OneTrust GRC Reviews

I primarily use OneTrust GRC for GLC, which involves vendor management aspects. It helps ascertain levels of compliance concerning vendors.

OneTrust GRC simplifies the deployment of our policies, making them easy to achieve. It has also made policies deploy with ease, aligning with intended organizational goals.

The simplicity of OneTrust GRC, particularly its user interface, is valuable as it makes it easy to use and not complex.

There could be enhancements related to AI. Any improvements AI could provide to make the automation process more efficient would be beneficial. Additionally, machine learning could be included to better assess vendor security posture.

I've been exposed to OneTrust GRC for about a year.

The stability is just fine. It meets the need, and there are no stability issues.

The solution is scalable and can increase capacity to meet our demands.

I have not escalated any questions to tech support yet.

Positive

I have no experience working with any other GRC products apart from OneTrust.

My onboarding was straightforward, with no challenges.

I am not familiar with the pricing, setup cost, or licensing of OneTrust GRC.

OneTrust is recommended for those who need something simplified and effective to achieve policies without excess difficulty.

I'd rate the solution nine out of ten.

I use the solution when internal customers want to engage with a third party through some type of cloud-based system. Right away I start reviewing from that perspective and I get the vendor's information that they are looking to engage with, I input the information into this solution. This solution has a process where I can send questionnaires out to the new prospective vendor. That prospective vendor will provision themselves into the solution by inputting all their information. This prevents me from inputting any information incorrectly. 

At this stage, I review all the information. The vendor will also upload all of their security documentation. This includes anything they can show that they are performing security best practices on behalf of their customers like us. This solution gives me the ability to double-check that information. I can do a risk review and risk rate it. There is a backend that will do a crowdsourcing type feature. For example, if there are other customers that have reviewed this particular vendor before, I can actually piggyback on that collected information and make my own judgment on whether or not it is a good fit for our environment.

By using this solution it has allowed me to free up some of my time and use my resources in other areas. Prior to using this solution, everything was done through a spreadsheet. Now with this solution, a lot of it is relational databases rather than a spreadsheet flat table. This solution also allows automation. You can start automating a lot of your processes as opposed to the manual process of using spreadsheets.

One of the valuable features of this solution is it has the ability to review fourth and fifth parties to the nth degree. 

What this means is, a vendor that is going to engage with us is called a third party. However, sometimes these vendors have their own vendors. The first example, this solution is a third party to us, but this solution uses Azure as their backend database, this is the fourth party to us. I am fine with this because I know Azure is doing its best due diligence with security best practices.

The comparative example, this solution wanted to start using an unknown company, such as Mike and Bob's server farm in Bob's garage as a vendor. I do not know who Mike and Bob are, if they had followed security best practices, do they close that garage door at the end of the night, or do they leave it wide open. All of our data could be sitting on those servers in that garage exposed. I would want to review that fourth party.

As vendors, as our internal customers are bringing these vendors on board with us, they go through this committee. I look at the third party level and question if they have any significant fourth parties. I do not really care about all the small little vendors, such as the person that mows their lawn outside of their office building. However, I do care about a significant fourth party, for example, someone that may be hosting our data on behalf of this third party. This solution allows me to go deep into that information, where other third party risk management platforms that we have reviewed are not able to do. They typically only do the third party level and not the fourth.

They could improve by offering free help. A solution, a lot of times, is not just the use of the solution. For example, it is the overall engagement, how well do they support the system, what is their SLA, and how long their response time is to an issue. It would be beneficial if they had some type of professional services where they offer the first five hours of professional services a year for free. That would be a substantial benefit rather than having to buy professional services or professional services packages.

I have been using the solution for two months.

I have not had any issue with the stability of the solution.

The solution is in the cloud which allows it to scale very well.

The initial installation is straightforward. However, it can be as complex as you want to make it depending on how many internal systems you want to add. The time for installation typically takes three weeks.

We have evaluated other similar solutions and we choose this solution because it allows reviews of more than just the third party vendors.

I rate OneTrust GRC a ten out of ten.

We encounter difficulties creating multiple platforms or interfaces and manual processes for changing certain settings. Additionally, they could work on the issue related to a controller release in the development environment.

We have been using OneTrust GRC for three years.

The platform is stable.

We have around more than 20 OneTrust GRC users in our organization.

The technical support services are good.

Positive

The initial setup process is simple.

The platform is expensive.

The product's feature for automation assists them in workflow management. We receive notifications or cases and prioritize them accordingly, which helps us address issues promptly. It keeps them informed about the company's activities at all times.

Overall, I rate it an eight out of ten.

I mainly use OneTrust GRC for our incident response workflow and third-party risk management.

OneTrust GRC's workflows aren't automated and need to be manually driven. Its audit and compliance also aren't very flexible, and the integration between its different modules isn't 100% and needs to be improved.

I've been using OneTrust GRC for about a year and a half.

OneTrust GRC is stable. 

OneTrust's technical support is very helpful and open to feedback, but their workflow means that their response can take anywhere from a week to months, depending on the issue.

OneTrust GRC's initial setup wasn't difficult, but the problems with integration make it cumbersome.

OneTrust GRC's licensing costs about $15,000 per module.

I would advise those thinking of implementing OneTrust GRC to make sure they have all their requirements clearly defined and make sure they're met, bearing in mind that OneTrust GRC is not a mature tool. I would give OneTrust GRC a rating of six out of ten.

I use OneTrust specifically for incident management. For my company, I helped to create the incident management program that we currently use, particularly with gathering the information and sending out assessments to different vendors to collect information for further research and discovery. 

I also use the platform for processing privacy requests that our company receives. OneTrust is just one of the platforms we use, and we receive privacy requests through multiple channels, such as email and occasionally, phone calls. 

However, any kind of request we receive is still filtered through OneTrust using their platform to track the request and process it all the way through from the initial notification to the end when it's finally processed. We send out notifications and collect information, all done through OneTrust.

OneTrust has streamlined the process of sending notifications to clients, consumers, and stakeholders. It allows tracking of all information within the platform itself, so there is no need to go outside of OneTrust to gather or find information.

The privacy impact assessment automation tool and the incident management tool are very user-friendly. They are excellent at mapping out the processes for establishing a framework for incident processing. OneTrust is very good at linking with different platforms, managing resources for information gathering, and centralizing them into one platform.

I wish there were more customization options, particularly within the privacy rights automation module. More customization on the backend would allow for adjusting specific category labels tailored to our objectives. While they allow for some customization and adding of different categories, some predetermined categories are not modifiable.

I've been using OneTrust for about two years. I had prior experience before my current position, so it has been closer to three years.

It's been quite stable, with very few occasions of major bugs or breakdowns. The stability would be a nine out of ten. Any issues were quickly resolved with a fast turnaround.

The scalability is relatively good, making it easy to create programs that streamline processes. However, some modules are restricted, and achieving tasks within the platform's confines can be tricky for hyper-specific needs.

Their support team is very responsive and knowledgeable. If an expert doesn't know how to address a question, they find someone who can help. They go to great lengths to find a solution if resources or specific representatives aren't available.

Positive

The modules can be restrictive and require working within the platform's confines for certain tasks. This can be tricky for hyper-specific projects.

I don't have specifics on pricing. I know it's not very cheap, but the budget aspect is outside my wheelhouse.

I recommend OneTrust because, despite limited customization, the options they have are top-tier. They offer a lot of good resources for streamlining processes to fit your initiative.

I'd rate the solution nine out of ten.