OneTrust Vendorpedia Supports the Top Third-Party Risk Management Standards and Organizations


With strategic partnerships around the world to streamline third-party risk management (TPRM), OneTrust Vendorpedia delivers value to our customers, regardless of location, industry or use case.

Become a Partner
NEW PARTNER

Vendor Security Alliance (VSA)

The latest Vendor Security Alliance (VSA) questionnaire for third-party risk management (TPRM) comes free and out-of-the-box for all OneTrust Vendorpedia customers. Through Vendorpedia, the VSA questionnaire exists in software, not spreadsheets, automating the ability to send the questionnaire and mitigate risks. This is done all through an intuitive user interface that makes assessment completion simpler for your vendors.

GET THE FREE TOOL

Shared Assessments

Shared Assessments offers third-party risk management (TPRM) questionnaires such as the SIG Core and SIG Lite, both of which are made available free of charge in the Vendorpedia platform. Additionally, OneTrust Vendorpedia partners with Shared Assessments to help shape the future of these standards, relaying our customers’ feedback directly to the Shared Assessment team.

Cloud Security Alliance (CSA)

Vendorpedia offers the CSA CAIQ as a standard third-party risk management (TPRM) questionnaire in the assessment template gallery. OneTrust Vendorpedia has helped establish the European GDPR Center of Excellence alongside CSA and incorporates the CSA STAR registry information into the Global Risk Exchange. Additionally, OneTrust Vendorpedia works closely with CSA to offer a free tool to all of the organization’s 80,000 member organizations.

ISACA

As an industry thought leader, OneTrust Vendorpedia partners with ISACA to deliver third-party risk management (TPRM) research and best practices to our customers. Additionally, OneTrust Vendorpedia comes with built-in COBIT controls, as well as other common industry controls. The COBIT controls are made available in the platform, enabling organizations to access the framework and use it as they see fit.

Privacy Shield

The OneTrust Vendorpedia Global Risk Exchange features thousands of vendor profiles, each with third-party risk details on active certifications such as Privacy Shield. If one of your vendor’s PrivacyShield certification expires, the Exchange will automatically notify your team.

CIS Center for Internet Security

Third-party risk management (TPRM) teams turn to organizations like CIS (Center for Internet Security, Inc.) to safeguard against cyber threats. OneTrust Vendorpedia enables third-party risk teams to implement the CIS Controls and CIS Benchmarks.

National Institute of Standards and Technology (NIST)

Many organizations use NIST 800-53 as the standard of choice for their third-party risk management program (TPRM). OneTrust Vendorpedia offers out-of-the-box support for NIST 800-53 and other NIST frameworks.

The National Council of ISACs

The National Council of ISACs, such as FS-ISAC for Finance, and H-ISAC for Healthcare offer best practices for third-party risk management (TPRM) programs in many industries. OneTrust Vendorpedia has developed a partnership with these organizations, participating in global events and other NCI activities.

Become a Partner

Interested in becoming a partner with OneTrust? With strategic partnerships around the world, OneTrust Vendorpedia delivers value to our customers, regardless of location, industry or use case.

  • Get full access to Vendorpedia for 14 Days
  • Build your inventory with Vendor Exchange
  • Collaborate with teammates using workflows
  • Visualize your vendors, assets and data flows
  • Explore knowledge and best practices

Why do we ask for your information? The resources we provide on our website contain OneTrust intellectual property related to our products and research. In an effort to protect this IP, we ask for your basic contact details to help us validate your identity before we open access to these resources.


You can learn more about how we handle your personal data and your rights by reviewing our privacy notice.