Vendor Risk Management and the California Consumer Privacy Act (CCPA): How Vendorpedia Helps


With tailored CCPA compliance functionality, OneTrust Vendorpedia helps your business’s vendor risk management program meet CCPA obligations.

Vendor Risk Management Under the CCPA

Under the CCPA, a service provider processes personal information on a business’s behalf. As such, service providers will fall under your vendor risk management program. Businesses like yours should know what service providers are in use, what data they hold, and whether key contract provisions are in place. This information is critical for managing consumers’ requests to opt-out of the sale their personal information or to delete their personal information.

Track Key Contract Terms in Service Provider Agreements for CCPA Compliance

Under the CCPA, service providers have key responsibilities pursuant to written contracts. Service providers must not use, retain, or disclose consumers’ personal information other than for the specific purpose stipulated in the contract, or as otherwise permitted by the CCPA. With OneTrust Vendorpedia, track contractual terms and hold service providers accountable for personal information processing agreements.

Fulfill Consumer Rights Requests That Involve Service Providers

The CCPA requires businesses to work together with service providers in certain scenarios to fulfill consumer rights requests, such as the right of data deletion or the right to opt-out of the sale of personal information. With OneTrust Vendorpedia, businesses can keep records of the service providers processing personal information to know which ones must help fulfill consumer rights requests.

Perform Due Diligence and Automate Risk Assessments

Businesses subject to the CCPA should work with service providers that protect the privacy and security of consumers’ personal information. With OneTrust Vendorpedia, execute automated risk assessments on service providers and track and mitigate risks. Perform due diligence on thousands of service providers with aggregated intelligence within the Global Risk Exchange. Or, use Vendorpedia’s Vendor Risk Chasing Services to offload the assessment process entirely.

Become CCPA-Ready with Service Provider Risk Reporting

Generating regulator-ready reporting is critical to CCPA compliance. And when information is spread out in various spreadsheets and buried in emails, this recordkeeping becomes difficult. With OneTrust Vendorpedia, your business can leverage templated reports to demonstrate vendor risk management compliance as it relates to the CCPA.

Is your business’s vendor risk management
program ready for the CCPA?

Get the Compliance Checklist
Consumer Rights

Track service providers and hold them accountable to the CCPA’s consumer rights requirements

Contract Management

Track key terms for service provider agreements to protect your organization and restrict the unauthorized use of personal information

Reports & Dashboards

Use CCPA reporting templates to generate analytics relating to the risks of your service providers