworks

Learn the ins and outs of Europe’s top InfoSec and cybersec frameworks, including ISO 27001, UK Cyber Essentials, the NIS2 Directive, DORA, and more.

October 05, 2023

Learn more

Blog

Data Discovery & Sicherheit

Grundsätze der Data Governance: 4 bewährte Verfahren

Ermittlung und Klassifizierung sind in der Data Governance unerlässlich, doch Klarheit und Verantwortlichkeit bilden die Grundlage für eine gute Zusammenarbeit.

Sam Curcuruto

Oktober 05, 2023 3 min read

Learn more

Blog

Data Discovery & Sicherheit

Grundsätze der Data Governance: 4 bewährte Verfahren

Ermittlung und Klassifizierung sind in der Data Governance unerlässlich, doch Klarheit und Verantwortlichkeit bilden die Grundlage für eine gute Zusammenarbeit.

Sam Curcuruto

Oktober 05, 2023 3 min read

Learn more

Infographic

Technology Risk & Compliance

5 key areas for improved automation in InfoSec compliance

Streamline and scale your organization’s InfoSec compliance program by focusing on these five key areas of automation.

October 02, 2023

Learn more

Blog

GRC & Security Assurance

Cybersecurity Awareness Month resource hub

The cybersecurity awareness hub pulls resources from our experts on the Security CoE, GRC, Privacy, DataGuidance, and TPRM teams to a central resource.

Jason Koestenblatt, Team Lead, Content Marketing

October 02, 2023 3 min read

Learn more

Blog

GRC & Security Assurance

October is Cybersecurity Awareness Month. So, what?

The Cybersecurity and Infrastructure Security Agency’s (CISA) created cybersecurity awareness month with the intent to educate and promote online safety.

Scott Solomon

October 02, 2023 3 min read

Learn more

Infographic

Technology Risk & Compliance

5 key areas for improved automation in InfoSec compliance

Streamline and scale your organization’s InfoSec compliance program by focusing on these five key areas of automation.

October 02, 2023

Learn more

Blog

GRC & Security Assurance

Cybersecurity Awareness Month resource hub

The cybersecurity awareness hub pulls resources from our experts on the Security CoE, GRC, Privacy, DataGuidance, and TPRM teams to a central resource.

Jason Koestenblatt, Team Lead, Content Marketing

October 02, 2023 3 min read

Learn more

Blog

GRC & Security Assurance

October is Cybersecurity Awareness Month. So, what?

The Cybersecurity and Infrastructure Security Agency’s (CISA) created cybersecurity awareness month with the intent to educate and promote online safety.

Scott Solomon

October 02, 2023 3 min read

Learn more

eBook

Technology Risk & Compliance

Prioritizing the right InfoSec frameworks for your organization

In this free eBook, we explore the basics of three top InfoSec frameworks and how to decide which is the best fit for your organization.

September 27, 2023

Learn more

eBook

Technology Risk & Compliance

Prioritizing the right InfoSec frameworks for your organization

In this free eBook, we explore the basics of three top InfoSec frameworks and how to decide which is the best fit for your organization.

September 27, 2023

Learn more

Blog

Data Discovery & Security

Data governance builds trust, drives positive healthcare outcomes

Discovering and governing sensitive healthcare data helps professionals focus on treatment.

Sam Curcuruto

September 26, 2023 4 min read

Learn more

Blog

Data Discovery & Security

Data governance builds trust, drives positive healthcare outcomes

Discovering and governing sensitive healthcare data helps professionals focus on treatment.

Sam Curcuruto

September 26, 2023 4 min read

Learn more

Webinar

Third-Party Risk

Live Demo EMEA: How OneTrust can help advance your third-party risk management program

Join us for a live demo of OneTrust's third-party risk management solution and see how it can help automate and streamline your TPRM program.

September 19, 2023

Learn more

Webinar

Third-Party Risk

Live Demo EMEA: How OneTrust can help advance your third-party risk management program

Join us for a live demo of OneTrust's third-party risk management solution and see how it can help automate and streamline your TPRM program.

September 19, 2023

Learn more

Blog

GRC & Security Assurance

Making enterprise risk manageable for the CISO

Created internally or externally, organizations are handling tons of data — all of which can impact your risk posture. Learn more about empowering the business with enterprise risk management.

Riyaz Habibbhai

September 18, 2023 3 min read

Learn more

Blog

Technology Risk & Compliance

Collect once, comply many: Scale your resources and optimize compliance

Create efficiencies and increase visibility by scoping, monitoring, and communicating your compliance posture.

Riyaz Habibbhai

September 18, 2023 5 min read

Learn more

Blog

Technology Risk & Compliance

Collect once, comply many: Scale your resources and optimize compliance

Create efficiencies and increase visibility by scoping, monitoring, and communicating your compliance posture.

Riyaz Habibbhai

September 18, 2023 5 min read

Learn more

Blog

GRC & Security Assurance

Making enterprise risk manageable for the CISO

Created internally or externally, organizations are handling tons of data — all of which can impact your risk posture. Learn more about empowering the business with enterprise risk management.

Riyaz Habibbhai

September 18, 2023 3 min read

Learn more

Blog

Data Discovery & Classification

How to better govern your unstructured data

Learn how data governance can help protect your customers' sensitive data as well as meet the legal and security challenges posed by unstructured data.

Jason Koestenblatt

September 13, 2023 5 min read

Learn more

Blog

Data Discovery & Classification

How to better govern your unstructured data

Learn how data governance can help protect your customers' sensitive data as well as meet the legal and security challenges posed by unstructured data.

Jason Koestenblatt

September 13, 2023 5 min read

Learn more

Webinar

GRC & Security Assurance

Breaking down Europe’s top InfoSec & Cybersecurity frameworks: Tips to evaluate your current state or next steps

In this webinar, we examine the ISO/IEC 27001 and how it compares to other cybersecurity frameworks and regulations such as the SOC 2 and the EU Cybersecurity Act.

September 12, 2023

Learn more

Webinar

GRC & Security Assurance

Breaking down Europe’s top InfoSec & Cybersecurity frameworks: Tips to evaluate your current state or next steps

In this webinar, we examine the ISO/IEC 27001 and how it compares to other cybersecurity frameworks and regulations such as the SOC 2 and the EU Cybersecurity Act.

September 12, 2023

Learn more

Webinar

Third-Party Risk

Where contracting fits in the third-party risk lifecycle: 5 opportunities for optimization

Join this webinar to learn how to manage the third-party risk lifecycle across teams while optimizing your processes with automation.

September 07, 2023

Learn more

Webinar

Third-Party Risk

Where contracting fits in the third-party risk lifecycle: 5 opportunities for optimization

Join this webinar to learn how to manage the third-party risk lifecycle across teams while optimizing your processes with automation.

September 07, 2023

Learn more

Blog

Data Discovery & Security

What is data governance?

Learn how to build an effective data governance program and the tools you need to unlock the value of your data.

Jason Koestenblatt

September 06, 2023 5 min read

Learn more

Blog

Internal Audit Management

What is NIST CSF? Everything you need to know

Learn about the NIST CSF and explore how this cybersecurity framework may benefit your organization.

Katrina Dalao

August 10, 2023 7 min read

Learn more

Blog

Internal Audit Management

What is NIST CSF? Everything you need to know

Learn about the NIST CSF and explore how this cybersecurity framework may benefit your organization.

Katrina Dalao

August 10, 2023 7 min read

Learn more

Resource Kit

Technology Risk & Compliance

PCI DSS essentials: A resource collection for compliance

Achieve PCI DSS standard compliance with our comprehsive guide to safeguarding your organization's payment card data.

August 09, 2023

Learn more

Resource Kit

Technology Risk & Compliance

PCI DSS essentials: A resource collection for compliance

Achieve PCI DSS standard compliance with our comprehsive guide to safeguarding your organization's payment card data.

August 09, 2023

Learn more

Blog

Internal Audit Management

What’s the difference between NIST 800-53 vs. NIST 800-171?

Understand which cybersecurity framework applies to your organization

Katrina Dalao

August 08, 2023 9 min read

Learn more

Blog

Internal Audit Management

What’s the difference between NIST 800-53 vs. NIST 800-171?

Understand which cybersecurity framework applies to your organization

Katrina Dalao

August 08, 2023 9 min read

Learn more

Blog

Internal Audit Management

PCI DSS 4.0: Your questions answered

Prepare your organization for PCI DSS 4.0 with these resources from audit and security professionals.

August 02, 2023 8 min read

Learn more

Blog

Internal Audit Management

PCI DSS 4.0: Your questions answered

Prepare your organization for PCI DSS 4.0 with these resources from audit and security professionals.

August 02, 2023 8 min read

Learn more

Webinar

Third-Party Risk

Staying vigilant: 7 practical tips for ongoing third-party risk monitoring

In this webinar, we'll share seven practical tips for effective third-party risk monitoring, helping you to identify new risks and take timely action to protect your business.

August 01, 2023

Learn more

Webinar

Third-Party Risk

Staying vigilant: 7 practical tips for ongoing third-party risk monitoring

In this webinar, we'll share seven practical tips for effective third-party risk monitoring, helping you to identify new risks and take timely action to protect your business.

August 01, 2023

Learn more

eBook

Internal Audit Management

The future of PCI DSS: Prepare your organization for v4.0

Learn the new PCI DSS v4.0 requirements and prepare your organization for compliance in six steps.

July 28, 2023

Learn more

eBook

Internal Audit Management

The future of PCI DSS: Prepare your organization for v4.0

Learn the new PCI DSS v4.0 requirements and prepare your organization for compliance in six steps.

July 28, 2023

Learn more

Infographic

Third-Party Risk

What are your third parties not telling you?

Learn how to actively screen and monitor your third parties in the OneTrust Third-Party Risk Exchange.

July 24, 2023

Learn more

Infographic

Third-Party Risk

What are your third parties not telling you?

Learn how to actively screen and monitor your third parties in the OneTrust Third-Party Risk Exchange.

July 24, 2023

Learn more

Webinar

Third-Party Risk

Automating third-party management workflows: 5 ways to drive alignment across teams

Join us as we explore how automating third-party management workflows streamlines processes, drives alignment across teams, and reduces reduntant work.

July 19, 2023

Learn more

Webinar

Third-Party Risk

Automating third-party management workflows: 5 ways to drive alignment across teams

Join us as we explore how automating third-party management workflows streamlines processes, drives alignment across teams, and reduces reduntant work.

July 19, 2023

Learn more

Blog

Third-Party Risk

How to start a third-party risk management program: Implement effective processes across your organization

Learn how to implement an effective third-party risk management program that meets your organization's needs.

Katrina Dalao

July 11, 2023 5 min read

Learn more

Blog

Third-Party Risk

How to start a third-party risk management program: Monitor and maintain performance

How to start a third-party risk management program: Monitor and maintain performance

Katrina Dalao

July 11, 2023 5 min read

Learn more

Blog

Third-Party Risk

How to start a third-party risk management program: Get leadership buy-in

Create a TPRM program that addresses your organization’s highest security risks and aligns with strategic objectives

Katrina Dalao

July 11, 2023 5 min read

Learn more

Blog

Third-Party Risk

How to start a third-party risk management program: Implement effective processes across your organization

Learn how to implement an effective third-party risk management program that meets your organization's needs.

Katrina Dalao

July 11, 2023 5 min read

Learn more

Blog

Third-Party Risk

How to start a third-party risk management program: Monitor and maintain performance

How to start a third-party risk management program: Monitor and maintain performance

Katrina Dalao

July 11, 2023 5 min read

Learn more

Blog

Third-Party Risk

How to start a third-party risk management program: Get leadership buy-in

Create a TPRM program that addresses your organization’s highest security risks and aligns with strategic objectives

Katrina Dalao

July 11, 2023 5 min read

Learn more

Blog

Internal Audit Management

What's new in PCI DSS v4.0: How to prepare your organization

Keep your account data safe with the latest payment security standard

Katrina Dalao

July 10, 2023 7 min read

Learn more

Blog

Internal Audit Management

What's new in PCI DSS v4.0: How to prepare your organization

Keep your account data safe with the latest payment security standard

Katrina Dalao

July 10, 2023 7 min read

Learn more

Webinar

Third-Party Risk

Are your third parties a privacy compliance liability? 5 tips to reduce your exposure

Join our webinar and learn how to create an effective, privacy-focused third-party risk management (TPRM) program that streamlines recordkeeping and reduces your risk exposure.

July 05, 2023

Learn more

Webinar

Third-Party Risk

Are your third parties a privacy compliance liability? 5 tips to reduce your exposure

Join our webinar and learn how to create an effective, privacy-focused third-party risk management (TPRM) program that streamlines recordkeeping and reduces your risk exposure.

July 05, 2023

Learn more

Data Sheet

Technology Risk & Compliance

Certification Automation: Managing PCI DSS compliance

See how OneTrust Certification Automation streamlines PCI DSS compliance by identifying controls and requirements with automation.

July 05, 2023

Learn more

Blog

Third-Party Risk

How to start a third-party risk management program: Understand the types of third-party risks

Learn about the different types of third-party risks and how to address each one

Katrina Dalao

June 29, 2023 6 min read

Learn more

Blog

Third-Party Risk

How to start a third-party risk management program: Understand the types of third-party risks

Learn about the different types of third-party risks and how to address each one

Katrina Dalao

June 29, 2023 6 min read

Learn more

Webinar

Technology Risk & Compliance

How to successfully implement ISO 27001 to demonstrate security and assurance across any jurisdiction

Join our live webinar and hear from security professionals on how to get ISO 27001 certified, streamline audit preparation, and demonstrate security assurance across any regulatory jurisdiction.

June 28, 2023

Learn more

Webinar

Technology Risk & Compliance

How to successfully implement ISO 27001 to demonstrate security and assurance across any jurisdiction

Join our live webinar and hear from security professionals on how to get ISO 27001 certified, streamline audit preparation, and demonstrate security assurance across any regulatory jurisdiction.

June 28, 2023

Learn more

Video

Third-Party Risk

Third-party management demo

See how OneTrust's third-party management solution can help scale your third-party lifecycle and evaluate vendors with real-time risk intelligence.

June 27, 2023

Learn more

Video

Third-Party Risk

Third-party management demo

See how OneTrust's third-party management solution can help scale your third-party lifecycle and evaluate vendors with real-time risk intelligence.

June 27, 2023

Learn more

Video

GRC & Security Assurance

Third-party risk exchange demo

The OneTrust Vendor Risk Management provides businesses access to pre-completed vendor risk assessments while supporting industry standards.

June 22, 2023

Learn more

Video

GRC & Security Assurance

Third-party risk exchange demo

The OneTrust Vendor Risk Management provides businesses access to pre-completed vendor risk assessments while supporting industry standards.

June 22, 2023

Learn more

Infographic

Technology Risk & Compliance

Working toward compliance with PCI DSS v4.0

Learn the key considerations of the PCI DSS v4.0 security standard and plan your next steps towards compliance with this free infographic.

June 16, 2023

Learn more

Infographic

Technology Risk & Compliance

Working toward compliance with PCI DSS v4.0

Learn the key considerations of the PCI DSS v4.0 security standard and plan your next steps towards compliance with this free infographic.

June 16, 2023

Learn more

Blog

Data Discovery & Classification

Shifting left: Classifying and managing data sprawl at collection

Learn how to effectively discover and classify data by staring near the point of data collection to avoid data sprawl and inaccuracies.

June 15, 2023 2 min read

Learn more

Blog

Data Discovery & Classification

Shifting left: Classifying and managing data sprawl at collection

Learn how to effectively discover and classify data by staring near the point of data collection to avoid data sprawl and inaccuracies.

June 15, 2023 2 min read

Learn more

Blog

Technology Risk & Compliance

What is a PCI DSS self-assessment questionnaire?

Self-assessment questionnaires help evaluate and prove PCI DSS compliance. Find out which SAQ is right for your organization

Katrina Dalao

June 15, 2023 5 min read

Learn more

Blog

Technology Risk & Compliance

What is a PCI DSS self-assessment questionnaire?

Self-assessment questionnaires help evaluate and prove PCI DSS compliance. Find out which SAQ is right for your organization

Katrina Dalao

June 15, 2023 5 min read

Learn more

Seminario web

GRC y garantía de seguridad

OneTrust Certification Automation: Facilita el cumplimiento de ISO 27001 y NIS2, y muchos otros marcos y normas

Construye, escala y automatiza tu programa de cumplimiento InfoSec.

junio 15, 2023

Learn more

Blog

Internal Audit Management

What is PCI DSS?

Learn the basics about PCI DSS, how it applies to your organization, and what you need to prove compliance.

Katrina Dalao

June 14, 2023 7 min read

Learn more

Blog

Internal Audit Management

What is PCI DSS?

Learn the basics about PCI DSS, how it applies to your organization, and what you need to prove compliance.

Katrina Dalao

June 14, 2023 7 min read

Learn more

Webinar

Third-Party Risk

Third-party data breach incident response: Essential workflows for effective recovery

Join OneTrust and HackNotice as we discuss effective ways to protect your organization from third-party data breaches and build strong incident response workflows. 

June 13, 2023

Learn more

Webinar

Third-Party Risk

Third-party data breach incident response: Essential workflows for effective recovery

Join OneTrust and HackNotice as we discuss effective ways to protect your organization from third-party data breaches and build strong incident response workflows. 

June 13, 2023

Learn more

Blog

Internal Audit Management

Beginner's guide to PCI DSS compliance

If your organization stores, processes, or transmits cardholder data, you’ll need to be PCI DSS compliant. Here’s how.

Katrina Dalao

June 13, 2023 9 min read

Learn more

Blog

Internal Audit Management

Beginner's guide to PCI DSS compliance

If your organization stores, processes, or transmits cardholder data, you’ll need to be PCI DSS compliant. Here’s how.

Katrina Dalao

June 13, 2023 9 min read

Learn more

Webinar

Third-Party Risk

Bridging the gap: How procurement and InfoSec can work together to reduce third-party risks

Join our upcoming webinar as we explore the pivotal ways procurement and InfoSec teams can collaborate to reduce third-party risks.

June 08, 2023

Learn more

Webinar

Third-Party Risk

Bridging the gap: How procurement and InfoSec can work together to reduce third-party risks

Join our upcoming webinar as we explore the pivotal ways procurement and InfoSec teams can collaborate to reduce third-party risks.

June 08, 2023

Learn more

Blog

Data Discovery & Classification

Discover and connect to all your data in any environment

OneTrust Data Discovery has mass coverage with 200 pre-built connectors, and an open SDK for custom data sources

Sam Curcuruto

June 08, 2023 2 min read

Learn more

Blog

Data Discovery & Classification

Discover and connect to all your data in any environment

OneTrust Data Discovery has mass coverage with 200 pre-built connectors, and an open SDK for custom data sources

Sam Curcuruto

June 08, 2023 2 min read

Learn more

eBook

Third-Party Risk

InfoSec's guide to third-party risk management: Key considerations and best practices

Download our eBook to learn practical advice on how to approach third-party risk management like an InfoSec expert.

June 05, 2023

Learn more

eBook

Third-Party Risk

InfoSec's guide to third-party risk management: Key considerations and best practices

Download our eBook to learn practical advice on how to approach third-party risk management like an InfoSec expert.

June 05, 2023

Learn more

Blog

Third-Party Risk

HackNotice and OneTrust partner for deeper third-party threat intelligence

OneTrust customers can take advantage of HackNotice’s near real-time breach alerts.

June 01, 2023 3 min read

Learn more

Blog

Third-Party Risk

HackNotice and OneTrust partner for deeper third-party threat intelligence

OneTrust customers can take advantage of HackNotice’s near real-time breach alerts.

June 01, 2023 3 min read

Learn more

Webinar

Third-Party Risk

Unpacking the third-party risk regulatory landscape in the Nordic region and beyond

In this live webinar, our expert panel discuss emerging third-party risk regulatory trends in the Nordic region and show how OneTrust can help your business stay complaint.

May 30, 2023

Learn more

Webinar

Third-Party Risk

Unpacking the third-party risk regulatory landscape in the Nordic region and beyond

In this live webinar, our expert panel discuss emerging third-party risk regulatory trends in the Nordic region and show how OneTrust can help your business stay complaint.

May 30, 2023

Learn more

Blog

Data Discovery & Classification

How a data discovery solution keeps your organization secure

Finding and classifying data is just the first step in your discovery and security process

Jason Koestenblatt

May 25, 2023 5 min read

Learn more

Blog

Data Discovery & Classification

How a data discovery solution keeps your organization secure

Finding and classifying data is just the first step in your discovery and security process

Jason Koestenblatt

May 25, 2023 5 min read

Learn more

Webinar

GRC & Security Assurance

Live demo EMEA: How to monitor third-party risks with OneTrust

Join us for a live demo of OneTrust's Third-Party Management capabilities and how  our holistic approach helps you monitor and screen third parties across critial risk domains with up-to-date intelligence.

May 23, 2023

Learn more

Webinar

Third-Party Risk

Live demo: How to monitor third-party risks with OneTrust

In this webinar, see how OneTrust's Third-Party Management can help you build a more holistic program that actively monitors your third parties and lowers your risk exposure.

May 23, 2023

Learn more

Blog

Data Discovery & Security

ROT data is a security issue: How are you handling it?

Automating data discovery is the first step in classifying obsolete digital information

Sam Curcuruto

May 23, 2023 3 min read

Learn more

Blog

Data Discovery & Security

ROT data is a security issue: How are you handling it?

Automating data discovery is the first step in classifying obsolete digital information

Sam Curcuruto

May 23, 2023 3 min read

Learn more

Blog

Data Discovery & Classification

Data discovery helps governance teams stay secure

Data governance is needed for organizations to meet compliance requirements

Sam Curcuruto

May 18, 2023 3 min read

Learn more

Blog

Data Discovery & Classification

Data discovery helps governance teams stay secure

Data governance is needed for organizations to meet compliance requirements

Sam Curcuruto

May 18, 2023 3 min read

Learn more

Data Sheet

Data Discovery & Security

Employee onboarding and offboarding management

Download our onboarding and offboarding management data sheet and learn how OneTrust Certification Automation can help reduce your risk exposure and improve compliance.

May 17, 2023

Learn more

Data Sheet

Data Discovery & Security

Employee onboarding and offboarding management

Download our onboarding and offboarding management data sheet and learn how OneTrust Certification Automation can help reduce your risk exposure and improve compliance.

May 17, 2023

Learn more

Blog

Data Discovery & Classification

Why is data minimization important for your security teams?

Unused digital information is an easy target for hackers, increasing your organization’s risk 

May 16, 2023 2 min read

Learn more

Blog

Data Discovery & Classification

Why is data minimization important for your security teams?

Unused digital information is an easy target for hackers, increasing your organization’s risk 

May 16, 2023 2 min read

Learn more

Data Sheet

Technology Risk & Compliance

Compliance Automation external audit management

Take a look at how OneTrust Compliance Automation can help streamline your preparation for audits, drive accountability, and track results.

May 16, 2023

Learn more

Data Sheet

Technology Risk & Compliance

Compliance Automation external audit management

Take a look at how OneTrust Compliance Automation can help streamline your preparation for audits, drive accountability, and track results.

May 16, 2023

Learn more

Blog

GRC & Security Assurance

Data retention policies should be automated to reduce risk

Tooling can create benefits for the organization while staying compliant with regulations

Jason Koestenblatt

May 11, 2023 4 min read

Learn more

Blog

GRC & Security Assurance

Data retention policies should be automated to reduce risk

Tooling can create benefits for the organization while staying compliant with regulations

Jason Koestenblatt

May 11, 2023 4 min read

Learn more

Blog

Internal Audit Management

How to reduce audit fatigue: 5 remedies for InfoSec pros

How do you alleviate audit fatigue in your InfoSec team? Here are 5 practical remedies to reduce the stress and workload of frequent security audits

Katrina Dalao

May 08, 2023 8 min read

Learn more

Blog

Internal Audit Management

How to reduce audit fatigue: 5 remedies for InfoSec pros

How do you alleviate audit fatigue in your InfoSec team? Here are 5 practical remedies to reduce the stress and workload of frequent security audits

Katrina Dalao

May 08, 2023 8 min read

Learn more

Blog

Data Discovery & Classification

How automation helps reduce your sensitive data footprint

Establish data retention and minimization policies to reduce your organization’s attack surface

Sam Curcuruto

May 05, 2023 4 min read

Learn more

Blog

Data Discovery & Classification

How automation helps reduce your sensitive data footprint

Establish data retention and minimization policies to reduce your organization’s attack surface

Sam Curcuruto

May 05, 2023 4 min read

Learn more

Blog

Data Discovery & Classification

Expanding our data discovery leadership with machine learning classification tools

Learn how OneTrust Data Discovery uses AI, machine learning, and privacy by design to ensure responsible and compliant data governance.

Sam Curcuruto

May 04, 2023 3 min read

Learn more

Blog

Data Discovery & Classification

Expanding our data discovery leadership with machine learning classification tools

Learn how OneTrust Data Discovery uses AI, machine learning, and privacy by design to ensure responsible and compliant data governance.

Sam Curcuruto

May 04, 2023 3 min read

Learn more

Blog

Internal Audit Management

What is information security compliance?

What is InfoSec compliance? Learn why compliance is essential for your organization and how it safeguards against cyberthreats.

Katrina Dalao

May 04, 2023 7 min read

Learn more

Blog

Internal Audit Management

What is information security compliance?

What is InfoSec compliance? Learn why compliance is essential for your organization and how it safeguards against cyberthreats.

Katrina Dalao

May 04, 2023 7 min read

Learn more

Webinar

GRC & Security Assurance

Certification Automation live product demo EMEA

Learn how OneTrust Certification Automation can help you scope, track, and manage security compliance holistically across complex operations.

April 26, 2023

Learn more

Webinar

GRC & Security Assurance

Certification Automation live product demo EMEA

Learn how OneTrust Certification Automation can help you scope, track, and manage security compliance holistically across complex operations.

April 26, 2023

Learn more

Infographic

GRC & Security Assurance

Types of IT security frameworks

Download our list of 18 of the most popular security frameworks and see which would be the best fit for your Infosec program.

April 26, 2023

Learn more

Infographic

GRC & Security Assurance

Types of IT security frameworks

Download our list of 18 of the most popular security frameworks and see which would be the best fit for your Infosec program.

April 26, 2023

Learn more

eBook

Technology Risk & Compliance

5 Levels of InfoSec compliance maturity

Effectively assess your organization's InfoSec maturity level and elevate your program with our InfoSec compliance maturity guide.

April 26, 2023

Learn more

eBook

Technology Risk & Compliance

5 Levels of InfoSec compliance maturity

Effectively assess your organization's InfoSec maturity level and elevate your program with our InfoSec compliance maturity guide.

April 26, 2023

Learn more

Webinar

GRC & Security Assurance

5 automation trends to scale and modernize your infosec compliance program

Legacy InfoSec practices are inefficient and must shift to flexible, scalable, and cost-effective automation to support CISOs in today’s complex risk landscape.

April 13, 2023

Learn more

Webinar

GRC & Security Assurance

5 automation trends to scale and modernize your infosec compliance program

Legacy InfoSec practices are inefficient and must shift to flexible, scalable, and cost-effective automation to support CISOs in today’s complex risk landscape.

April 13, 2023

Learn more

Infographic

Third-Party Risk

Third-party risk: A growing spiderweb

The number of businesses and third-party suppliers has increased, widening the risk landscape. This infographic shows how businesses are managing that risk.

April 03, 2023

Learn more

Infographic

Third-Party Risk

Third-party risk: A growing spiderweb

The number of businesses and third-party suppliers has increased, widening the risk landscape. This infographic shows how businesses are managing that risk.

April 03, 2023

Learn more

Webinar

GRC e garanzia di sicurezza

Programma TPRM: 5 step per il successo della Gestione del Rischio di Terzi

In questo webinar presentiamo un programma TPRM di successo. Questa sessione si concentra sulle considerazioni chiave per la gestione delle terze parti e consente alla vostra azienda di costruire una base solida e scalabile per garantire il successo a lungo termine.

marzo 30, 2023

Learn more

Webinar

GRC e garanzia di sicurezza

Programma TPRM: 5 step per il successo della Gestione del Rischio di Terzi

In questo webinar presentiamo un programma TPRM di successo. Questa sessione si concentra sulle considerazioni chiave per la gestione delle terze parti e consente alla vostra azienda di costruire una base solida e scalabile per garantire il successo a lungo termine.

marzo 30, 2023

Learn more

Blog

Third-Party Risk

How to manage third-party risk across your entire business

Businesses need a comprehensive third-party management strategy covering all aspects of their relationships with third parties, such as security, privacy, ethics, and ESG.

March 08, 2023 7 min read

Learn more

Blog

Third-Party Risk

How to manage third-party risk across your entire business

Businesses need a comprehensive third-party management strategy covering all aspects of their relationships with third parties, such as security, privacy, ethics, and ESG.

March 08, 2023 7 min read

Learn more

Blog

Third-Party Risk

Why data privacy and third-party risk teams need to work together

Sharing information and resources across organizational silos is mutually beneficial for teams with the common goal of mitigating data privacy risk.

Scott Solomon

March 07, 2023 6 min read

Learn more

Blog

Technology Risk & Compliance

How to manage privacy and security compliance? 6 questions with GRC experts

Our GRC experts discuss how privacy and security compliance are evolving to meet modern market demands and ushering in a whole new era of automation.

Katrina Dalao, Sr. Content Marketing Specialist, OneTrust

March 07, 2023 8 min read

Learn more

Blog

Third-Party Risk

Why data privacy and third-party risk teams need to work together

Sharing information and resources across organizational silos is mutually beneficial for teams with the common goal of mitigating data privacy risk.

Scott Solomon

March 07, 2023 6 min read

Learn more

Blog

Technology Risk & Compliance

How to manage privacy and security compliance? 6 questions with GRC experts

Our GRC experts discuss how privacy and security compliance are evolving to meet modern market demands and ushering in a whole new era of automation.

Katrina Dalao, Sr. Content Marketing Specialist, OneTrust

March 07, 2023 8 min read

Learn more

Blog

Technology Risk & Compliance

Understanding IT security frameworks: Types and examples

Security frameworks are roadmaps for developing and implementing effective security programs that protect organizations from threats and vulnerabilities.

Katrina Dalao

March 06, 2023 11 min read

Learn more

Blog

Technology Risk & Compliance

Understanding IT security frameworks: Types and examples

Security frameworks are roadmaps for developing and implementing effective security programs that protect organizations from threats and vulnerabilities.

Katrina Dalao

March 06, 2023 11 min read

Learn more

Blog

Technology Risk & Compliance

5 ways leaders are automating their GRC programs in 2023

Learn five top functional categories GRC professionals and leaders identify as priorities for creating a mature and meaningful automation strategy.

March 02, 2023 4 min read

Learn more

Blog

Technology Risk & Compliance

5 ways leaders are automating their GRC programs in 2023

Learn five top functional categories GRC professionals and leaders identify as priorities for creating a mature and meaningful automation strategy.

March 02, 2023 4 min read

Learn more

Infographic

Technology Risk & Compliance

How leaders see integrated automation as the best path to a mature GRC program

Our infographic highlights the results of an IDC survey that revealed how GRC leaders believe automation is key to building a more mature GRC program. 

February 28, 2023

Learn more

Infographic

Technology Risk & Compliance

How leaders see integrated automation as the best path to a mature GRC program

Our infographic highlights the results of an IDC survey that revealed how GRC leaders believe automation is key to building a more mature GRC program. 

February 28, 2023

Learn more

Webinar

GRC & Security Assurance

Combating InfoSec compliance fatigue: Insights for navigating growingly complex requirements

In this webinar, you will hear first-hand from information security experts experts what are the key pain-points and their strategies to be audit ready. 

February 27, 2023

Learn more

Webinar

GRC & Security Assurance

Combating InfoSec compliance fatigue: Insights for navigating growingly complex requirements

In this webinar, you will hear first-hand from information security experts experts what are the key pain-points and their strategies to be audit ready. 

February 27, 2023

Learn more

Blog

Technology Risk & Compliance

10 GRC trends: What’s next for governance, risk, and compliance?

Cybersecurity, third-party risk, and other policies fall under the GRC domain. Here are the top 10 emerging drivers and trends shaping security compliance.

Katrina Dalao

February 23, 2023 5 min read

Learn more

Blog

Technology Risk & Compliance

10 GRC trends: What’s next for governance, risk, and compliance?

Cybersecurity, third-party risk, and other policies fall under the GRC domain. Here are the top 10 emerging drivers and trends shaping security compliance.

Katrina Dalao

February 23, 2023 5 min read

Learn more

Webinar

Technology Risk & Compliance

Introducing OneTrust Certification Automation: Build, scale, and automate your InfoSec compliance program webinar

In this webinar, learn how to right-size your compliance scope for different frameworks across various business dimensions and enable an agile audit process.

February 15, 2023

Learn more

Webinar

Technology Risk & Compliance

Introducing OneTrust Certification Automation: Build, scale, and automate your InfoSec compliance program webinar

In this webinar, learn how to right-size your compliance scope for different frameworks across various business dimensions and enable an agile audit process.

February 15, 2023

Learn more

Webinar

GRC & Security Assurance

Introducing OneTrust Certification Automation: Reinforce privacy accountability with automated InfoSec compliance

Learn how to enable an agile audit process by breaking down complex InfoSec requirements into actionable tasks to help automate your compliance program.

February 10, 2023

Learn more

Blog

GRC & Security Assurance

7 steps to comply with ISO 31700-1:2023 (standard on Privacy by Design)

This standard looks to define clear rules for organizations around how consumers’ personal information is processed and how consumer privacy is addressed throughout the product lifecycle

Linda Thielova

February 10, 2023 7 min read

Learn more

Webinar

GRC & Security Assurance

Introducing OneTrust Certification Automation: Reinforce privacy accountability with automated InfoSec compliance

Learn how to enable an agile audit process by breaking down complex InfoSec requirements into actionable tasks to help automate your compliance program.

February 10, 2023

Learn more

Blog

GRC & Security Assurance

7 steps to comply with ISO 31700-1:2023 (standard on Privacy by Design)

This standard looks to define clear rules for organizations around how consumers’ personal information is processed and how consumer privacy is addressed throughout the product lifecycle

Linda Thielova

February 10, 2023 7 min read

Learn more

Webinar

Privacy & Data Governance

Data Protection in Financial Services Week: Insurance – the privacy and cyber issues

This session focuses on emerging issues impacting data privacy and cybersecurity in the insurance and reinsurance industry and its cyber insurance products. 

February 08, 2023

Learn more

Webinar

Privacy & Data Governance

Data Protection in Financial Services Week: Insurance – the privacy and cyber issues

This session focuses on emerging issues impacting data privacy and cybersecurity in the insurance and reinsurance industry and its cyber insurance products. 

February 08, 2023

Learn more

Webinar

Privacy Management

Data Protection in Financial Services Week: Managing cybersecurity in financial services

This first session will provide a real-time view from the trenches from a globally-recognized leader in cyber operational collaboration and defense.

February 07, 2023

Learn more

Webinar

Privacy Management

Data Protection in Financial Services Week: Managing cybersecurity in financial services

This first session will provide a real-time view from the trenches from a globally-recognized leader in cyber operational collaboration and defense.

February 07, 2023

Learn more

Report

Data Discovery & Security

How to Build a Data Governance Practice Report | Resources | OneTrust

Get your copy of Building a Data Governance Framework today and take the first step towards building a strong, secure data governance system.

February 03, 2023

Learn more

eBook

GRC & Security Assurance

Navigating the ISO 27001 compliance journey eBook

In this guide, you’ll learn what ISO 27001 is, which steps to take at each phase of the process, and how automation can help you get and stay compliant.

January 17, 2023

Learn more

Blog

Third-Party Risk

Build trust, promote your program in the Third-Party Risk Exchange

The Third-Party Risk Exchange allows businesses to learn more about each other's security posture, offer SIG Lite assessments on-demand, and more.

Pranav Menem

January 10, 2023 3 min read

Learn more

Blog

Third-Party Risk

Build trust, promote your program in the Third-Party Risk Exchange

The Third-Party Risk Exchange allows businesses to learn more about each other's security posture, offer SIG Lite assessments on-demand, and more.

Pranav Menem

January 10, 2023 3 min read

Learn more

Blog

Third-Party Risk

As third-party needs sprawl, so do risk management investments

From a new focus on ESG to a renewed need for cybersecurity, third-party and vendor risk management solutions have become a priority for organizations.

Jason Koestenblatt

January 04, 2023 3 min read

Learn more

Blog

Third-Party Risk

As third-party needs sprawl, so do risk management investments

From a new focus on ESG to a renewed need for cybersecurity, third-party and vendor risk management solutions have become a priority for organizations.

Jason Koestenblatt

January 04, 2023 3 min read

Learn more

Webinar

GRC & Security Assurance

How to automate compliance for ISO 27001 – Scoping and streamlining control management for the latest InfoSec landscape

In this session we'll showcase how OneTrust Certification Automation can help you streamline control management for the latest InfoSec landscape.

December 14, 2022

Learn more

Infographic

Technology Risk & Compliance

ISO 27001: Global changes and impact to your compliance program

This infographic will explain how the updates to the ISO 27001 framework will have a huge impact on information security programs across all industries.

December 14, 2022

Learn more

Webinar

GRC & Security Assurance

How to automate compliance for ISO 27001 – Scoping and streamlining control management for the latest InfoSec landscape

In this session we'll showcase how OneTrust Certification Automation can help you streamline control management for the latest InfoSec landscape.

December 14, 2022

Learn more

Webinar

Third-Party Risk

Where contracting fits in the third-party risk lifecycle: 5 opportunities for automation

In this third-party lifecycle webinar, we’ll explore the contracting problem many organizations face when limiting risk exposure while automating processes.

December 14, 2022

Learn more

Infographic

Technology Risk & Compliance

ISO 27001: Global changes and impact to your compliance program

This infographic will explain how the updates to the ISO 27001 framework will have a huge impact on information security programs across all industries.

December 14, 2022

Learn more

Report

Trust Intelligence

Trending toward trust

The "Trending toward trust" report from OneTrust highlights seven key trends that organizations need to know.

December 12, 2022

Learn more

Report

Trust Intelligence

Trending toward trust

The "Trending toward trust" report from OneTrust highlights seven key trends that organizations need to know.

December 12, 2022

Learn more

Video

Third-Party Risk

OneTrust third-party risk management for privacy professionals

Watch the demo video to learn how OneTrust Third-Party Risk Management can help your TPRM program meet your privacy team's expectations.

December 07, 2022

Learn more

Video

Third-Party Risk

OneTrust third-party risk management for privacy professionals

Watch the demo video to learn how OneTrust Third-Party Risk Management can help your TPRM program meet your privacy team's expectations.

December 07, 2022

Learn more

Webinar

Third-Party Risk

How do you manage your third-party cyber risks? 5 best practices to improve your cyber resilience webinar

In this session, we’ll outline how to identify, reduce, and monitor cyber risk as it relates to your third parties including methods for tracking cyber risks over time.

December 06, 2022

Learn more

Webinar

Third-Party Risk

How do you manage your third-party cyber risks? 5 best practices to improve your cyber resilience webinar

In this session, we’ll outline how to identify, reduce, and monitor cyber risk as it relates to your third parties including methods for tracking cyber risks over time.

December 06, 2022

Learn more

Webinar

Third-Party Risk

Canada and ISO 27001:2022: How automation streamlines compliance

Join OneTrust for a demo on how our privacy management platform helps Canadian businesses streamline ISO 27001:2022 compliance.

November 30, 2022

Learn more

Blog

Third-Party Risk

Ironclad, OneTrust partner to streamline and secure third-party procurement processes

To help organizations take a holistic approach to the third-party contracting and risk management process, OneTrust has partnered with Ironclad.

Chet Devchand

November 30, 2022 4 min read

Learn more

Webinar

Third-Party Risk

Canada and ISO 27001:2022: How automation streamlines compliance

Join OneTrust for a demo on how our privacy management platform helps Canadian businesses streamline ISO 27001:2022 compliance.

November 30, 2022

Learn more

Blog

Third-Party Risk

Ironclad, OneTrust partner to streamline and secure third-party procurement processes

To help organizations take a holistic approach to the third-party contracting and risk management process, OneTrust has partnered with Ironclad.

Chet Devchand

November 30, 2022 4 min read

Learn more

Webinar

GRC & Security Assurance

Analyzing ISO 27001:2022 reinforcing privacy and security compliance with automation webinar

Learn how InfoSec teams can automate scoping mandatory requirements and streamline generating evidence to prove compliance across ISO.

November 17, 2022

Learn more

Webinar

GRC & Security Assurance

Analyzing ISO 27001:2022 reinforcing privacy and security compliance with automation webinar

Learn how InfoSec teams can automate scoping mandatory requirements and streamline generating evidence to prove compliance across ISO.

November 17, 2022

Learn more

Blog

Technology Risk & Compliance

SOC 2: starting your audit process

SOC 2 is a voluntary compliance standard for managing customer data while outlining the minimum requirements to maintain your customers' security.

November 09, 2022 4 min read

Learn more

Blog

Technology Risk & Compliance

SOC 2: starting your audit process

SOC 2 is a voluntary compliance standard for managing customer data while outlining the minimum requirements to maintain your customers' security.

November 09, 2022 4 min read

Learn more

Infographic

GRC & Security Assurance

What’s The Cost of a Manual IT Risk Management Process?

Download this infographic to understand trends in measuring security risk leadership effectiveness and what efficiencies can enhance key IT risk processes.

November 08, 2022

Learn more

Infographic

GRC & Security Assurance

What’s The Cost of a Manual IT Risk Management Process?

Download this infographic to understand trends in measuring security risk leadership effectiveness and what efficiencies can enhance key IT risk processes.

November 08, 2022

Learn more

Blog

Technology Risk & Compliance

9-point framework for evaluating SOC 2 software

The founder of Fractional CISO, Rob Black, identified nine key considerations to guide the vendor evaluation process and reach your SOC 2 compliance goals. 

November 02, 2022 5 min read

Learn more

Blog

Technology Risk & Compliance

9-point framework for evaluating SOC 2 software

The founder of Fractional CISO, Rob Black, identified nine key considerations to guide the vendor evaluation process and reach your SOC 2 compliance goals. 

November 02, 2022 5 min read

Learn more

Blog

GRC & Security Assurance

9-Punkte-Framework zur Bewertung der SOC 2-Software

Der Gründer von Fractional CISO, Rob Black, identifizierte neun wichtige Überlegungen, um den Lieferant-Evaluierungsprozess zu leiten und Ihre SOC 2-Compliance-Ziele zu erreichen. 

November 02, 2022 5 min read

Learn more

Blog

GRC & Security Assurance

9-Punkte-Framework zur Bewertung der SOC 2-Software

Der Gründer von Fractional CISO, Rob Black, identifizierte neun wichtige Überlegungen, um den Lieferant-Evaluierungsprozess zu leiten und Ihre SOC 2-Compliance-Ziele zu erreichen. 

November 02, 2022 5 min read

Learn more

Blog

Third-Party Risk

Thousands of RiskRecon grades now available in the OneTrust Third-Party Risk Exchange

We are partnering with RiskRecon, a Mastercard Company to make cybersecurity ratings available out-of-the-box to all Third-Party Risk Exchange customers.

Chet Devchand

November 01, 2022 3 min read

Learn more

Blog

Third-Party Risk

Thousands of RiskRecon grades now available in the OneTrust Third-Party Risk Exchange

We are partnering with RiskRecon, a Mastercard Company to make cybersecurity ratings available out-of-the-box to all Third-Party Risk Exchange customers.

Chet Devchand

November 01, 2022 3 min read

Learn more

Webinar

GRC & Security Assurance

ISO 27001: 2022 – What’s new and how can automation simplify compliance webinar

Learn how automation can streamline compliance projects at scale across multiple business units and products throughout your organization. 

October 31, 2022

Learn more

Webinar

GRC & Security Assurance

ISO 27001: 2022 – What’s new and how can automation simplify compliance webinar

Learn how automation can streamline compliance projects at scale across multiple business units and products throughout your organization. 

October 31, 2022

Learn more

Webinar

GRC & Security Assurance

Automating compliance readiness for the new ISO 27001:2022

Join our team as we summarize some of the most impactful changes in the globally recognized and adopted ISO 27001 framework, recently updated this year.

October 27, 2022

Learn more

Webinar

GRC & Security Assurance

Automating compliance readiness for the new ISO 27001:2022

Join our team as we summarize some of the most impactful changes in the globally recognized and adopted ISO 27001 framework, recently updated this year.

October 27, 2022

Learn more

eBook

Technology Risk & Compliance

Your Journey to Continuous Compliance eBook

This eBook will help your continuous compliance journey stay on track, with key takeaways including continuous compliance and compliance automation.

October 26, 2022

Learn more

eBook

Technology Risk & Compliance

Your Journey to Continuous Compliance eBook

This eBook will help your continuous compliance journey stay on track, with key takeaways including continuous compliance and compliance automation.

October 26, 2022

Learn more

Blog

Technology Risk & Compliance

What are the ISO 27001 updates?

The International Organization for Standardization (ISO) released its first framework, the 27001, that outlined a cybersecurity foundation for businesses.

Jason Koestenblatt

October 25, 2022 4 min read

Learn more

Blog

Technology Risk & Compliance

What are the ISO 27001 updates?

The International Organization for Standardization (ISO) released its first framework, the 27001, that outlined a cybersecurity foundation for businesses.

Jason Koestenblatt

October 25, 2022 4 min read

Learn more

Blog

GRC & Security Assurance

ISO 27001: Scoping and mandatory clauses

Prepare for ISO 27001 certification with a scope statement that defines your company’s information security management system.

October 24, 2022 3 min read

Learn more

Blog

GRC & Security Assurance

ISO 27001: Scoping and mandatory clauses

Prepare for ISO 27001 certification with a scope statement that defines your company’s information security management system.

October 24, 2022 3 min read

Learn more

Webinar

Third-Party Risk

5 Ways to save time when assessing third parties for privacy and security risks webinar

Watch this webinar as OneTrust discusses how privacy and security teams can save time throughout the third-party risk assessment lifecycle.

October 11, 2022

Learn more

Webinar

Third-Party Risk

5 Ways to save time when assessing third parties for privacy and security risks webinar

Watch this webinar as OneTrust discusses how privacy and security teams can save time throughout the third-party risk assessment lifecycle.

October 11, 2022

Learn more

eBook

Technology Risk & Compliance

The future of information security

Learn how to respond to the security landscape and build a proactive InfoSec program to help your customers and business.

October 10, 2022

Learn more

eBook

Technology Risk & Compliance

The future of information security

Learn how to respond to the security landscape and build a proactive InfoSec program to help your customers and business.

October 10, 2022

Learn more

Blog

Technology Risk & Compliance

What can and can’t be automated for SOC 2

Not all SOC 2 components can be automated, but those that can save your business time and money. Learn more about what can be automated for SOC 2.

October 05, 2022 4 min read

Learn more

Blog

Technology Risk & Compliance

What can and can’t be automated for SOC 2

Not all SOC 2 components can be automated, but those that can save your business time and money. Learn more about what can be automated for SOC 2.

October 05, 2022 4 min read

Learn more

Webinar

Third-Party Risk

7 core metrics every third-party risk program must track (and how to track them)

We’ll discuss the 7 core metrics successful third-party risk programs track and how to track them, such as critical metrics to track as your program matures.

September 28, 2022

Learn more

Blog

Technology Risk & Compliance

What is a SOC 2 report?

Systems and Organization Controls 2  is an attestation that evaluates your company’s ability to securely manage the data you collect from your customers.

September 28, 2022 6 min read

Learn more

Webinar

Third-Party Risk

7 core metrics every third-party risk program must track (and how to track them)

We’ll discuss the 7 core metrics successful third-party risk programs track and how to track them, such as critical metrics to track as your program matures.

September 28, 2022

Learn more

Blog

Technology Risk & Compliance

What is a SOC 2 report?

Systems and Organization Controls 2  is an attestation that evaluates your company’s ability to securely manage the data you collect from your customers.

September 28, 2022 6 min read

Learn more

Blog

Technology Risk & Compliance

How much does ISO 27001 certification cost?

Companies are choosing to adopt a trusted security framework, and ISO 27001, as a globally recognized certification, is the framework of choice for many. 

September 21, 2022 6 min read

Learn more

Blog

Technology Risk & Compliance

How to use your security program to win more deals

As more customers are concerned with data protection, a security-focused sales process can help win more deals.

September 21, 2022 2 min read

Learn more

Blog

Technology Risk & Compliance

How much does ISO 27001 certification cost?

Companies are choosing to adopt a trusted security framework, and ISO 27001, as a globally recognized certification, is the framework of choice for many. 

September 21, 2022 6 min read

Learn more

Blog

Technology Risk & Compliance

How to use your security program to win more deals

As more customers are concerned with data protection, a security-focused sales process can help win more deals.

September 21, 2022 2 min read

Learn more

Blog

Technology Risk & Compliance

HIPAA vs. GDPR compliance: what’s the difference?

HIPAA and GDPR are leading frameworks that protect the privacy of individuals. Learn the difference between the two.

September 21, 2022 6 min read

Learn more

Blog

Technology Risk & Compliance

6 questions, 2 InfoSec directors: Your policy management answers

In a OneTrust-hosted webinar, we discussed the common pitfalls of policy management for InfoSec teams with the Director of Information Security at Arcadia.

Jason Koestenblatt

September 21, 2022 8 min read

Learn more

Blog

Technology Risk & Compliance

6 questions, 2 InfoSec directors: Your policy management answers

In a OneTrust-hosted webinar, we discussed the common pitfalls of policy management for InfoSec teams with the Director of Information Security at Arcadia.

Jason Koestenblatt

September 21, 2022 8 min read

Learn more

Blog

Technology Risk & Compliance

HIPAA vs. GDPR compliance: what’s the difference?

HIPAA and GDPR are leading frameworks that protect the privacy of individuals. Learn the difference between the two.

September 21, 2022 6 min read

Learn more

eBook

GRC & Security Assurance

Save time on security questionnaire response: A how-to guide eBook

Dive into our eBook to learn how to streamline your questionnaire answering process, what a security questionnaire answering process looks like, and more.

September 20, 2022

Learn more

eBook

GRC & Security Assurance

Save time on security questionnaire response: A how-to guide eBook

Dive into our eBook to learn how to streamline your questionnaire answering process, what a security questionnaire answering process looks like, and more.

September 20, 2022

Learn more

eBook

Technology Risk & Compliance

The art of the enterprise IT risk assessment

Ensure your enterprise IT risk assessment is a success with a top-down approach that gets executive buy-in from the start

September 16, 2022

Learn more

eBook

Technology Risk & Compliance

The art of the enterprise IT risk assessment

Ensure your enterprise IT risk assessment is a success with a top-down approach that gets executive buy-in from the start

September 16, 2022

Learn more

Blog

Technology Risk & Compliance

Understanding ISO 27001 Annex A Controls | Blog | OneTrust

Learn the key points of ISO 27001 Annex A controls and how they affect the overall audit process for your organization.

September 15, 2022 5 min read

Learn more

Blog

Technology Risk & Compliance

Understanding ISO 27001 Annex A Controls | Blog | OneTrust

Learn the key points of ISO 27001 Annex A controls and how they affect the overall audit process for your organization.

September 15, 2022 5 min read

Learn more

Blog

GRC & Security Assurance

What is change management?

A defined change management process enables your organization to mitigate risk and reduce disruption.

September 14, 2022 4 min read

Learn more

Blog

Technology Risk & Compliance

What is Statement of Applicability?

Your Statement of Applicability for ISO 27001, otherwise known as your SoA, is a mandatory step for anyone planning on pursuing ISO 27001 certification.

September 14, 2022 6 min read

Learn more

Blog

GRC & Security Assurance

What is change management?

A defined change management process enables your organization to mitigate risk and reduce disruption.

September 14, 2022 4 min read

Learn more

Blog

Technology Risk & Compliance

What is Statement of Applicability?

Your Statement of Applicability for ISO 27001, otherwise known as your SoA, is a mandatory step for anyone planning on pursuing ISO 27001 certification.

September 14, 2022 6 min read

Learn more

eBook

GRC & Security Assurance

How successful IT & security teams manage policies eBook

Our four-step process will help you implement best practices for managing policies, establishing program governance, and measuring policy effectiveness.

September 13, 2022

Learn more

Blog

GRC & Security Assurance

SyncMonkey saves $100K, hundreds of hours with SOC 2 compliance automation

Centralized information management system SyncMonkey took a proactive approach to security by investing in certification automation

September 13, 2022 3 min read

Learn more

eBook

GRC & Security Assurance

How successful IT & security teams manage policies eBook

Our four-step process will help you implement best practices for managing policies, establishing program governance, and measuring policy effectiveness.

September 13, 2022

Learn more

Blog

GRC & Security Assurance

SyncMonkey saves $100K, hundreds of hours with SOC 2 compliance automation

Centralized information management system SyncMonkey took a proactive approach to security by investing in certification automation

September 13, 2022 3 min read

Learn more

Blog

Technology Risk & Compliance

ISO 27001 vs. NIST Cybersecurity Framework

ISO 27001 and NIST CSF are two cybersecurity guidelines with significant overlap. Learn how they work together to increase information security

September 12, 2022 5 min read

Learn more

Blog

Technology Risk & Compliance

ISO 27001 vs. NIST Cybersecurity Framework

ISO 27001 and NIST CSF are two cybersecurity guidelines with significant overlap. Learn how they work together to increase information security

September 12, 2022 5 min read

Learn more

Blog

Internal Audit Management

Understanding your auditor’s SOC 2 report opinion

Learn the four types of SOC 2 report opinions during the audit process and what they mean to your business and customers.

September 12, 2022 4 min read

Learn more

Blog

Internal Audit Management

Understanding your auditor’s SOC 2 report opinion

Learn the four types of SOC 2 report opinions during the audit process and what they mean to your business and customers.

September 12, 2022 4 min read

Learn more

Infographic

Internal Audit Management

How much does SOC 2 cost?

Determine the SOC 2 certification costs for your business and learn how to save time and money at each step.

September 09, 2022

Learn more

Infographic

Internal Audit Management

How much does SOC 2 cost?

Determine the SOC 2 certification costs for your business and learn how to save time and money at each step.

September 09, 2022

Learn more

Blog

Governance & Policy Management

HIPAA vs. ISO 27001: What’s the difference?

HIPAA and ISO 27001 are complementary frameworks that form an undeniably strong security posture

September 08, 2022 4 min read

Learn more

Blog

Governance & Policy Management

HIPAA vs. ISO 27001: What’s the difference?

HIPAA and ISO 27001 are complementary frameworks that form an undeniably strong security posture

September 08, 2022 4 min read

Learn more

Webinar

GRC & Security Assurance

Supply Chain Due Diligence Best Practices: A Practical Implementation Guide to LkSG Webinar

Watch our LkSG webinar to understand the scope of LkSG, how your company will need to adjust, and the repercussions of noncompliance.

September 07, 2022

Learn more

Webinar

GRC & Security Assurance

Supply Chain Due Diligence Best Practices: A Practical Implementation Guide to LkSG Webinar

Watch our LkSG webinar to understand the scope of LkSG, how your company will need to adjust, and the repercussions of noncompliance.

September 07, 2022

Learn more

Blog

Internal Audit Management

The ISO 27001 audit process

An ISO 27001 audit ensures your organization has the necessary information security management and relevant policies in place

September 07, 2022 5 min read

Learn more

Blog

Internal Audit Management

The ISO 27001 audit process

An ISO 27001 audit ensures your organization has the necessary information security management and relevant policies in place

September 07, 2022 5 min read

Learn more

Blog

Technology Risk & Compliance

Building an information security program from scratch

In this blog, we’ll discuss the three stages of building your InfoSec program in more understandable terms, so you can get started getting more secure.

September 07, 2022 6 min read

Learn more

Blog

Technology Risk & Compliance

Building an information security program from scratch

In this blog, we’ll discuss the three stages of building your InfoSec program in more understandable terms, so you can get started getting more secure.

September 07, 2022 6 min read

Learn more

Blog

Third-Party Risk

Reduce unnecessary risk with third-party risk management controls

As more tasks are outsourced to third-party providers, risk management programs become critical to securing sensitive data

September 03, 2022 4 min read

Learn more

Blog

Third-Party Risk

Reduce unnecessary risk with third-party risk management controls

As more tasks are outsourced to third-party providers, risk management programs become critical to securing sensitive data

September 03, 2022 4 min read

Learn more

eBook

Technology Risk & Compliance

The enterprise DevSecOps playbook

As a unified business function, DevSecOps combines rapid software development with top-notch security at scale.

September 02, 2022

Learn more

eBook

Technology Risk & Compliance

The enterprise DevSecOps playbook

As a unified business function, DevSecOps combines rapid software development with top-notch security at scale.

September 02, 2022

Learn more

Webinar

Third-Party Risk

Cybersecurity panel: How well do you know the threats posed by your third parties?

In this panel discussion, we address critical points such as defining the metrics to track in relation to third parties and their cybersecurity risks.  

August 28, 2022

Learn more

Webinar

Third-Party Risk

Cybersecurity panel: How well do you know the threats posed by your third parties?

In this panel discussion, we address critical points such as defining the metrics to track in relation to third parties and their cybersecurity risks.  

August 28, 2022

Learn more

Webinar

GRC & Security Assurance

How to reinforce your InfoSec risk program in a “Not If, But When” incident environment webinar

Learn how scaling your approach to managing IT assets & risk assessments can deliver a complete picture to better measure and inform program investments.

August 16, 2022

Learn more

Webinar

GRC & Security Assurance

How to reinforce your InfoSec risk program in a “Not If, But When” incident environment webinar

Learn how scaling your approach to managing IT assets & risk assessments can deliver a complete picture to better measure and inform program investments.

August 16, 2022

Learn more

Webinar

GRC & Security Assurance

An integrated risk itinerary: How Cubic Corp navigates IT & third-party risk

Explore how Cubic Corp’s journey to optimize its third-party risk practices scaled across its broader information security program to realize new efficiencies.

August 15, 2022

Learn more

Webinar

GRC & Security Assurance

An integrated risk itinerary: How Cubic Corp navigates IT & third-party risk

Explore how Cubic Corp’s journey to optimize its third-party risk practices scaled across its broader information security program to realize new efficiencies.

August 15, 2022

Learn more

Infographic

GRC & Security Assurance

4 ways trust as an IT and security function maps to the human trait

This infographic will demonstrate several ways for the CISO and their organization build individual trust, and trust as a business, to gain success.

August 03, 2022

Learn more

Infographic

GRC & Security Assurance

4 ways trust as an IT and security function maps to the human trait

This infographic will demonstrate several ways for the CISO and their organization build individual trust, and trust as a business, to gain success.

August 03, 2022

Learn more

eBook

GRC & Security Assurance

How to build trust and drive growth: A guide for security teams eBook

Uncover ways to define what trust truly means to your business and quantify how it can drive growth, and build best practices for the security team.

July 20, 2022

Learn more

eBook

GRC & Security Assurance

How to build trust and drive growth: A guide for security teams eBook

Uncover ways to define what trust truly means to your business and quantify how it can drive growth, and build best practices for the security team.

July 20, 2022

Learn more

Infographic

GRC & Security Assurance

The state of IT & third-party risk infographic

In this infographic, you'll discover third-party risk and learn how to operationalize a "3A approach", including addressing evolving risk factors and timelines.

July 19, 2022

Learn more

Infographic

GRC & Security Assurance

The state of IT & third-party risk infographic

In this infographic, you'll discover third-party risk and learn how to operationalize a "3A approach", including addressing evolving risk factors and timelines.

July 19, 2022

Learn more

eBook

Third-Party Risk

Building your third-party risk management program

Understand what it takes to build a successful third-party risk management program through OneTrust's third-party risk management guide.

July 08, 2022

Learn more

eBook

Third-Party Risk

Building your third-party risk management program

Understand what it takes to build a successful third-party risk management program through OneTrust's third-party risk management guide.

July 08, 2022

Learn more

Blog

GRC & Security Assurance

What are the benefits of a GRC management tool?

GRC tools eliminate the worry of managing regulatory requirements and provide actionable insights to improve your GRC approach, aligning key risk initiatives.

Kaitlyn Archibald

June 30, 2022 4 min read

Learn more

Blog

GRC & Security Assurance

What are the benefits of a GRC management tool?

GRC tools eliminate the worry of managing regulatory requirements and provide actionable insights to improve your GRC approach, aligning key risk initiatives.

Kaitlyn Archibald

June 30, 2022 4 min read

Learn more

Blog

Third-Party Risk

10 steps to improving your security questionnaire responses

The information gathered from security questionnaires is critical in the evaluation of business and security practices, and is crucial for compliance.

Daniela Villarreal

June 12, 2022 7 min read

Learn more

Blog

Third-Party Risk

10 steps to improving your security questionnaire responses

The information gathered from security questionnaires is critical in the evaluation of business and security practices, and is crucial for compliance.

Daniela Villarreal

June 12, 2022 7 min read

Learn more

Webinar

GRC & Security Assurance

Elevating your third party risk program with an integrated infosec platform

Join this webinar to learn how you can integrate your Third-Party Risk Management program within a broader IT Security platform

May 26, 2022

Learn more

Webinar

GRC & Security Assurance

Elevating your third party risk program with an integrated infosec platform

Join this webinar to learn how you can integrate your Third-Party Risk Management program within a broader IT Security platform

May 26, 2022

Learn more

Blog

GRC & Security Assurance

Announcing the OneTrust GRC and Security Assurance Cloud

OneTrust launches holistic GRC and Third-Party Management solutions for proactive cybersecurity and compliance practices.

Cliff Huntington

May 24, 2022 7 min read

Learn more

Blog

GRC & Security Assurance

Announcing the OneTrust GRC and Security Assurance Cloud

OneTrust launches holistic GRC and Third-Party Management solutions for proactive cybersecurity and compliance practices.

Cliff Huntington

May 24, 2022 7 min read

Learn more

Blog

GRC & Security Assurance

New regulations push cyber resiliency on supply chain, FinServ industries

May 2022 cybersecurity regulation updates have brought four key legislations across US and EU regulatory bodies to our attention. Learn more.

Justin Henkel, Head of CISO Center of Excellence, OneTrust

May 23, 2022 5 min read

Learn more

Blog

GRC & Security Assurance

New regulations push cyber resiliency on supply chain, FinServ industries

May 2022 cybersecurity regulation updates have brought four key legislations across US and EU regulatory bodies to our attention. Learn more.

Justin Henkel, Head of CISO Center of Excellence, OneTrust

May 23, 2022 5 min read

Learn more

Blog

Third-Party Risk

OneTrust Third-Party Risk Exchange now provides SecurityScorecard Cybersecurity Rating

OneTrust is expanding its partnership with SecurityScorecard to enable Third-Party Risk Exchange customers to view complementary Cybersecurity Ratings.

Scott Solomon

May 17, 2022 4 min read

Learn more

Blog

Third-Party Risk

OneTrust Third-Party Risk Exchange now provides SecurityScorecard Cybersecurity Rating

OneTrust is expanding its partnership with SecurityScorecard to enable Third-Party Risk Exchange customers to view complementary Cybersecurity Ratings.

Scott Solomon

May 17, 2022 4 min read

Learn more

Webinar

GRC & Security Assurance

How successful security teams manage risk to build trust and drive growth

In this webinar we discuss the emergence of trust as a key agenda item for executive boards and what this means for security teams.

May 12, 2022

Learn more

Webinar

GRC & Security Assurance

How successful security teams manage risk to build trust and drive growth

In this webinar we discuss the emergence of trust as a key agenda item for executive boards and what this means for security teams.

May 12, 2022

Learn more

Blog

GRC & Security Assurance

How are you measuring InfoSec KRIs and cybersecurity metrics?

Avoid analysis overload with focused risk and performance indicators

Kaitlyn Archibald

May 04, 2022 7 min read

Learn more

Blog

GRC & Security Assurance

How are you measuring InfoSec KRIs and cybersecurity metrics?

Avoid analysis overload with focused risk and performance indicators

Kaitlyn Archibald

May 04, 2022 7 min read

Learn more

Webinar

Third-Party Risk

Accelerating automation: How the pandemic forced third-party management to scale

Watch this webinar and see how the COVID-19 pandemic forced companies to accelerate automation and scale their third-party management.

April 26, 2022

Learn more

Webinar

Third-Party Risk

Accelerating automation: How the pandemic forced third-party management to scale

Watch this webinar and see how the COVID-19 pandemic forced companies to accelerate automation and scale their third-party management.

April 26, 2022

Learn more

Blog

GRC & Security Assurance

Streamline COI disclosures with this simple template

Download a simple conflict of interest disclosure template and learn how to effectively manage COIs with OneTrust.

Kirby Kelly, Content Marketing Specialist

April 20, 2022 5 min read

Learn more

Blog

GRC & Security Assurance

Streamline COI disclosures with this simple template

Download a simple conflict of interest disclosure template and learn how to effectively manage COIs with OneTrust.

Kirby Kelly, Content Marketing Specialist

April 20, 2022 5 min read

Learn more

Blog

Third-Party Risk

Java framework ‘Spring4Shell’ vulnerability leads to potential exploit

A zero-day Java vulnerability, "Spring4Shell" surfaced and experts believe it could be as impactful as 2021's Log4j. Read to learn more.

Justin Henkel, Head of CISO Center of Excellence

April 04, 2022 3 min read

Learn more

Blog

Third-Party Risk

Java framework ‘Spring4Shell’ vulnerability leads to potential exploit

A zero-day Java vulnerability, "Spring4Shell" surfaced and experts believe it could be as impactful as 2021's Log4j. Read to learn more.

Justin Henkel, Head of CISO Center of Excellence

April 04, 2022 3 min read

Learn more

Webinar

GRC & Security Assurance

4 ways you can reinforce enterprise insights with an integrated IT, security & third-party risk solution

Watch an interactive demo on our integrated IT, security, and third-party risk solution and reinforce your enterprise insights.

March 31, 2022

Learn more

Webinar

GRC & Security Assurance

4 ways you can reinforce enterprise insights with an integrated IT, security & third-party risk solution

Watch an interactive demo on our integrated IT, security, and third-party risk solution and reinforce your enterprise insights.

March 31, 2022

Learn more

Webinar

Third-Party Risk

Ready, set, launch your TPRM program: A 30-day implementation roadmap

Watch this webinar and learn how to launch an effective third-party risk managment program and practical methods to track success.

March 30, 2022

Learn more

Webinar

Third-Party Risk

Ready, set, launch your TPRM program: A 30-day implementation roadmap

Watch this webinar and learn how to launch an effective third-party risk managment program and practical methods to track success.

March 30, 2022

Learn more

Webinar

GRC & Security Assurance

Security & Trust Series Part 2: Integrating security, risk, and compliance to take your security program to the next level

Learn more about security frameworks and what factors to look for when selecting the right one for your cybersecurity program.

March 23, 2022

Learn more

Webinar

GRC & Security Assurance

Security & Trust Series Part 2: Integrating security, risk, and compliance to take your security program to the next level

Learn more about security frameworks and what factors to look for when selecting the right one for your cybersecurity program.

March 23, 2022

Learn more

Blog

GRC & Security Assurance

Strengthening American Cybersecurity Act passes in US

Digital transformation makes cybersecurity critical to protect the organization, maintain resilience, and compete in today's digital business environment.

March 04, 2022 3 min read

Learn more

Blog

GRC & Security Assurance

Strengthening American Cybersecurity Act passes in US

Digital transformation makes cybersecurity critical to protect the organization, maintain resilience, and compete in today's digital business environment.

March 04, 2022 3 min read

Learn more

Webinar

Privacy & Data Governance

Cybercrimes Act & POPIA: Managing data security and privacy

Watch our free webinar and learn the Cybercrimes Act, its key provisions, and what it means for your business and obligations. 

March 03, 2022

Learn more

Webinar

Privacy & Data Governance

Cybercrimes Act & POPIA: Managing data security and privacy

Watch our free webinar and learn the Cybercrimes Act, its key provisions, and what it means for your business and obligations. 

March 03, 2022

Learn more

Blog

Third-Party Risk

Answer any security questionnaire with enhanced cell detection for Questionnaire Response Automation

Introducing QRA cell detection – a powerful QRA enhancement that eases the spreadsheet-based questionnaire response process for vendors.

March 02, 2022 2 min read

Learn more

Blog

Third-Party Risk

Answer any security questionnaire with enhanced cell detection for Questionnaire Response Automation

Introducing QRA cell detection – a powerful QRA enhancement that eases the spreadsheet-based questionnaire response process for vendors.

March 02, 2022 2 min read

Learn more

Webinar

GRC & Security Assurance

5 critical mistakes to avoid when answering security questionnaires

Avoid these 5 critical mistakes when answering security questionnaires and streamline responses with this webinar.

March 01, 2022

Learn more

Webinar

GRC & Security Assurance

5 critical mistakes to avoid when answering security questionnaires

Avoid these 5 critical mistakes when answering security questionnaires and streamline responses with this webinar.

March 01, 2022

Learn more

Resource Kit

GRC & Security Assurance

Trust and Security resource kit

Download our Trust and Security Resources kit designed to show you how security teams can build trust as a competitive advantage.

February 24, 2022

Learn more

Resource Kit

GRC & Security Assurance

Trust and Security resource kit

Download our Trust and Security Resources kit designed to show you how security teams can build trust as a competitive advantage.

February 24, 2022

Learn more

Blog

Third-Party Risk

Mastering the TPRM lifecycle

Third-party risk management is key to any business. Learn how to master the TPRM lifecycle across your organization in our newest video blog!

February 14, 2022 2 min read

Learn more

Webinar

GRC & Security Assurance

What you need to know: NIST updates on software supply chain cybersecurity & proposed landmark US legislation

Watch this webinar where we delve into the new NIST updates on software supply chain cybersecurity and proposed US legislation.

February 14, 2022

Learn more

Webinar

GRC & Security Assurance

What you need to know: NIST updates on software supply chain cybersecurity & proposed landmark US legislation

Watch this webinar where we delve into the new NIST updates on software supply chain cybersecurity and proposed US legislation.

February 14, 2022

Learn more

Blog

Third-Party Risk

Mastering the TPRM lifecycle

Third-party risk management is key to any business. Learn how to master the TPRM lifecycle across your organization in our newest video blog!

February 14, 2022 2 min read

Learn more

Blog

Trust Intelligence

Trust & the CISO: The role of trust in the evolution of IT & security

What is CISO trust? As companies face more risk vectors than ever before, establishing trust is critical for the CISO. Read to learn more.

February 09, 2022 7 min read

Learn more

Blog

Trust Intelligence

Trust & the CISO: The role of trust in the evolution of IT & security

What is CISO trust? As companies face more risk vectors than ever before, establishing trust is critical for the CISO. Read to learn more.

February 09, 2022 7 min read

Learn more

Webinar

GRC & Security Assurance

Security and trust webinar series part 1: Establishing intelligence-enabled SecOps and risk teams

Learn how to establish intelligence-enabled specops and risk teams to reinforce your cybersecurity strategy.

February 05, 2022

Learn more

Webinar

GRC & Security Assurance

Security and trust webinar series part 1: Establishing intelligence-enabled SecOps and risk teams

Learn how to establish intelligence-enabled specops and risk teams to reinforce your cybersecurity strategy.

February 05, 2022

Learn more

Webinar

Third-Party Risk

5 Ways to step-up your business resilience with better third-party management

Join this webinar to learn best practices on how your organization can step-up business resilience with better third-party risk management.

February 02, 2022

Learn more

Webinar

Third-Party Risk

Optimizing third-party risk: enhance automation with an integrated IT risk platform

Watch our free webinar to discover how to optimize your third-party risk program and reduce manual data management with automation.

February 02, 2022

Learn more

Webinar

Third-Party Risk

5 Ways to step-up your business resilience with better third-party management

Join this webinar to learn best practices on how your organization can step-up business resilience with better third-party risk management.

February 02, 2022

Learn more

Webinar

Third-Party Risk

Optimizing third-party risk: enhance automation with an integrated IT risk platform

Watch our free webinar to discover how to optimize your third-party risk program and reduce manual data management with automation.

February 02, 2022

Learn more

Blog

Third-Party Risk

The shift to third-party management (TPM): What is TPM and why does it matter?

Third-Party Trust Management (TPTM) is the next evolution of third-party risk and is key enterprise trust strategy. Learn more in our blog!

January 25, 2022 9 min read

Learn more

Blog

Third-Party Risk

The shift to third-party management (TPM): What is TPM and why does it matter?

Third-Party Trust Management (TPTM) is the next evolution of third-party risk and is key enterprise trust strategy. Learn more in our blog!

January 25, 2022 9 min read

Learn more

Webinar

GRC & Security Assurance

How successful security teams manage risk to build Trust and drive Growth

Watch this webinar to learn what makes a successful risk management program and how effective security teams build trust.

January 12, 2022

Learn more

Webinar

GRC & Security Assurance

How successful security teams manage risk to build Trust and drive Growth

Watch this webinar to learn what makes a successful risk management program and how effective security teams build trust.

January 12, 2022

Learn more

Blog

GRC & Security Assurance

Privacy and IT risk: How secure are your assets securing personal data?

Protecting personal data is a multi-functional operation. Learn how prioritizing privacy and IT Risk for assets can help your organization on its journey to trust.

December 02, 2021 6 min read

Learn more

Blog

GRC & Security Assurance

Privacy and IT risk: How secure are your assets securing personal data?

Protecting personal data is a multi-functional operation. Learn how prioritizing privacy and IT Risk for assets can help your organization on its journey to trust.

December 02, 2021 6 min read

Learn more

eBook

GRC & Security Assurance

Vendor risk management for privacy professionals

Download the OneTrust Vendor Risk Management Handbook for an in-depth understanding of updated regulations, requirements and more.

November 17, 2021

Learn more

eBook

GRC & Security Assurance

Vendor risk management for privacy professionals

Download the OneTrust Vendor Risk Management Handbook for an in-depth understanding of updated regulations, requirements and more.

November 17, 2021

Learn more

Blog

GRC & Security Assurance

Cybersecurity Maturity Model 2.0: New strategic implications from GRC to VRM

The US Department of Defense updated CMMC strive to simplify and strengthen the security of the defense industrial base. Read to learn more.

November 12, 2021 4 min read

Learn more

Blog

GRC & Security Assurance

Cybersecurity Maturity Model 2.0: New strategic implications from GRC to VRM

The US Department of Defense updated CMMC strive to simplify and strengthen the security of the defense industrial base. Read to learn more.

November 12, 2021 4 min read

Learn more

eBook

Governance & Policy Management

From static to cyclical policy management

Learn about common challenges and opportunities for efficiency in the policy management lifecycle, along with 20+ ways technology can help.

October 18, 2021

Learn more

eBook

Governance & Policy Management

From static to cyclical policy management

Learn about common challenges and opportunities for efficiency in the policy management lifecycle, along with 20+ ways technology can help.

October 18, 2021

Learn more

Report

GRC & Security Assurance

OneTrust is named a leader in The Forrester Wave™: Governance, Risk And Compliance ​Platforms, Q3 2021​

Download a complimentary copy of The Forrester Wave: Governance, Risk And Compliance Q3 2021 analyst report.​

September 22, 2021

Learn more

Blog

GRC & Security Assurance

OneTrust named a leader in GRC Platform Independent Research report

OneTrust has been named a leader in the Forrester Wave: Governance, Risk, And Compliance Platforms Q3 2021.

September 22, 2021 4 min read

Learn more

Blog

GRC & Security Assurance

OneTrust named a leader in GRC Platform Independent Research report

OneTrust has been named a leader in the Forrester Wave: Governance, Risk, And Compliance Platforms Q3 2021.

September 22, 2021 4 min read

Learn more

Blog

Technology Risk & Compliance

OneTrust acquires Tugboat Logic

OneTrust is acquiring Tugboat Logic security assurance and compliance automation platform for ISO 27001 and SOC 2.

September 21, 2021 4 min read

Learn more

Blog

Technology Risk & Compliance

OneTrust acquires Tugboat Logic

OneTrust is acquiring Tugboat Logic security assurance and compliance automation platform for ISO 27001 and SOC 2.

September 21, 2021 4 min read

Learn more

Blog

GRC & Security Assurance

OneTrust recognized in 2021 Gartner® Magic Quadrant™ for IT Risk Management

OneTrust was recognized in the 2021 Gartner Magic Quadrant for IT Risk Management for its GRC product. Access the report in our blog.

September 16, 2021 4 min read

Learn more

Blog

GRC & Security Assurance

OneTrust recognized in 2021 Gartner® Magic Quadrant™ for IT Risk Management

OneTrust was recognized in the 2021 Gartner Magic Quadrant for IT Risk Management for its GRC product. Access the report in our blog.

September 16, 2021 4 min read

Learn more

Blog

Third-Party Risk

OneTrust named a Leader in the 2021 Gartner® Magic Quadrant for IT Vendor Risk Management Tools

For the third consecutive year, OneTrust is a leader in the 2021 Gartner Magic QuadrantTM for IT Vendor Risk Management Tools.

September 02, 2021 5 min read

Learn more

Blog

Third-Party Risk

OneTrust named a Leader in the 2021 Gartner® Magic Quadrant for IT Vendor Risk Management Tools

For the third consecutive year, OneTrust is a leader in the 2021 Gartner Magic QuadrantTM for IT Vendor Risk Management Tools.

September 02, 2021 5 min read

Learn more

Blog

GRC & Security Assurance

The ultimate security questionnaire guide

Implementing a consistent security questionnaire answering process will save your organization time and money. Read our guide to learn more.

Brianna Smith, Content Marketing Specialist, OneTrust | GRCP

August 17, 2021 15 min read

Learn more

Blog

GRC & Security Assurance

The ultimate security questionnaire guide

Implementing a consistent security questionnaire answering process will save your organization time and money. Read our guide to learn more.

Brianna Smith, Content Marketing Specialist, OneTrust | GRCP

August 17, 2021 15 min read

Learn more

Blog

Privacy & Data Governance

The CCPA metrics reporting requirement: What you need to know

As of July 1, 2021, the CCPA metrics reporting obligation took effect for certain organizations. Here's what you need to know.

August 11, 2021 3 min read

Learn more

Blog

Privacy & Data Governance

The CCPA metrics reporting requirement: What you need to know

As of July 1, 2021, the CCPA metrics reporting obligation took effect for certain organizations. Here's what you need to know.

August 11, 2021 3 min read

Learn more

Blog

Technology Risk & Compliance

ITRM 101: Understanding the impact of IT risk on your organization

Read our IT risk management (ITRM) guide to understand IT risk management's impact on your organization and why it's more critical than ever.

August 10, 2021 14 min read

Learn more

Blog

Technology Risk & Compliance

ITRM 101: Understanding the impact of IT risk on your organization

Read our IT risk management (ITRM) guide to understand IT risk management's impact on your organization and why it's more critical than ever.

August 10, 2021 14 min read

Learn more

eBook

GRC & Security Assurance

10 Steps to Build Your Vendor Risk Management Program eBook

Download OneTrust's Vendor Risk Management Handbook for an in-depth understanding of updated regulations, requirements and more.

July 25, 2021

Learn more

eBook

GRC & Security Assurance

10 Steps to Build Your Vendor Risk Management Program eBook

Download OneTrust's Vendor Risk Management Handbook for an in-depth understanding of updated regulations, requirements and more.

July 25, 2021

Learn more

Blog

GRC & Security Assurance

Reduce your risk: Supply chain attacks and the rise of ransomware

As the new trend in ransomware attacks rises, companies need to be aware of the impact on supply chain vulnerability. Learn more in our blog.

July 16, 2021 4 min read

Learn more

Blog

GRC & Security Assurance

Reduce your risk: Supply chain attacks and the rise of ransomware

As the new trend in ransomware attacks rises, companies need to be aware of the impact on supply chain vulnerability. Learn more in our blog.

July 16, 2021 4 min read

Learn more

eBook

Third-Party Risk

Mastering the third-party risk management lifecycle

Download our third-party risk management eBook and get a complete roadmap to your TPRM lifecycle.

July 13, 2021

Learn more

eBook

Third-Party Risk

Mastering the third-party risk management lifecycle

Download our third-party risk management eBook and get a complete roadmap to your TPRM lifecycle.

July 13, 2021

Learn more

Blog

GRC & Security Assurance

How AutoZone goes the extra mile with OneTrust Vendorpedia

AutoZone Goes the Extra Mile and drives TPRM operations with OneTrust Third-Party Risk Management. Learn more from Auto Zone TPRM, Ryan Walker.

July 07, 2021 3 min read

Learn more

Blog

GRC & Security Assurance

How AutoZone goes the extra mile with OneTrust Vendorpedia

AutoZone Goes the Extra Mile and drives TPRM operations with OneTrust Third-Party Risk Management. Learn more from Auto Zone TPRM, Ryan Walker.

July 07, 2021 3 min read

Learn more

Blog

Technology Risk & Compliance

How your organization can use an incident management playbook

An incident management playbook is an actionable guide for how to report events, define responsibilities, and manage response procedures.

June 22, 2021 5 min read

Learn more

Blog

Technology Risk & Compliance

How your organization can use an incident management playbook

An incident management playbook is an actionable guide for how to report events, define responsibilities, and manage response procedures.

June 22, 2021 5 min read

Learn more

eBook

GRC & Security Assurance

What you need to know when building your VRM program

Download our guide to building an effective vendor risk management program and how risk exchanges are vital to your business.

June 13, 2021

Learn more

Blog

Third-Party Risk

What is third-party risk management?

Third-party risk management (TPRM) is a form of risk management that focuses on identifying and reducing risks relating to the use of third parties.

June 01, 2021 6 min read

Learn more

Blog

Third-Party Risk

What is third-party risk management?

Third-party risk management (TPRM) is a form of risk management that focuses on identifying and reducing risks relating to the use of third parties.

June 01, 2021 6 min read

Learn more

Blog

Riesgos de terceros

¿Qué es la gestión de riesgos de terceros?

La gestión de riesgos de terceros es un método de gestión de riesgos que se centra en identificar y reducir los riesgos que están relacionados con el uso de terceros.

junio 01, 2021 6 min read

Learn more

Blog

Riesgos de terceros

¿Qué es la gestión de riesgos de terceros?

La gestión de riesgos de terceros es un método de gestión de riesgos que se centra en identificar y reducir los riesgos que están relacionados con el uso de terceros.

junio 01, 2021 6 min read

Learn more

Blog

Rischi da parte di terzi

Che cos'è la gestione dei rischi da parte di terzi?

La gestione dei rischi da parte di terzi (Third-party Risk Management, TPRM) è una forma di gestione dei rischi che si concentra sull'identificazione e la riduzione dei rischi relativi all'utilizzo di terze parti.

giugno 01, 2021 6 min read

Learn more

Blog

Third-Party Risk

OneTrust acquires Shared Assessments to grow the SIG and global third-party risk standardization

Shared Assessments will remain vendor neutral post-acquistion to grow the SIG third-party risk standard globally.

May 31, 2021 4 min read

Learn more

Blog

Third-Party Risk

OneTrust acquires Shared Assessments to grow the SIG and global third-party risk standardization

Shared Assessments will remain vendor neutral post-acquistion to grow the SIG third-party risk standard globally.

May 31, 2021 4 min read

Learn more

Blog

Privacy & Data Governance

OneTrust celebrates five years of trust

Five years ago, OneTrust was founded. Today, we're celebrating five years of trust with our 10,000 customers, 2,000 employees, and community.

May 26, 2021 5 min read

Learn more

Blog

Privacy & Data Governance

OneTrust celebrates five years of trust

Five years ago, OneTrust was founded. Today, we're celebrating five years of trust with our 10,000 customers, 2,000 employees, and community.

May 26, 2021 5 min read

Learn more

Video

GRC & Security Assurance

IT and Security Risk Management demo

Enhance collaboration through simplified engagements and communicate risk, from your line of business to risk and compliance teams and leadership.

April 08, 2021

Learn more

Video

GRC & Security Assurance

IT and Security Risk Management demo

Enhance collaboration through simplified engagements and communicate risk, from your line of business to risk and compliance teams and leadership.

April 08, 2021

Learn more

Blog

GRC & Security Assurance

HIPAA compliance: Building a bridge to a robust privacy program

If your organization manages PII, it's crucial to embed HIPAA compliance into your privacy program. Here's how to get started. 

March 02, 2021 10 min read

Learn more

Blog

GRC & Security Assurance

HIPAA compliance: Building a bridge to a robust privacy program

If your organization manages PII, it's crucial to embed HIPAA compliance into your privacy program. Here's how to get started. 

March 02, 2021 10 min read

Learn more

Blog

GRC & Security Assurance

5 IT risk management frameworks to consider for your program

Applying one or multiple systems to your company’s security approach is best practice

Kaitlyn Archibald

February 04, 2021 4 min read

Learn more

Blog

GRC & Security Assurance

5 IT risk management frameworks to consider for your program

Applying one or multiple systems to your company’s security approach is best practice

Kaitlyn Archibald

February 04, 2021 4 min read

Learn more

Blog

GRC & Security Assurance

Integrate microsoft word into the OneTrust GRC policy management software

OneTrust today announced our GRC policy management software integration with Microsoft Word to help company's improve policy management.

January 06, 2021 2 min read

Learn more

Blog

GRC & Security Assurance

Integrate microsoft word into the OneTrust GRC policy management software

OneTrust today announced our GRC policy management software integration with Microsoft Word to help company's improve policy management.

January 06, 2021 2 min read

Learn more

Blog

GRC & Security Assurance

What is OneTrust GRC? A LinkedIn live recap

In this LinkedIn Live, Kabir Barday, CEO of OneTrust, was joined by Scott Bridgen, Offering Manager of OneTrust GRC, to discuss what is OneTrust GRC.

November 02, 2020 5 min read

Learn more

Blog

GRC & Security Assurance

What is OneTrust GRC? A LinkedIn live recap

In this LinkedIn Live, Kabir Barday, CEO of OneTrust, was joined by Scott Bridgen, Offering Manager of OneTrust GRC, to discuss what is OneTrust GRC.

November 02, 2020 5 min read

Learn more

Blog

GRC & Security Assurance

Introducing OneTrust GRC’s Audit & Policy Management: Two New Tools to Support ISMS Programs

OneTrust announces two new solutions to help manage challenges and maintain ISMS success: Audit Management and Policy Management.

May 06, 2020 4 min read

Learn more

Blog

GRC & Security Assurance

Introducing OneTrust GRC’s Audit & Policy Management: Two New Tools to Support ISMS Programs

OneTrust announces two new solutions to help manage challenges and maintain ISMS success: Audit Management and Policy Management.

May 06, 2020 4 min read

Learn more

Blog

GRC & Security Assurance

Integrating privacy & cyber security

Cyber security and privacy must integrate using a privacy management software in order to address the growing challenge of protecting consumer data.

April 15, 2020 3 min read

Learn more

Blog

GRC & Security Assurance

Integrating privacy & cyber security

Cyber security and privacy must integrate using a privacy management software in order to address the growing challenge of protecting consumer data.

April 15, 2020 3 min read

Learn more

Blog

GRC & Security Assurance

Unifying risk management initiatives

When leveraged correctly, these combined resources can streamline processes and automate common third-party risk management activities.

April 09, 2020 4 min read

Learn more

Blog

GRC & Security Assurance

Unifying risk management initiatives

When leveraged correctly, these combined resources can streamline processes and automate common third-party risk management activities.

April 09, 2020 4 min read

Learn more

Blog

GRC & Security Assurance

Integrated Risk Management vs. GRC

What's the difference between Integrated Risk Management versus GRC? How do you compare a well-established discipline and new emerging risk initiatives?

January 16, 2020 5 min read

Learn more

Blog

GRC & Security Assurance

Integrated Risk Management vs. GRC

What's the difference between Integrated Risk Management versus GRC? How do you compare a well-established discipline and new emerging risk initiatives?

January 16, 2020 5 min read

Learn more

Blog

GRC & Security Assurance

CCPA compliance: Your most frequent CCPA questions answered

The CCPA is only days away from taking effect, and OneTrust has all the resources you need to be CCPA ready by January 1, 2020.

December 24, 2019 24 min read

Learn more

Blog

GRC & Security Assurance

CCPA compliance: Your most frequent CCPA questions answered

The CCPA is only days away from taking effect, and OneTrust has all the resources you need to be CCPA ready by January 1, 2020.

December 24, 2019 24 min read

Learn more

Blog

GRC & Security Assurance

Legacy GRC tools and today’s market challenges

Many GRC tools are solutions to problems of the past. New technology solutions can solve some of the digital risk challenges GRC tools fail to address.

November 21, 2019 5 min read

Learn more

Blog

GRC & Security Assurance

Legacy GRC tools and today’s market challenges

Many GRC tools are solutions to problems of the past. New technology solutions can solve some of the digital risk challenges GRC tools fail to address.

November 21, 2019 5 min read

Learn more

Blog

Third-Party Risk

Maintain updated data maps with OneTrust vendor risk management

With the OneTrust Vendor Risk Management platform and data mapping, companies sustain an up-to-date data map and automate alerts and actions.

May 07, 2019 4 min read

Learn more

Blog

Third-Party Risk

Maintain updated data maps with OneTrust vendor risk management

With the OneTrust Vendor Risk Management platform and data mapping, companies sustain an up-to-date data map and automate alerts and actions.

May 07, 2019 4 min read

Learn more

Blog

GRC & Security Assurance

Incident & Breach Management – How can software help?

Here is a summary of the practical incident & breach management challenges and how software can help you to successfully tackle them.

February 11, 2019 6 min read

Learn more

Blog

GRC & Security Assurance

Incident & Breach Management – How can software help?

Here is a summary of the practical incident & breach management challenges and how software can help you to successfully tackle them.

February 11, 2019 6 min read

Learn more

Blog

Third-Party Risk

OneTrust wins Risk Management Software of the Year at the 2018 FStech Awards

The FStech Awards selected OneTrust as Risk Management Software of the Year in 2018. Thank you to the FStech Awards for this incredible honor

April 25, 2018 2 min read

Learn more

Blog

Third-Party Risk

OneTrust wins Risk Management Software of the Year at the 2018 FStech Awards

The FStech Awards selected OneTrust as Risk Management Software of the Year in 2018. Thank you to the FStech Awards for this incredible honor

April 25, 2018 2 min read

Learn more

Blog

Privacy & Data Governance

OneTrust adds Adobe Cloud Extension to help marketers with global privacy compliance

At the Adobe Digital Marketing Summit, OneTrust announced a new privacy management platform extension for Launch by Adobe.

March 27, 2018 2 min read

Learn more

Blog

Privacy & Data Governance

OneTrust adds Adobe Cloud Extension to help marketers with global privacy compliance

At the Adobe Digital Marketing Summit, OneTrust announced a new privacy management platform extension for Launch by Adobe.

March 27, 2018 2 min read

Learn more

OneTrust & CSA Vendor Risk Management Tool | OneTrust

Get the OneTrust and CSA vendor risk management tool and see how to automate the entire vendor management lifecycle.

Learn more

Government Records Request Solutions | Request Demo | OneTrust

Request a demo today to learn how the OneTrust solution for Government Records Requests discovers data and automatically redacts sensitive information from government files.

Learn more

OneTrust GRC & Security Assurance Cloud | Request Demo | OneTrust

Request a demo of the OneTrust GRC and Security Assurance Cloud and see our integrated risk management solution in action.

Learn more

IT and Security Risk Management

Operationalize your IT and information security risk management program by automating risk assessment and mitigation practices with OneTrust.

Learn more

OneTrust & CSA Vendor Risk Management Tool | OneTrust

Get the OneTrust and CSA vendor risk management tool and see how to automate the entire vendor management lifecycle.

Learn more

Infographic

Technology Risk & Compliance

The future of GRC: 10 drivers and trends

In this infographic, we cover the top 10 GRC drivers and trends that will impact the future of organizations, including fragmented internal data and systems.

Learn more

Government Records Request Solutions | Request Demo | OneTrust

Request a demo today to learn how the OneTrust solution for Government Records Requests discovers data and automatically redacts sensitive information from government files.

Learn more

OneTrust GRC & Security Assurance Cloud | Request Demo | OneTrust

Request a demo of the OneTrust GRC and Security Assurance Cloud and see our integrated risk management solution in action.

Learn more

IT and Security Risk Management

Operationalize your IT and information security risk management program by automating risk assessment and mitigation practices with OneTrust.

Learn more

Webinar

Third-Party Risk

Third-party management academy

Join this webinar series, which will focus on the four foundational pillars of Third-Party Risk Management: Automation, Compliance, Reporting, and Collaboration.

Learn more

Webinar

Third-Party Risk

Third-party management academy

Join this webinar series, which will focus on the four foundational pillars of Third-Party Risk Management: Automation, Compliance, Reporting, and Collaboration.

Learn more

Customer Story

Third-Party Risk

Rochester Regional Health

Learn how Rochester Regional Health creates a patient-centric privacy program with OneTrust third-party risk management solutions. 

3 min read

Learn more

Customer Story

Technology Risk & Compliance

Fable

Fable builds a best-in-class security program that exceeds enterprise customer expectations.

Learn more

Customer Story

Technology Risk & Compliance

SyncMonkey

SyncMonkey simplified their SOC 2 compliance program from start to finish with OneTrust Certification Automation.

Learn more

Customer Story

GRC & Security Assurance

Rewind

Rewind achieves SOC 2 Type 1 and SOC 2 Type 2 compliance by implementing OneTrust Certifcation Automation and centralizing their audits.

Learn more

Customer Story

GRC & Security Assurance

Rewind

Rewind achieves SOC 2 Type 1 and SOC 2 Type 2 compliance by implementing OneTrust Certifcation Automation and centralizing their audits.

Learn more

Customer Story

GRC & Security Assurance

ORTEC

See how ORTEC tackles regulatory gaps, engages the business to keep risk data current, and takes an automated approach audit management with OneTrust.

Learn more

Customer Story

Technology Risk & Compliance

Fable

Fable builds a best-in-class security program that exceeds enterprise customer expectations.

Learn more

Customer Story

Technology Risk & Compliance

SyncMonkey

SyncMonkey simplified their SOC 2 compliance program from start to finish with OneTrust Certification Automation.

Learn more

Customer Story

Third-Party Risk

Rochester Regional Health

Learn how Rochester Regional Health creates a patient-centric privacy program with OneTrust third-party risk management solutions. 

3 min read

Learn more

Customer Story

GRC & Security Assurance

ORTEC

See how ORTEC tackles regulatory gaps, engages the business to keep risk data current, and takes an automated approach audit management with OneTrust.

Learn more

Demystify Security Compliance & Mitigate Risk | OneTrust

OneTrust Compliance Automation helps your team build, scale, and automate your security compliance program.

Learn more

Demystify Security Compliance & Mitigate Risk | OneTrust

OneTrust Compliance Automation helps your team build, scale, and automate your security compliance program.

Learn more

Customer Story

Technology Risk & Compliance

SuccessKPI

Explore how the organization achieved compliance with three major frameworks in one year.

Learn more

Customer Story

Technology Risk & Compliance

SuccessKPI

Explore how the organization achieved compliance with three major frameworks in one year.

Learn more

Customer Story

Technology Risk & Compliance

Ardoq

How the leader in enterprise architecture balances security and productivity

Learn more

Customer Story

Technology Risk & Compliance

Ardoq

How the leader in enterprise architecture balances security and productivity

Learn more

Herramienta de gestión de riesgos de terceros de OneTrust y la CSA | OneTrust

Hazte con la herramienta de gestión de riesgos de terceros de OneTrust y de la CSA, y aprende a automatizar todo el ciclo de vida de la gestión de proveedores.

Learn more

Outil de gestion des risques fournisseur OneTrust-CSA | OneTrust

Avec l’outil OneTrust-CSA, découvrez comment automatiser l’ensemble du cycle de vie de la gestion de vos fournisseurs.

Learn more

Cloud OneTrust GRC & Security Assurance | Demande de démo | OneTrust

Demandez une démonstration du cloud OneTrust GRC and Security Assurance et découvrez notre solution intégrée de gestion des risques en action.

Learn more

Gestion des risques de sécurité informatique

Mettez votre programme de gestion des risques de sécurité informatique en œuvre en automatisant vos pratiques d’évaluation et d’atténuation des risques avec OneTrust.

Learn more

Gestión de riesgos de TI y seguridad

Pon en funcionamiento tu programa de gestión de riesgos de TI y seguridad automatizando la evaluación y la mitigación de riesgos con OneTrust.

Learn more

GRC & Security Assurance Cloud de OneTrust | Solicitar demostración | OneTrust

Solicita una demostración de la GRC and Security Assurance Cloud de OneTrust y descubre el funcionamiento de nuestra solución integrada de gestión de riesgos.

Learn more

Customer Story

Third-Party Risk

PUMA

Multinational sports brand reinvents vendor risk management with collaborative, organization-wide approach.

Learn more

Customer Story

Third-Party Risk

PUMA

Multinational sports brand reinvents vendor risk management with collaborative, organization-wide approach.

Learn more

OneTrust-CSA Lieferantenrisikomanagement-Tool | OneTrust

Holen Sie sich das OneTrust-CSA Lieferantenrisikomanagement-Tool und erfahren Sie, wie Sie den gesamten Lebenszyklus des Lieferantenmanagements automatisieren.

Learn more

OneTrust GRC & Security Assurance Cloud | Demo anfordern | OneTrust

Fordern Sie eine Demo der OneTrust GRC and Security Assurance Cloud an und erleben Sie unsere integrierte Risikomanagementlösung live.

Learn more

Ferramenta de Gerenciamento de Riscos de Fornecedores OneTrust-CSA | OneTrust

Obtenha a ferramenta de gerenciamento de riscos de fornecedores OneTrust-CSA e saiba como automatizar todo o ciclo de vida da gestão de fornecedores.

Learn more

OneTrust GRC & Security Assurance Cloud | Solicitar demonstração | OneTrust

Solicite uma demonstração do pacote de produtos OneTrust GRC & Security Assurance Cloud e conheça nossa solução integrada de gestão de riscos.

Learn more

Gestão de Riscos

Operacionalize seu programa de gerenciamento de riscos de TI e segurança da informação automatizando as práticas de avaliação e mitigação com a OneTrust.

Learn more

IT- & Sicherheitsrisikomanagement

Optimieren Sie mit OneTrust Ihr IT- und Sicherheitsrisikomanagement durch automatisierte Verfahren zur Risikobewertung und -minderung.

Learn more

Strumento Gestione del rischio fornitore OneTrust e CSA | OneTrust

Ottieni lo strumento Gestione del rischio fornitore OneTrust e CSA e scopri come automatizzare l'intero ciclo di vita della gestione dei fornitori.

Learn more

OneTrust GRC & Security Assurance Cloud | Richiedi una demo | OneTrust

Richiedi una demo di OneTrust GRC and Security Assurance Cloud per vedere in azione la nostra soluzione integrata di gestione del rischio.

Learn more

IT and Security Risk Management

Rendi operativo il tuo programma di gestione del rischio relativo alla sicurezza delle informazioni automatizzando le prassi di valutazione e mitigazione dei rischi con OneTrust.

Learn more

Strumento Gestione del rischio fornitore OneTrust e CSA | OneTrust

Ottieni lo strumento Gestione del rischio fornitore OneTrust e CSA e scopri come automatizzare l'intero ciclo di vita della gestione dei fornitori.

Learn more

OneTrust GRC & Security Assurance Cloud | Richiedi una demo | OneTrust

Richiedi una demo di OneTrust GRC and Security Assurance Cloud per vedere in azione la nostra soluzione integrata di gestione del rischio.

Learn more

OneTrust-CSA Lieferantenrisikomanagement-Tool | OneTrust

Holen Sie sich das OneTrust-CSA Lieferantenrisikomanagement-Tool und erfahren Sie, wie Sie den gesamten Lebenszyklus des Lieferantenmanagements automatisieren.

Learn more

OneTrust GRC & Security Assurance Cloud | Demo anfordern | OneTrust

Fordern Sie eine Demo der OneTrust GRC and Security Assurance Cloud an und erleben Sie unsere integrierte Risikomanagementlösung live.

Learn more

IT- & Sicherheitsrisikomanagement

Optimieren Sie mit OneTrust Ihr IT- und Sicherheitsrisikomanagement durch automatisierte Verfahren zur Risikobewertung und -minderung.

Learn more

Ferramenta de Gerenciamento de Riscos de Fornecedores OneTrust-CSA | OneTrust

Obtenha a ferramenta de gerenciamento de riscos de fornecedores OneTrust-CSA e saiba como automatizar todo o ciclo de vida da gestão de fornecedores.

Learn more

OneTrust GRC & Security Assurance Cloud | Solicitar demonstração | OneTrust

Solicite uma demonstração do pacote de produtos OneTrust GRC & Security Assurance Cloud e conheça nossa solução integrada de gestão de riscos.

Learn more

Gestão de Riscos

Operacionalize seu programa de gerenciamento de riscos de TI e segurança da informação automatizando as práticas de avaliação e mitigação com a OneTrust.

Learn more

IT and Security Risk Management

Rendi operativo il tuo programma di gestione del rischio relativo alla sicurezza delle informazioni automatizzando le prassi di valutazione e mitigazione dei rischi con OneTrust.

Learn more

Testimonio de cliente

Riesgos de terceros

PUMA optimiza el cumplimiento normativo con la gestión ágil de riesgos de terceros

La marca deportiva internacional reinventa la gestión de riesgos de terceros con un enfoque colaborativo en toda la organización.

Learn more

Testimonio de cliente

Riesgos de terceros

PUMA optimiza el cumplimiento normativo con la gestión ágil de riesgos de terceros

La marca deportiva internacional reinventa la gestión de riesgos de terceros con un enfoque colaborativo en toda la organización.

Learn more

Témoignage client

Gestion des risques tiers

PUMA

Une multinationale du sport réinvente la gestion des risques tiers avec une approche collaborative à l’échelle de l’organisation.

Learn more

Storia del cliente

Rischi da parte di terzi

Gruppo PUMA

Una multinazionale dello sport reinventa la gestione dei rischi legati ai fornitori con un approccio collaborativo a livello di organizzazione

Learn more

Storia del cliente

Rischi da parte di terzi

Gruppo PUMA

Una multinazionale dello sport reinventa la gestione dei rischi legati ai fornitori con un approccio collaborativo a livello di organizzazione

Learn more

Témoignage client

Gestion des risques tiers

PUMA

Une multinationale du sport réinvente la gestion des risques tiers avec une approche collaborative à l’échelle de l’organisation.

Learn more

Fundamental to Comprehensive: Where Does Your Compliance Program Stand? Infographic | Resources | OneTrust

Learn more

Fundamental to Comprehensive: Where Does Your Compliance Program Stand? Infographic | Resources | OneTrust

Learn more

Webinar

GRC e garanzia di sicurezza

DORA out of the Box: pronti alla normativa grazie a OneTrust!

Visualizza il nostro webinar per scoprire come la nostra piattaforma renda possibile la conformità con gli standard tecnici che le entità finanziarie e i loro fornitori critici di servizi tecnologici di terze parti devono implementare nei propri sistemi ICT.

Learn more

Webinar

GRC e garanzia di sicurezza

DORA out of the Box: pronti alla normativa grazie a OneTrust!

Visualizza il nostro webinar per scoprire come la nostra piattaforma renda possibile la conformità con gli standard tecnici che le entità finanziarie e i loro fornitori critici di servizi tecnologici di terze parti devono implementare nei propri sistemi ICT.

Learn more

Professional

Technology Risk & Compliance

Tech Risk & Compliance Professional

Get hands-on experience with IT & Security Risk Management, Enterprise Policy Management, Incident Management, and Audit Management.

Learn more

Professional

Technology Risk & Compliance

Tech Risk & Compliance Professional

Get hands-on experience with IT & Security Risk Management, Enterprise Policy Management, Incident Management, and Audit Management.

Learn more

Professional

Third-Party Risk

Third-Party Risk Management Professional

Learn the essentials for how to manage and track vendor relationships using the OneTrust platform.

Learn more

Expert

Third-Party Risk

Third-Party Risk Management Expert

Explore how to build custom workflows, add engagements and contracts, and configure personalized dashboards.

Learn more

Professional

Third-Party Risk

Third-Party Risk Management Professional

Learn the essentials for how to manage and track vendor relationships using the OneTrust platform.

Learn more

Expert

Third-Party Risk

Third-Party Risk Management Expert

Explore how to build custom workflows, add engagements and contracts, and configure personalized dashboards.

Learn more

Webinar

GRC e garanzia di sicurezza

Trasformare la Due Diligence: come ridurre i rischi, i costi e le complessità dei processi di gestione del rischio di terze parti

Per gli esperti dell’ufficio acquisti e del procurement, della gestione del rischio e sicurezza, i processi di assessment, scoring e gestione del rischio, due diligence e onboarding di vendor e supplier possono rappresentare un vero e proprio ostacolo all’efficienza operativa, alla sicurezza e al controllo dei costi. Questo webinar ha l’obiettivo di aprire le porte ad una soluzione a 360 gradi che elimina, una ad una, tutte le sfide del caso.

Learn more

Webinar

GRC e garanzia di sicurezza

Trasformare la Due Diligence: come ridurre i rischi, i costi e le complessità dei processi di gestione del rischio di terze parti

Per gli esperti dell’ufficio acquisti e del procurement, della gestione del rischio e sicurezza, i processi di assessment, scoring e gestione del rischio, due diligence e onboarding di vendor e supplier possono rappresentare un vero e proprio ostacolo all’efficienza operativa, alla sicurezza e al controllo dei costi. Questo webinar ha l’obiettivo di aprire le porte ad una soluzione a 360 gradi che elimina, una ad una, tutte le sfide del caso.

Learn more

Infographic

Technology Risk & Compliance

The future of GRC: 10 drivers and trends

In this infographic, we cover the top 10 GRC drivers and trends that will impact the future of organizations, including fragmented internal data and systems.

Learn more

GRC & Security Assurance Cloud de OneTrust | Solicitar demostración | OneTrust

Solicita una demostración de la GRC and Security Assurance Cloud de OneTrust y descubre el funcionamiento de nuestra solución integrada de gestión de riesgos.

Learn more

Herramienta de gestión de riesgos de terceros de OneTrust y la CSA | OneTrust

Hazte con la herramienta de gestión de riesgos de terceros de OneTrust y de la CSA, y aprende a automatizar todo el ciclo de vida de la gestión de proveedores.

Learn more