Trust isn’t just about doing what’s required, but doing what’s right. 

But who defines what is “right” when it comes to your business? What is the north star guiding your organization’s decision making?

For us at OneTrust, it was an organic progression born from our need to manage risk in our privacy and security functions. While the company was founded in 2016, we weren’t able to immediately sit down and say ‘this is what Trust means to us, and here’s how we’re going to pursue it.’

How’d we get here?

We set out to build software that would help companies around the globe follow and adhere to appropriate privacy regulations for their specific industry and geographic locations. As we grew, however, it was imperative we implement and adhere to specific frameworks for our own privacy and security programs.

So OneTrust began earnestly building its Trust Office by pulling in the proper stakeholders who could lead this charge. While I currently serve as the Chief Trust Architect, I started my OneTrust career as the Director of Privacy. I worked alongside our then-VP of security and members of our legal team to create an Integrated Management System (IMS) committee that could take on such a large initiative.

The focus of the committee was to adopt and implement a security framework, with our first audits being carried out against our security controls leveraging ISO 27001 and SOC 2. We soon followed this with ISO 27701 to ensure we managed the processing of personal data appropriately.

As we grew, so did our program implementation in other lines of business, like Ethics & Compliance, as well as Environmental, Social, and Governance (ESG). And this is where that evolution into a trust-based business really presented itself: as we took the proper steps to do what is not just required, but what is right, we built out that same scope of opportunity for our customers through the Trust Intelligence Platform.

If we were going to embark on this journey, why wouldn’t we do the same with our customers? What they were looking to accomplish wasn’t just a compliance-driven effort. They also wanted to build programs focused on trust and transparency with their employees, customers, partners, and community.

5 building blocks to create a Trust Office

The old saying “easier said than done” rings true here, I know. A couple hundred words about what our company did to begin the journey to being a trust-based business pales in comparison to the actual time, resourcing, and effort that went into the change. 

But what I can do is offer five building blocks that could help start this necessary shift. 

1. Evaluate: As with any business decision, you have to evaluate the situation and determine if there’s a reason for the function. In this case, you’re asking a question at the macro level: does my organization need a trust office? From there, evaluate the business as a whole and what trust means to your people, processes, and products. 

2. Enable: Who’s in charge of this new undertaking? Create the role(s) and ensure the person or committee taking this on will be enabled with support from the board room and C-suite. Once this is established, communicate this out to both employees and customers that your organization is taking this charge seriously and looking to begin the process. 

3. Develop: What is the operating model going to look like? What resources are needed to make this happen, and what’s the starting point for that? As I mentioned earlier, it was OneTrust’s need to adopt integrated management systems driven by ISO standards that then created our desire to build a platform that could do the same for our customers. 

4. Establish: Now it’s time for goal setting. Start small and look at a single year. What are the cross functional aspects that can be determined, and how are those met? What ‘wins’ are most important in this year-one ramp-up? Determining those benchmarks will create needed landmarks along the way.

5. Create: Finally, how can we measure this? As with any business initiative, it needs to be tracked. Beware, however. Don’t treat this like run-of-the-mill data gathering, i.e., number of security incidents or other firmographic metrics. Ideally this will be measured in the same way a customer satisfaction rating would be: What’s working, what’s not, how can improvements be made and redundancies removed? Do our people believe our products and processes exude trust?

Who’s doing what?

Using the five building blocks as a guide — and obviously adaptable to whatever your business feels is the best way forward — our Trust Office took shape by collaborating with the following stakeholders and departments who could lend their expertise and insights to this always-on initiative. We created Centers of Excellence (CoE) across specific domains we learned are important to our customers, including:

• Privacy: Led by our Data Protection Officer
• Security: Led by our Chief Information Security Officer
• Ethics & Compliance & ESG: Led by our Chief Ethics & Compliance Officer 

Each Center of Excellence brings together a cross-functional group of experts in their domain to:

• Be the expert in their field to help guide our product, marketing, sales, and support teams as we advise our thousands of global customers on their own programs 
• Serve the community by sharing resources and best practices on their industry and domain 
• Build the best trust program internally using the OneTrust platform   

What’s the benefit?

The headline of this piece is “Does your organization need a Trust Office?” but it could have been “Why your organization needs a Trust Office.” We’re biased, of course, but know there’s true value in establishing such a program in your organization.

Company leadership is on the hook for serving two stakeholders: employees and customers. Both of whom, of course, deserve honesty and transparency from the brand they’re trusting to work with. Our customers helped us understand the deep need to establish a Trust Office, and it’s our responsibility to leverage our own Trust Intelligence Platform and uphold the tenets that make us a trust-based business.

And while it seems daunting to embark on such a program — one that will certainly look different for you than it does for us — we can only say that it’s a worthwhile investment of time and energy. 

Just keep in mind, there is no finish line or final destination on the journey to trust; it’s ever-moving and adaptable. Safe travels!