Governance Risk and Compliance Coordinator at HUB International
Real User
Top 20
2024-10-11T16:10:00Z
Oct 11, 2024
I use OneTrust specifically for incident management. For my company, I helped to create the incident management program that we currently use, particularly with gathering the information and sending out assessments to different vendors to collect information for further research and discovery. I also use the platform for processing privacy requests that our company receives. OneTrust is just one of the platforms we use, and we receive privacy requests through multiple channels, such as email and occasionally, phone calls. However, any kind of request we receive is still filtered through OneTrust using their platform to track the request and process it all the way through from the initial notification to the end when it's finally processed. We send out notifications and collect information, all done through OneTrust.
Cyber Security Consultant at a tech services company with 51-200 employees
Real User
Top 20
2024-05-31T15:14:22Z
May 31, 2024
On the privacy front, we used the solution to meet many GDPR requirements, like maintaining a record of processing. We used the OneTrust data processing component or module to keep all the processing activity records. On the GRC front, we used the risk management and audit modules to manage risk assessments and IT audits within the organization.
Initially, we used the product to ensure our company in Brazil followed the recent data protection guidelines. Brazil has data protection laws very similar to GDPR in Europe. We focus on managing data usage and management policies.
Manager, Information Security Risk at a university with 1,001-5,000 employees
Real User
2021-05-28T18:09:00Z
May 28, 2021
I use the solution when internal customers want to engage with a third party through some type of cloud-based system. Right away I start reviewing from that perspective and I get the vendor's information that they are looking to engage with, I input the information into this solution. This solution has a process where I can send questionnaires out to the new prospective vendor. That prospective vendor will provision themselves into the solution by inputting all their information. This prevents me from inputting any information incorrectly. At this stage, I review all the information. The vendor will also upload all of their security documentation. This includes anything they can show that they are performing security best practices on behalf of their customers like us. This solution gives me the ability to double-check that information. I can do a risk review and risk rate it. There is a backend that will do a crowdsourcing type feature. For example, if there are other customers that have reviewed this particular vendor before, I can actually piggyback on that collected information and make my own judgment on whether or not it is a good fit for our environment.
We use this solution for the management of our Privacy Program with a single solution. It helps to show compliance with regulations like GDPR, or CCPA. Vendor Risk Management was one of the main modules we wanted, but having the benefit of additional solutions within the same platform was what convinced us to go with OneTrust. In particular, we were interested in Application inventory, Records of Processing Activities, Website Scanning and Cookie Compliance, Incident Response, Data Mapping, and Assessment Automation. The Data Subject Request Module is very helpful to deal with requests and automate data collection. OneTrust also includes Maturity and Benchmark assessments.
OneTrust is
the largest and most widely used technology platform to operationalize privacy,
security and third-party risk management.
More than 2,500 customers, both big and small and across 100
countries, use OneTrust to demonstrate compliance with privacy
regulations including the GDPR, California Consumer Privacy Act, Brazil LGPD,
and hundreds of the world's privacy laws.
OneTrust's size
and scale allows it to offer the easiest-to-use and most affordable solution
for implementing use...
I use OneTrust specifically for incident management. For my company, I helped to create the incident management program that we currently use, particularly with gathering the information and sending out assessments to different vendors to collect information for further research and discovery. I also use the platform for processing privacy requests that our company receives. OneTrust is just one of the platforms we use, and we receive privacy requests through multiple channels, such as email and occasionally, phone calls. However, any kind of request we receive is still filtered through OneTrust using their platform to track the request and process it all the way through from the initial notification to the end when it's finally processed. We send out notifications and collect information, all done through OneTrust.
I primarily use OneTrust GRC for GRC, which involves vendor management aspects. It helps ascertain levels of compliance concerning vendors.
On the privacy front, we used the solution to meet many GDPR requirements, like maintaining a record of processing. We used the OneTrust data processing component or module to keep all the processing activity records. On the GRC front, we used the risk management and audit modules to manage risk assessments and IT audits within the organization.
We are using OneTrust to implement data privacy within our organization.
Initially, we used the product to ensure our company in Brazil followed the recent data protection guidelines. Brazil has data protection laws very similar to GDPR in Europe. We focus on managing data usage and management policies.
It was used to manage IT and control risks, specifically around network infrastructure and particular assets.
We use OneTrust GRC to evaluate internal and external projects for risk.
I mainly use OneTrust GRC for our incident response workflow and third-party risk management.
I use the solution when internal customers want to engage with a third party through some type of cloud-based system. Right away I start reviewing from that perspective and I get the vendor's information that they are looking to engage with, I input the information into this solution. This solution has a process where I can send questionnaires out to the new prospective vendor. That prospective vendor will provision themselves into the solution by inputting all their information. This prevents me from inputting any information incorrectly. At this stage, I review all the information. The vendor will also upload all of their security documentation. This includes anything they can show that they are performing security best practices on behalf of their customers like us. This solution gives me the ability to double-check that information. I can do a risk review and risk rate it. There is a backend that will do a crowdsourcing type feature. For example, if there are other customers that have reviewed this particular vendor before, I can actually piggyback on that collected information and make my own judgment on whether or not it is a good fit for our environment.
We use this solution for the management of our Privacy Program with a single solution. It helps to show compliance with regulations like GDPR, or CCPA. Vendor Risk Management was one of the main modules we wanted, but having the benefit of additional solutions within the same platform was what convinced us to go with OneTrust. In particular, we were interested in Application inventory, Records of Processing Activities, Website Scanning and Cookie Compliance, Incident Response, Data Mapping, and Assessment Automation. The Data Subject Request Module is very helpful to deal with requests and automate data collection. OneTrust also includes Maturity and Benchmark assessments.