OneTrust becomes an indispensable instrument
The challenge for the InfoSec & Compliance team was to establish a comprehensive platform that fulfilled all their needs. At the end of 2017, the InfoSec and Compliance Team selected OneTrust as the platform to accomplish their mission.
Initially starting with the OneTrust Data Mapping tool, the first processing activity and asset assessments took place in March 2018. Due to the changes in Europe with the GDPR, the team realized that the OneTrust platform can do more. They expanded with Vendor Risk Management, Data Subject Request, Incident Management, Maturity & Planning and Cookie Compliance.
OneTrust has become a vital piece of the team. “We can’t do it without OneTrust,” says Holger. “It has become a central component of our compliance and security ecosystem. It’s been on the cutting edge of new compliance and regulatory requirements like LGPD and CCPA.”
How OneTrust helps MSX’s InfoSec & Compliance team on a global level
Data Mapping: The InfoSec & Compliance team uses different OneTrust modules to address several challenges and simplify their daily routine. Before the implementation, all processing activities and assets were saved in different systems and Excel charts. At the initial start, they uploaded over 1,800 processing activities and 700 people to the system. Now, Data Mapping is part of the team’s core processes.
DSAR: MSX receives several data subject requests from their clients that need to be addressed and answered. The process differs from region to region and by location. “GDPR really forced us to be in a position to have to respond within a time bound piece,” notes Hruska, “And we didn’t have a good way of doing it.” Implementing the DSAR module was massively beneficial to MSX as it allows them to control the workflow, gather the exact information needed, work with people directly, and ensure that things are met in time.
Incident Management: Incident Management is a recent entry for MSX which they use exclusively to manage incident responses. MSX has created templates through the self-service portal that people can fill out to report their own security incidents. Additionally, the team has created automated assessments for data loss protection issues with an “alarm” that allows them to create a security incident.
Maturity and Planning: For any standard integration such as ISO 27001 or PCI DSS, the InfoSec & Compliance team uses a dashboard. Additionally, they have implemented a new process that their compliance managers use to generate dashboards on all of their ongoing audits. This allows MSX to communicate within the organization about the compliance status, whether they’re compliant, and show items that need to be addressed in order to move things along.
Vendor Risk Management: MSX uses a self-service portal for their vendors for any security incidents that have happened, new programs they want to apply for, and more. This allows vendors to go into the system and immediately fill out all required information without even having to open a ticket with MSX. “We just saw in the Asia Pacific environment; we had a security incident where the person was able to go in the OneTrust platform and actually kick off their own self-service portal request instead of opening a ticket. We were able to immediately jump in and start working through the issue much faster” says Khris. “It cuts off the red tape and gets the issue right into the inbox.”
