Third-Party Risk Management and ISO 27001, 27002, 27701: How Vendorpedia Helps


The International Organization for Standardized (ISO) / International Electrotechnical Commission (IEC) 27000 family of standards are the foundation for many third-party risk management programs. OneTrust Vendorpedia enables organizations to adhere to, and to assess vendors, processors, and other external service providers against security and privacy controls set forth in ISO 27001, ISO 27002, and ISO 27701.

How ISO 27001, 27002, 27701
Impact Third-Party Risk Management Teams

The ISO 27000 family of standards set forth internationally accepted and trusted controls for, among other things, managing the risks created by third parties, including suppliers, vendors, processors, and other external service providers that access or handle information assets. Proper adherence to these controls can help your organization succeed across geographies and industries.

Identify and Track Information Security and Privacy Controls

ISO 27001 and 27002 outline requirements for building both an information security management system (ISMS), while ISO 27701 specifies requirements for a privacy information management system (PIMS). Third-party risk management is a critical discipline within both of these security and privacy systems. OneTrust Vendorpedia features a full library of ISO controls, enabling your organization to understand which vendors have proper controls in place.

Perform Supplier Audits and Monitor Third-Party Risks

ISO 27001, 27002, and 27701 require organizations to assess and document vendors’ security and privacy controls and risks. With OneTrust Vendorpedia, your organization can assess vendors against ISO 27001 and 27002, as well as ISO 27701, to maintain records for compliance and to build a defensible third-party risk management program.

Track Contracts to Meet Security Controls

Contractual provisions are critical for holding vendors accountable to their security and privacy obligations. OneTrust Vendorpedia enables your organization to extract key contract terms that meet ISO 27001, 27002, and 27701 requirements and to track whether vendors are meeting their obligations.

Map the Flow of Sensitive Data

Vendors that interact with your data may put your organization at risk. Therefore, your organization should know where the data goes, where it resides, who has access to it, and whether it has adequate protection. With OneTrust Vendorpedia, track the flow of personal data and maintain records of cross-border data transfers. Additionally, use Vendorpedia to work with relevant vendors to fulfill data subject rights requests.

Is your organization assessing vendors
against ISO 27001, 27002, or 27701?

Request Demo

Implement ISO 27001, 27002, and 27701
Controls with OneTrust Vendorpedia

Automation Engine

Configure workflows with automation triggers to address compliance gaps

Dashboards & Reports

Generate visual dashboards and detailed column reports to track key metrics

Risk Treatment Plans

Identify risks and use workflows to develop and execute risk treatment plans

Onetrust All Rights Reserved