In December 2018, privacy management provider OneTrust announced a partnership with the Cloud Security Alliance (CSA) and the availability of free vendor risk assessment capabilities to all CSA members. In the era of the EU's General Data Protection Regulation (GDPR) and similar proliferating data protection regulations around the globe, the enterprise's capacity to evaluate its vendors and partners grows in importance.
OneTrust takes a cloud-based approach to vendor risk assessment, modernizing vendor risk assessment capabilities that were typically offered on-premises by providers in the governance, risk, and compliance (GRC) space. OneTrust's proprietary Vendorpedia database, populated by ongoing crawling and assessment of sources such as corporate privacy policies and company certifications, helps the enterprise automate assessment capabilities that traditionally were very manual and tedious in nature. The result is a process-oriented assessment capability that helps the enterprise maintain a "live" ongoing and accurate view of its vendors, as opposed to the static snapshot methodology of legacy solutions.