A trusty platform if you provide the logic
July 14, 2022

A trusty platform if you provide the logic

Anonymous | TrustRadius Reviewer
Score 7 out of 10
Vetted Review
Verified User

Overall Satisfaction with OneTrust GRC & Security Assurance Cloud

We utilize OneTrust for 3rd party risk management and to dictate the frequency of review. Using a risk matrix new vendors brought into the platform are assigned a risk level based on data sensitivity and the inherent risk of the vendor. We then use OneTrust to automate information gathering and to schedule reassessments based on risk category.

Pros

  • Centralized repository for documentation of vendor risk.
  • Allows for customizable risk metrics to define inherent risk.
  • Repeatable, defined process for vendor assessments.

Cons

  • Documentation chasing for assessments is not as automated or hands-off as demos made it seem.
  • Getting custom risk matrix set up required professional onboarding.
  • Platform is less than intuitive.
  • Pricing is module dependent and demos do not highlight which module is included in which workflow.
  • Centralized document repository.
  • Repeatable processes.
  • Easily defensible logic for risk based decisions.
  • More uniform vendor assessments.
  • Defensible numeric metrics reflecting risk.
  • Centralized document repository for audit proofs.
OneTrust is more focused on providing an assessment platform than a vendor risk monitoring platform. This difference is why we chose OneTrust. For some, this will be a failure of the product. However, if you take the time to define risk for your organization based on the sensitivity of the data and the inherent risks of a vendor based on infrastructure you will create a unique and understandable metric for risk according to your organization. This adaptability is the strongest feature of OneTrust.

Do you think OneTrust Tech Risk & Compliance delivers good value for the price?

Yes

Are you happy with OneTrust Tech Risk & Compliance's feature set?

Yes

Did OneTrust Tech Risk & Compliance live up to sales and marketing promises?

No

Did implementation of OneTrust Tech Risk & Compliance go as expected?

No

Would you buy OneTrust Tech Risk & Compliance again?

Yes

OneTrust provides a repeatable and defined process for vendor assessments but should be adapted to your organization. OneTrust functions well for a centralized document repository. The pricing of modules and what modules are required for workflows to function fully should be better defined. Automated assessments can wind up in spam filters and should be communicated outside of the platform prior to sending to the vendor.

Comments

More Reviews of OneTrust Tech Risk & Compliance

  1. Home
  2. Governance, Risk & Compliance Platforms
  3. OneTrust Tech Risk & Compliance Reviews
  4. User Review of OneTrust Tech Risk & Compliance