Try our new research platform with insights from 80,000+ expert users
reviewer2093358 - PeerSpot reviewer
Senior Enterprise Risk Manager at a retailer with 10,001+ employees
Real User
Top 10
Effective privacy management, but the technical support could improve, and it is difficult to implement
Pros and Cons
  • "It does help in the automation of our privacy impact assessments."
  • "There are limitations to customized workflow automation, and they need to increase both the available automation and the customized workflow."

What is our primary use case?

We use OneTrust GRC to evaluate internal and external projects for risk.

How has it helped my organization?

It does help in the automation of our privacy impact assessments.

What needs improvement?

The product itself, and perhaps most importantly, is not truly designed to fit the way people and users do their work.

There are limitations to customized workflow automation, and they need to increase both the available automation and the customized workflow.

For how long have I used the solution?

I have been using OneTrust GRC for one year.

We are working with Athena, which is a specialized version of the OneTrust GRC platform.

Buyer's Guide
OneTrust GRC
November 2024
Learn what your peers think about OneTrust GRC. Get advice and tips from experienced pros sharing their opinions. Updated: November 2024.
823,875 professionals have used our research since 2012.

What do I think about the stability of the solution?

OneTrust GRC is quite stable.

I would rate the stability of OneTrust GRC an eight out of ten.

What do I think about the scalability of the solution?

OneTrust GRC is a scalable product.

I would rate the scalability of this solution an eight out of ten.

How are customer service and support?

Technical support could be improved.

I would rate the technical support a three out of ten.

How was the initial setup?

There are weaknesses in the implementation team, just getting up and running is difficult.

What's my experience with pricing, setup cost, and licensing?

I am not aware of the pricing. I am not involved in the budgeting process.

What other advice do I have?

They need to evaluate it carefully because not all of the different functionalities are developed to the same level of sophistication.

I would rate OneTrust GRC a six out of ten.

Which deployment model are you using for this solution?

Public Cloud
Disclosure: I am a real user, and this review is based on my own experience and opinions.
PeerSpot user
Privacy Manager at Broadcom
Real User
An all-in-one solution for our privacy program that assists with data collection and compliance
Pros and Cons
  • "Vendors can be assessed and rated out of the tool, and assessments can be scheduled for updates at certain intervals."
  • "The Vendor Risk dashboard is quite basic today and not interactive, but improvements are in coming the next releases."

What is our primary use case?

We use this solution for the management of our Privacy Program with a single solution. It helps to show compliance with regulations like GDPR, or CCPA. Vendor Risk Management was one of the main modules we wanted, but having the benefit of additional solutions within the same platform was what convinced us to go with OneTrust.

In particular, we were interested in Application inventory, Records of Processing Activities, Website Scanning and Cookie Compliance, Incident Response, Data Mapping, and Assessment Automation.

The Data Subject Request Module is very helpful to deal with requests and automate data collection. OneTrust also includes Maturity and Benchmark assessments.

How has it helped my organization?

We are still at the beginning, but OneTrust will help us to tie all of the components together for our Privacy Program. Vendors can be assessed and rated out of the tool, and assessments can be scheduled for updates at certain intervals. We can tie the Applications and Processing activities to the vendor to obtain a complete picture.

What is most valuable?

The biggest plus for us is that everything we need for our Privacy Program is in one single tool. There is no switching between different applications, or merging data from different tools, needed to generate our reports. It is a single platform with everything we need.

OneTrust is also very easy and intuitive to use. The Vendorpedia library is very useful when adding new vendors, as it contains information about the Privacy Shield status and other risk framework certificates. OneTrust offers to assess vendors on behalf of the customer, which offloads the follow-up work with vendors on assessments.

What needs improvement?

For the Vendor Risk Module I see only minor functionality improvements needed. Many are already being addressed and OneTrust is very responsive to customer feedback and suggestions. The Vendor Risk dashboard has seen a lot of improvement and is now interactive. Release frequency is three to four weeks.

For how long have I used the solution?

Eight months.

What do I think about the stability of the solution?

We have not seen any stability issues. This includes both before and after version upgrades.

What do I think about the scalability of the solution?

So far, the product seems to scale very well.

How are customer service and technical support?

The support team is very responsive to requests and questions, although we haven't had major issues that would necessitate having to fully use it. They quickly add escalation resources to overcome challenges.

Which solution did I use previously and why did I switch?

We did not use a different solution. We chose OneTrust to build our Privacy Program including Vendor Risk Management.

How was the initial setup?

This initial setup of this solution was easy. The data import depends on the quality and completeness of your data, but that would be the same for every tool.

What about the implementation team?

We used vendor resources to perform the basic configuration and help with the initial data import. I have no complaints with their knowledge and expertise, and the team is very responsive.

What was our ROI?

We have a lot of different functionality and automation in one single tool. This helps a small team to tackle different areas easily.

What's my experience with pricing, setup cost, and licensing?

I found the pricing and setup cost very reasonable.

Which other solutions did I evaluate?

We looked at RSA Archer and MetricStream. Both were very good at what they do, but we wanted the additional options that OneTrust gave us in areas outside of Vendor Risk in the same tool. Pricing did play a role, as well as ease of use. 

What other advice do I have?

You always need to do your homework and determine what you need. With that, you can go out and compare products to determine what the best fit is for your organization. For us, having many different modules in one solution was a big plus.

Which deployment model are you using for this solution?

Private Cloud

If public cloud, private cloud, or hybrid cloud, which cloud provider do you use?

Other
Disclosure: I am a real user, and this review is based on my own experience and opinions.
PeerSpot user
Buyer's Guide
OneTrust GRC
November 2024
Learn what your peers think about OneTrust GRC. Get advice and tips from experienced pros sharing their opinions. Updated: November 2024.
823,875 professionals have used our research since 2012.
Regional Security Officer at a comms service provider with 10,001+ employees
Real User
Top 5Leaderboard
Helps streamline audit and incident management processes and gives a good return on investment
Pros and Cons
  • "The product helps us streamline audit and incident management processes."
  • "The product is not that easy to set up."

What is our primary use case?

Initially, we used the product to ensure our company in Brazil followed the recent data protection guidelines. Brazil has data protection laws very similar to GDPR in Europe. We focus on managing data usage and management policies.

How has it helped my organization?

The product helps us streamline audit and incident management processes. There's also a focus on third-party risk management.

What is most valuable?

The workflow approval process is valuable.

What needs improvement?

The product is not that easy to set up. It is also not easy to get used to the naming convention. It requires in-depth training.

For how long have I used the solution?

I have been using the solution for three months. I am using the latest version of the solution.

What do I think about the stability of the solution?

I rate the solution’s stability a nine out of ten.

What do I think about the scalability of the solution?

The tool is very, very scalable. I rate the scalability a nine out of ten.

How was the initial setup?

The solution is deployed on the cloud. The initial setup is very, very hard.

What was our ROI?

We see a return on investment. We manage our console much faster.

What's my experience with pricing, setup cost, and licensing?

The solution is expensive.

What other advice do I have?

I would recommend the product to others. It's not a silver bullet. If someone doesn’t have the process in place, the tool won't help them. Overall, I rate the solution a nine out of ten.

Disclosure: I am a real user, and this review is based on my own experience and opinions.
PeerSpot user
reviewer1589922 - PeerSpot reviewer
Manager, Information Security Risk at a university with 1,001-5,000 employees
Real User
Increases productivity, multiple level vendor reviews, and is reliable
Pros and Cons
  • "One of the valuable features of this solution is it has the ability to review fourth and fifth parties to the nth degree."
  • "They could improve by offering free help. A solution, a lot of times, is not just the use of the solution. For example, it is the overall engagement, how well do they support the system, what is their SLA, and how long their response time is to an issue. It would be beneficial if they had some type of professional services where they offer the first five hours of professional services a year for free. That would be a substantial benefit rather than having to buy professional services or professional services packages."

What is our primary use case?

I use the solution when internal customers want to engage with a third party through some type of cloud-based system. Right away I start reviewing from that perspective and I get the vendor's information that they are looking to engage with, I input the information into this solution. This solution has a process where I can send questionnaires out to the new prospective vendor. That prospective vendor will provision themselves into the solution by inputting all their information. This prevents me from inputting any information incorrectly. 

At this stage, I review all the information. The vendor will also upload all of their security documentation. This includes anything they can show that they are performing security best practices on behalf of their customers like us. This solution gives me the ability to double-check that information. I can do a risk review and risk rate it. There is a backend that will do a crowdsourcing type feature. For example, if there are other customers that have reviewed this particular vendor before, I can actually piggyback on that collected information and make my own judgment on whether or not it is a good fit for our environment.

How has it helped my organization?

By using this solution it has allowed me to free up some of my time and use my resources in other areas. Prior to using this solution, everything was done through a spreadsheet. Now with this solution, a lot of it is relational databases rather than a spreadsheet flat table. This solution also allows automation. You can start automating a lot of your processes as opposed to the manual process of using spreadsheets.

What is most valuable?

One of the valuable features of this solution is it has the ability to review fourth and fifth parties to the nth degree. 

What this means is, a vendor that is going to engage with us is called a third party. However, sometimes these vendors have their own vendors. The first example, this solution is a third party to us, but this solution uses Azure as their backend database, this is the fourth party to us. I am fine with this because I know Azure is doing its best due diligence with security best practices.

The comparative example, this solution wanted to start using an unknown company, such as Mike and Bob's server farm in Bob's garage as a vendor. I do not know who Mike and Bob are, if they had followed security best practices, do they close that garage door at the end of the night, or do they leave it wide open. All of our data could be sitting on those servers in that garage exposed. I would want to review that fourth party.

As vendors, as our internal customers are bringing these vendors on board with us, they go through this committee. I look at the third party level and question if they have any significant fourth parties. I do not really care about all the small little vendors, such as the person that mows their lawn outside of their office building. However, I do care about a significant fourth party, for example, someone that may be hosting our data on behalf of this third party. This solution allows me to go deep into that information, where other third party risk management platforms that we have reviewed are not able to do. They typically only do the third party level and not the fourth.

What needs improvement?

They could improve by offering free help. A solution, a lot of times, is not just the use of the solution. For example, it is the overall engagement, how well do they support the system, what is their SLA, and how long their response time is to an issue. It would be beneficial if they had some type of professional services where they offer the first five hours of professional services a year for free. That would be a substantial benefit rather than having to buy professional services or professional services packages.

For how long have I used the solution?

I have been using the solution for two months.

What do I think about the stability of the solution?

I have not had any issue with the stability of the solution.

What do I think about the scalability of the solution?

The solution is in the cloud which allows it to scale very well.

How was the initial setup?

The initial installation is straightforward. However, it can be as complex as you want to make it depending on how many internal systems you want to add. The time for installation typically takes three weeks.

Which other solutions did I evaluate?

We have evaluated other similar solutions and we choose this solution because it allows reviews of more than just the third party vendors.

What other advice do I have?

I rate OneTrust GRC a ten out of ten.

Which deployment model are you using for this solution?

Hybrid Cloud
Disclosure: I am a real user, and this review is based on my own experience and opinions.
PeerSpot user
Consultor GRC/IRM at ISH Tecnologia
Real User
Top 20
Has a simple process and good technical support services
Pros and Cons
  • "We receive notifications or cases and prioritize them accordingly, which helps us address issues promptly."
  • "We encounter difficulties creating multiple platforms or interfaces and manual processes for changing certain settings."

What needs improvement?

We encounter difficulties creating multiple platforms or interfaces and manual processes for changing certain settings. Additionally, they could work on the issue related to a controller release in the development environment.

For how long have I used the solution?

We have been using OneTrust GRC for three years.

What do I think about the stability of the solution?

The platform is stable.

What do I think about the scalability of the solution?

We have around more than 20 OneTrust GRC users in our organization.

How are customer service and support?

The technical support services are good.

How would you rate customer service and support?

Positive

How was the initial setup?

The initial setup process is simple.

What's my experience with pricing, setup cost, and licensing?

The platform is expensive.

What other advice do I have?

The product's feature for automation assists them in workflow management. We receive notifications or cases and prioritize them accordingly, which helps us address issues promptly. It keeps them informed about the company's activities at all times.

Overall, I rate it an eight out of ten.

Disclosure: My company has a business relationship with this vendor other than being a customer:
Flag as inappropriate
PeerSpot user
reviewer1945110 - PeerSpot reviewer
Governance, Risk Management & Compliance, Director IT at a tech services company with 1,001-5,000 employees
Real User
Stable solution but lacking flexibility and integration between modules
Pros and Cons
  • "OneTrust GRC is stable."
  • "OneTrust GRC's workflows aren't automated and need to be manually driven."

What is our primary use case?

I mainly use OneTrust GRC for our incident response workflow and third-party risk management.

What needs improvement?

OneTrust GRC's workflows aren't automated and need to be manually driven. Its audit and compliance also aren't very flexible, and the integration between its different modules isn't 100% and needs to be improved.

For how long have I used the solution?

I've been using OneTrust GRC for about a year and a half.

What do I think about the stability of the solution?

OneTrust GRC is stable. 

How are customer service and support?

OneTrust's technical support is very helpful and open to feedback, but their workflow means that their response can take anywhere from a week to months, depending on the issue.

How was the initial setup?

OneTrust GRC's initial setup wasn't difficult, but the problems with integration make it cumbersome.

What's my experience with pricing, setup cost, and licensing?

OneTrust GRC's licensing costs about $15,000 per module.

What other advice do I have?

I would advise those thinking of implementing OneTrust GRC to make sure they have all their requirements clearly defined and make sure they're met, bearing in mind that OneTrust GRC is not a mature tool. I would give OneTrust GRC a rating of six out of ten.

Disclosure: I am a real user, and this review is based on my own experience and opinions.
PeerSpot user
Buyer's Guide
Download our free OneTrust GRC Report and get advice and tips from experienced pros sharing their opinions.
Updated: November 2024
Product Categories
GRC IT Vendor Risk Management
Buyer's Guide
Download our free OneTrust GRC Report and get advice and tips from experienced pros sharing their opinions.