La gestión de riesgos de terceros es un método de gestión de riesgos que se centra en identificar y reducir los riesgos que están relacionados con el uso de terceros (a veces también denominados proveedores, distribuidores, contratistas o proveedores de servicios).
Esta disciplina está diseñada para ofrecer a las organizaciones una comprensión de los terceros que utilizan, cómo los utilizan y qué garantías tienen implementadas sus terceros. El ámbito y los requisitos del programa de gestión de riesgos de terceros dependen de la organización y pueden variar bastante en función de la industria, las directrices normativas y otros factores. Aun así, muchas prácticas recomendadas de gestión de riesgos de terceros son universales y se aplican a todas las empresas u organizaciones.
Aunque las definiciones exactas pueden variar, el término «gestión de riesgos de terceros» a veces se utiliza indistintamente con otros términos comunes del sector, como gestión de riesgos de proveedores, gestión de proveedores o gestión de riesgos de la cadena de suministros. Sin embargo, a menudo se considera que la gestión de riesgos de terceros es la disciplina genérica que abarca todo tipo de terceros y todo tipo de riesgos.
Aunque el riesgo de terceros no es un concepto nuevo, los aumentos de brechas en todos los sectores y una mayor dependencia de la externalización de servicios han puesto esta disciplina en primer plano como nunca antes había ocurrido. Las disrupciones han afectado a casi todas las empresas y a sus terceros; independientemente de su tamaño, ubicación o sector. Además, las brechas de datos o los incidentes de ciberseguridad son bastante comunes. En 2021, el impacto de los terceros sobre la resiliencia empresarial se puso de manifiesto a través de interrupciones y otros incidentes de terceros. Algunas de las formas en que puedes verte afectado son:
La mayoría de las organizaciones modernas confían en terceros para mantener el funcionamiento fluido de sus operaciones. Por lo tanto, cuando tus terceros o proveedores no puedan cumplir con sus obligaciones, podrían producirse impactos devastadores y duraderos.
Por ejemplo, puedes depender de un proveedor de servicios como Amazon Web Services (AWS) para alojar un sitio web o una aplicación en la nube. Si AWS dejara de funcionar, tu sitio web o aplicación también se vería afectado. Otro ejemplo podría ser el uso de un tercero para el envío de mercancías. Si los conductores de la empresa de transportes se pusieran en huelga, esta situación podría retrasar los plazos de entrega acordados y provocar cancelaciones y desconfianza entre los clientes, lo que afectaría a los resultados y la reputación de tu organización de forma negativa.
La externalización es una parte necesaria a la hora de dirigir un negocio moderno. No solo ahorra dinero a las empresas, sino que también es una forma sencilla de sacar partido de la experiencia de una empresa especializada en comparación con la propia. La desventaja es que si no se dispone de un programa adecuado de gestión de riesgos de terceros, depender de terceros podría generar vulnerabilidades en tu negocio
Existen infinitas prácticas recomendadas de gestión de riesgos de terceros que pueden ayudarte a crear un mejor programa; independientemente, de si recién estás comenzando a hacer que la gestión de riesgos de terceros sea una prioridad o si quieres comprender dónde se podría mejorar tu programa actual. Hemos destacado lo que, según nuestra opinión, son las 3 prácticas recomendadas críticas que se aplican a casi todas las empresas.
Todos los proveedores no son igual de importantes, por lo que es fundamental determinar qué terceros son los más esenciales. Para mejorar la eficiencia en tu programa de gestión de riesgos de terceros, segmenta a tus proveedores por niveles de criticidad.
La mayoría de las empresas suelen segmentar a los proveedores en tres grupos:
En la práctica, las organizaciones primero centrarán su tiempo y sus recursos en los proveedores de nivel 1, puesto que requieren una diligencia debida y recopilación de pruebas más estrictas. Por lo general, los proveedores de nivel 1 están sujetos a evaluaciones más detalladas, que a menudo incluyen la validación in situ.
Muchas veces, especialmente durante la evaluación inicial, estos niveles se calculan en función del riesgo inherente del tercero. Las calificaciones de riesgo inherente se generan en función de los análisis comparativos del sector o del contexto de la empresa, como si:
Además, el impacto del proveedor puede ser un factor determinante. Si un tercero no pudiera prestar su servicio, ¿cómo afectaría esta situación a tus operaciones? Cuando se produzca una interrupción significativa, el riesgo del proveedor será inevitablemente mayor. Determina este impacto teniendo en cuenta:
Otra forma de clasificar a los proveedores por nivel es agrupándolos en función del valor del contrato. Los proveedores que supongan un coste significativo podrían segmentarse de forma automática como proveedor de nivel 1 debido al riesgo elevado por el mero coste de su contrato.
Las eficiencias surgen cuando las operaciones son consistentes y se pueden repetir. Hay varios aspectos en el ciclo de vida de gestión de riesgos de terceros donde la automatización resulta ideal. Estos aspectos incluyen, entre otros:
Cada programa de gestión de riesgos de terceros es diferente, así que comienza por observar de manera interna los procesos que se puedan repetir y estén listos para automatizarse. A partir de ahí, comienza poco a poco y toma medidas prácticas para automatizar las tareas clave. Con el tiempo, estas pequeñas automatizaciones irán aportando su granito de arena para acabar ahorrando tiempo, dinero y recursos significativos a tu equipo.
Al considerar un programa de gestión de riesgos de terceros o proveedores, muchas organizaciones piensan de inmediato en los riesgos de ciberseguridad. Pero la gestión de riesgos de terceros implica mucho más que eso. Si bien empezar poco a poco y centrarse solamente en los riesgos de ciberseguridad es un buen primer paso, hay otros tipos de riesgos que también deben priorizarse. Por ejemplo:
En este respecto, la conclusión principal es que comprender todos los tipos de riesgo relevantes (y no solo la ciberseguridad) es imperativo para construir un programa de gestión de riesgos de terceros de calidad.
El ciclo de vida de la gestión de riesgos de terceros comprende la serie de pasos que describen la típica relación con un tercero. A veces, a la gestión de riesgos de terceros se le denomina «gestión de relaciones con terceros». Este término articula mejor el carácter continuo de las interacciones con el proveedor. Normalmente, el ciclo de vida de gestión de riesgos de terceros se divide en varias fases. Estas fases incluyen:
Hay muchas formas de identificar a los terceros con los que tu organización está trabajando en la actualidad, así como formas de identificar a otros terceros que tu organización quiera utilizar.
Para identificar proveedores que ya estén en uso y crear un inventario de proveedores, las organizaciones deben adoptar múltiples enfoques, entre los que se incluyen:
Para identificar a nuevos terceros, las organizaciones a menudo sacarán partido de un portal de autoservicio como parte de su programa de gestión de riesgos de terceros. Con un portal de autoservicio, los responsables pueden crear su inventario. Comparte el portal con tu empresa creando un enlace desde tu intranet o SharePoint. Los portales de autoservicio también ayudan a recopilar información preliminar sobre el tercero como:
Con esta información, puedes clasificar a los terceros en función del riesgo inherente que puedan suponer para tu organización.
Durante la fase de evaluación y selección, las organizaciones consideran las solicitudes de propuesta y eligen al proveedor que quieran utilizar. Esta decisión se toma en base a una serie de factores únicos para el negocio y sus necesidades concretas.
Las evaluaciones de riesgo de proveedor llevan tiempo y consumen muchos recursos, por lo que muchas organizaciones utilizan un Exchange de riesgos de terceros con objeto de acceder a evaluaciones precompletadas. Otros métodos comunes incluyen el uso de hojas de cálculo o software de automatización de evaluaciones. En cualquier caso, el objetivo principal de comprender los riesgos asociados con el proveedor es el mismo.
Las normas más comunes que se utilizan para evaluar a los proveedores incluyen:
Además de normas específicas del sector, como:
Después de realizar una evaluación, se pueden calcular los riesgos y dar comienzo a la mitigación. Los flujos de trabajo de mitigación de riesgos más comunes incluyen las siguientes fases:
A veces, en paralelo con la mitigación de riesgos, la fase de contratación y adquisición es crítica desde la perspectiva de riesgos de terceros. Con frecuencia, los contratos contienen detalles que quedan fuera del ámbito de gestión de riesgos de terceros. Aun así, existen disposiciones, cláusulas y términos clave que los equipos de Gestión de riesgos de terceros deben tener en cuenta a la hora de revisar los contratos con el proveedor.
Como por ejemplo:
Aplica estos aspectos clave para informar sobre los requisitos en un formato estructurado. Simplemente, determina si las cláusulas clave son adecuadas, inadecuadas o no están presentes.
La creación de un programa de gestión de riesgos de terceros sólido requiere que las organizaciones mantengan el cumplimiento normativo. Este paso suele pasarse por alto. Mantener registros detallados en hojas de cálculo es casi imposible a gran escala, por lo que muchas organizaciones optan por implementar el software de gestión de riesgos de terceros. Con un mantenimiento de registros que se pueda auditar, es mucho más fácil informar sobre los aspectos críticos de tu programa a la hora de identificar áreas de mejora.
En la práctica, un panel de información prototípico puede incluir:
Las evaluaciones son el análisis de un momento en el tiempo en lo que respecta a los riesgos de un proveedor; sin embargo, los compromisos con terceros no terminan ahí, ni siquiera tras mitigar los riesgos. La monitorización continua de los proveedores a lo largo de la relación con un tercero es fundamental, al igual que la adaptación cuando surgen nuevos problemas.
Por ejemplo, las nuevas normativas, las noticias negativas, las brechas de datos altamente sensibles y la evolución del uso de un proveedor pueden afectar a los riesgos asociados con tus terceros. Algunos eventos clave que pueden alterar los riesgos y deben monitorizarse son:
Un procedimiento de rescisión exhaustivo es clave, tanto por motivos de seguridad como por requisitos de registro. Muchas organizaciones han desarrollado una lista de verificación de recisión para proveedores, que puede consistir en una evaluación que se pueda enviar tanto de forma interna como externa a la hora de confirmar que se han tomado todas las medidas adecuadas. Dicho esto, también es fundamental mantener un registro detallado de las evidencias de estas actividades para demostrar el cumplimiento normativo en caso de que tenga lugar una consulta o auditoría de carácter regulatorio.
No existe ningún enfoque único en cuanto a la gestión de riesgos de terceros. Todas las empresas son diferentes y, como resultado, no hay ningún departamento clave que sea el responsable de controlar los riesgos de los proveedores. Algunas organizaciones con más recorrido pueden disponer de un equipo de gestión de proveedores o de riesgos de terceros; sin embargo, muchas organizaciones no cuentan con ello. Por tanto, los cargos y departamentos más comunes a la hora de tomar responsabilidades sobre riesgos de terceros son:
La lista de arriba no es exhaustiva en absoluto, aunque la diversa variedad de títulos y departamentos puede arrojar algo de luz sobre los diversos enfoques que se adoptan en lo que respecta a la gestión de riesgos de terceros.
En última instancia, estas partes interesadas y departamentos deben trabajar de manera conjunta para gestionar los proveedores a lo largo de su ciclo de vida. Por lo tanto, la gestión de riesgos de terceros a menudo se extiende a muchos departamentos y a muchos roles diferentes.
Con el software de riesgos de terceros, tu organización puede desarrollar y escalar programas exitosos de gestión de riesgos de terceros que añadan valor a tus resultados. Además, el retorno de la inversión es muy significativo cuando se aprovechan las oportunidades de automatización que proporciona nuestro software diseñado para este propósito tan especial. Entre los mayores beneficios, se incluyen:
La plataforma OneTrust saca partido de nuestra enorme experiencia en GRC gracias a nuestra especialización en gestión de riesgos de terceros, privacidad y gestión de incidentes, entre muchas otras categorías, para ofrecer una experiencia inmersiva de gestión de la privacidad y la seguridad. Reduce tus riesgos de terceros y proveedores con el software de gestión de terceros y el Exchange de riesgos de terceros de OneTrust. Este software permite que puedas ejecutar comprobaciones de cumplimiento normativo y verificar a los proveedores. Además, nuestro software permite que las organizaciones puedan realizar evaluaciones de riesgos de proveedor y mitigar los riesgos a través de una automatización de los flujos de trabajo muy personalizable. El Exchange de riesgos de terceros de OneTrust permite que las empresas puedan acceder a análisis de riesgos e informes sobre lagunas en los controles de proveedores, además de que proporciona a los proveedores la oportunidad de centralizar su información de cumplimiento normativo y promocionarla entre miles de clientes de OneTrust para que se pueda compartir con facilidad.
Seminario web
Acompáñanos en esta sesión dónde repasaremos los principales requisitos de la normativa NIS2 y su impacto. Además, podrás asistir a una demostración práctica y conocer cómo OneTrust te ayuda a resolver los retos de gobernanza, gestión de riesgos y terceros, gestión de incidentes y cumplimiento asociados a la normativa.
Seminario web
Acompáñanos en esta sesión dónde repasaremos los principales requisitos de la normativa NIS2 y su impacto. Además, podrás asistir a una demostración práctica y conocer cómo OneTrust te ayuda a resolver los retos de gobernanza, gestión de riesgos y terceros, gestión de incidentes y cumplimiento asociados a la normativa.
Evento presencial
Pensamos que este é um ótimo momento para estarmos com vocês e, por isso, estamos muito felizes em anunciar a 1ª edição do OneTrust Day Portugal, um evento exclusivo para todo o país, onde vamos falar sobre os temas mais atuais e relevantes no mundo da Privacidade, Inteligência Artificial, Consentimento e Preferências e Gestão de Riscos de Terceiros.
Evento presencial
Pensamos que este é um ótimo momento para estarmos com vocês e, por isso, estamos muito felizes em anunciar a 1ª edição do OneTrust Day Portugal, um evento exclusivo para todo o país, onde vamos falar sobre os temas mais atuais e relevantes no mundo da Privacidade, Inteligência Artificial, Consentimento e Preferências e Gestão de Riscos de Terceiros.
Webinar
Join for a live demo of new features from OneTrust’s Fall release and understand how OneTrust Third-Party Management can revolutionize your third-party risk management approach.
Webinar
Join for a live demo of new features from OneTrust’s Fall release and understand how OneTrust Third-Party Management can revolutionize your third-party risk management approach.
Webinar
In this webinar, our experts will discuss the Canadian regulation and others like it globally, while providing actionable insights into building a robust and mature Third-party program.
Webinar
In this webinar, our experts will discuss the Canadian regulation and others like it globally, while providing actionable insights into building a robust and mature Third-party program.
Blog
Join our OneTrust webinar on tackling IT security risks for banks in South Africa. Explore strategies for safeguarding sensitive data, ensuring POPIA compliance, and managing cyber threats. Gain actionable insights to strengthen your security posture and build customer trust.
Blog
Join our OneTrust webinar on tackling IT security risks for banks in South Africa. Explore strategies for safeguarding sensitive data, ensuring POPIA compliance, and managing cyber threats. Gain actionable insights to strengthen your security posture and build customer trust.
Webinar
Join our upcoming product release webinar to explore how these new capabilities can help your organization navigate complex frameworks, streamline third-party management, and accelerate AI and data innovation.
Webinar
Join our upcoming product release webinar to explore how these new capabilities can help your organization navigate complex frameworks, streamline third-party management, and accelerate AI and data innovation.
Webinar
Join to explore how OneTrust's TPRM solution can revolutionize your third-party risk management approach. We will cover best practices for implementing and leveraging the software to minimize risks.
Webinar
Join to explore how OneTrust's TPRM solution can revolutionize your third-party risk management approach. We will cover best practices for implementing and leveraging the software to minimize risks.
eBook
Streamline third-party relationships and avoid common mistakes in the process.
eBook
Streamline third-party relationships and avoid common mistakes in the process.
Checklist
Third-party management doesn’t have to be a complicated process for your business.
Checklist
Third-party management doesn’t have to be a complicated process for your business.
Infographic
Working with third parties introduces privacy and security risks, making compliance and business growth a balancing act.
Infographic
Working with third parties introduces privacy and security risks, making compliance and business growth a balancing act.
Infographic
Third-party management keeps manufacturing operations running smoothly by verifying vendor and supplier compliance with regulations.
Infographic
Third-party management keeps manufacturing operations running smoothly by verifying vendor and supplier compliance with regulations.
eBook
It’s imperative for security teams to implement a holistic approach to third-party management.
eBook
It’s imperative for security teams to implement a holistic approach to third-party management.
Blog
Overseeing business relationships isn’t just about controlling risk — companies must understand how to manage third parties holistically.
Blog
Overseeing business relationships isn’t just about controlling risk — companies must understand how to manage third parties holistically.
Webinar
Join our upcoming webinar to learn how to navigate the complexities of managing modern slavery, anti-bribery, and corruption within your third-party ecosystem.
Webinar
Join our upcoming webinar to learn how to navigate the complexities of managing modern slavery, anti-bribery, and corruption within your third-party ecosystem.
Webinar
Join us in a webinar where we will discuss PDPL, third-party risk, and compliance best practices. Learn how you can automate and simplify your third-party management program with OneTrust.
Webinar
Join us in a webinar where we will discuss PDPL, third-party risk, and compliance best practices. Learn how you can automate and simplify your third-party management program with OneTrust.
Webinar
Join this APAC webinar to learn the unique competencies of third-party risk and due diligence programs and examine when and how to align them to maximize the effectiveness of each.
Webinar
Join this APAC webinar to learn the unique competencies of third-party risk and due diligence programs and examine when and how to align them to maximize the effectiveness of each.
Webinar
Amidst South Africa's dynamic AI terrain and evolving data privacy regulations like POPIA, mastering third-party risk management is paramount. This session explores the balance between AI innovation and data protection.
Webinar
Amidst South Africa's dynamic AI terrain and evolving data privacy regulations like POPIA, mastering third-party risk management is paramount. This session explores the balance between AI innovation and data protection.
Blog
Learn how to empower your compliance program with a unified third-party management program.
Blog
Learn how to empower your compliance program with a unified third-party management program.
E-Book
Dieser Leitfaden zum Risikomanagement für Dritte gibt Ihnen einen Überblick über die Voraussetzungen für den Aufbau eines erfolgreichen Risikomanagementprogramms für Dritte.
E-Book
Dieser Leitfaden zum Risikomanagement für Dritte gibt Ihnen einen Überblick über die Voraussetzungen für den Aufbau eines erfolgreichen Risikomanagementprogramms für Dritte.
Webinar
Join this webinar to learn best practices for building a resilient third-party ecosystem and maintaining operational continuity in the face of unforeseen challenges.
Webinar
Join this webinar to learn best practices for building a resilient third-party ecosystem and maintaining operational continuity in the face of unforeseen challenges.
eBook
Download this eBook to explore third-party management across industries and key considerations before bringing this approach organization-wide.
eBook
Download this eBook to explore third-party management across industries and key considerations before bringing this approach organization-wide.
Blog
Explore DORA's goals, the new requirements, and how organizations can prepare now to meet the framework ahead of the January 2025 deadline.
Blog
Explore DORA's goals, the new requirements, and how organizations can prepare now to meet the framework ahead of the January 2025 deadline.
Webinar
As innovation teams race to integrate AI into their products and services, new challenges arise for development teams leveraging third-party models. Join the webinar to gain insights on how to navigate AI vendors while mitigating third-party risks.
Webinar
As innovation teams race to integrate AI into their products and services, new challenges arise for development teams leveraging third-party models. Join the webinar to gain insights on how to navigate AI vendors while mitigating third-party risks.
Blog
See our key insights and discover why robust risk management across third parties, fourth parties, and beyond is crucial.
Blog
See our key insights and discover why robust risk management across third parties, fourth parties, and beyond is crucial.
Webinar
The EU has adopted several new Cyber Laws that will impact many businesses and will come into force over the next few months (in October in the case of NISD2) and require actions now. Join the webinar to learn about the latest cyber developments.
Webinar
The EU has adopted several new Cyber Laws that will impact many businesses and will come into force over the next few months (in October in the case of NISD2) and require actions now. Join the webinar to learn about the latest cyber developments.
Webinar
Join this free demo session to learn the ins an outs of OneTrust’s Third-Party Management solution.
Evento presencial
Pensamos que este é um ótimo momento para estarmos com vocês e, por isso, estamos muito felizes em anunciar a 1ª edição do OneTrust Day Portugal, um evento exclusivo para todo o país, onde vamos falar sobre os temas mais atuais e relevantes no mundo da Privacidade, Inteligência Artificial, Consentimento e Preferências e Gestão de Riscos de Terceiros.
Evento presencial
Pensamos que este é um ótimo momento para estarmos com vocês e, por isso, estamos muito felizes em anunciar a 1ª edição do OneTrust Day Portugal, um evento exclusivo para todo o país, onde vamos falar sobre os temas mais atuais e relevantes no mundo da Privacidade, Inteligência Artificial, Consentimento e Preferências e Gestão de Riscos de Terceiros.
Webinar
This webinar will show you how to develop strategies for assessing reputational risks as it relates to third parties and the impact of third-party relationships.
Webinar
This webinar will show you how to develop strategies for assessing reputational risks as it relates to third parties and the impact of third-party relationships.
Webinar
In this webinar, we’ll discuss the unique competencies of third-party risk and due diligence programs and examine when and how to align them.
Webinar
In this webinar, we’ll discuss the unique competencies of third-party risk and due diligence programs and examine when and how to align them.
Infographic
Download our infographic to learn about the new DORA regulation, who needs to comply, and how OneTrust can help streamline the process.
Blog
Read our article on the Digital Operational Resilience Act (DORA) and how organizations can effectively manage ICT risk and third-party risk to ensure compliance
Blog
Read our article on the Digital Operational Resilience Act (DORA) and how organizations can effectively manage ICT risk and third-party risk to ensure compliance
Infographic
Download our infographic to learn about the new DORA regulation, who needs to comply, and how OneTrust can help streamline the process.
Blog
Leggi il nostro articolo sul regolamento sulla resilienza operativa digitale (Digital Operational Resilience Act, DORA) e su come le aziende possono gestire efficacemente i rischi legati alle TIC e alle terze parti per garantire la conformità
Blog
Leggi il nostro articolo sul regolamento sulla resilienza operativa digitale (Digital Operational Resilience Act, DORA) e su come le aziende possono gestire efficacemente i rischi legati alle TIC e alle terze parti per garantire la conformità
Blog
Consulta nuestro artículo sobre el Reglamento sobre resiliencia operativa digital (DORA) y cómo las organizaciones pueden gestionar de forma eficaz el riesgo de las TIC y el riesgo de terceros con objeto de garantizar el cumplimiento normativo
Blog
Consulta nuestro artículo sobre el Reglamento sobre resiliencia operativa digital (DORA) y cómo las organizaciones pueden gestionar de forma eficaz el riesgo de las TIC y el riesgo de terceros con objeto de garantizar el cumplimiento normativo
Webinaire
Webinar : comment relever les défis de la gestion des risques tiers tels que : la complexité croissante des réseaux de fournisseurs, la conformité réglementaire changeante et la nécessité de gérer efficacement les relations avec les tiers pour atténuer les risques et maintenir la continuité des activités.
Webinaire
Webinar : comment relever les défis de la gestion des risques tiers tels que : la complexité croissante des réseaux de fournisseurs, la conformité réglementaire changeante et la nécessité de gérer efficacement les relations avec les tiers pour atténuer les risques et maintenir la continuité des activités.
Seminario web
Acompáñanos el próximo 24 de abril a esta sesión y descubre como OneTrust y Deloitte facilitan la adopción de DORA y sus estándares asociados en una sesión práctica donde veremos desde la Gestión de Riesgos y la Gestión de Incidentes, hasta el Registro de Información de la cadena de suministro.
Seminario web
Acompáñanos el próximo 24 de abril a esta sesión y descubre como OneTrust y Deloitte facilitan la adopción de DORA y sus estándares asociados en una sesión práctica donde veremos desde la Gestión de Riesgos y la Gestión de Incidentes, hasta el Registro de Información de la cadena de suministro.
Webinar
Join our webinar to learn how you can build an well-rounded Third-Party Risk Management Program that works for your organisation
Webinar
Learn how to leverage financial, operations, compliance, ESG, and cyber scores to drive resilience insights and detect possible supply chain disruptions.
Webinar
Learn how to leverage financial, operations, compliance, ESG, and cyber scores to drive resilience insights and detect possible supply chain disruptions.
Infographie
Quels sont les principaux défis auxquels les RSSI sont confrontés ? Téléchargez cette infographie pour connaître l'avis d'experts de tous les secteurs d'activité.
Infographie
Quels sont les principaux défis auxquels les RSSI sont confrontés ? Téléchargez cette infographie pour connaître l'avis d'experts de tous les secteurs d'activité.
Video
Watch this demo video to learn how OneTrust third-party management helps organizations create resilient, secure, and scalable third-party ecosystems.
Video
Watch this demo video to learn how OneTrust third-party management helps organizations create resilient, secure, and scalable third-party ecosystems.
Checklist
See the path to managing third-party risk effectively with a checklist that outlines the six steps for a sound TPRM program.
Checklist
See the path to managing third-party risk effectively with a checklist that outlines the six steps for a sound TPRM program.
Webinar
How can you build a privacy-focused TPRM program? In this webinar, we discuss best practices for privacy compliance when working with third parties, from onboarding to offboarding.
Webinar
How can you build a privacy-focused TPRM program? In this webinar, we discuss best practices for privacy compliance when working with third parties, from onboarding to offboarding.
Kundengeschichte
Multinationale Sportmarke erfindet das Lieferantenrisikomanagement neu – mit einem kollaborativen, unternehmensweiten Ansatz
Kundengeschichte
Multinationale Sportmarke erfindet das Lieferantenrisikomanagement neu – mit einem kollaborativen, unternehmensweiten Ansatz
Blog
Risques tiers liés à l'IA - Comment rester en contrôle ? Découvrez notre approche complète pour l'évaluation de vos fournisseurs
Blog
Risques tiers liés à l'IA - Comment rester en contrôle ? Découvrez notre approche complète pour l'évaluation de vos fournisseurs
Video
Watch this video for the five top trends shaping the third-party management industry this year.
Video
Watch this video for the five top trends shaping the third-party management industry this year.
Blog
Assessing third-party risk for AI vendors is critical to AI governance, but you don’t have to start your assessment process from scratch. Learn more about taking a holistic approach to vendor assessments for AI.
Blog
Assessing third-party risk for AI vendors is critical to AI governance, but you don’t have to start your assessment process from scratch. Learn more about taking a holistic approach to vendor assessments for AI.
Blog
Die Risikobewertung von KI-Anbietern ist ein wichtiger Bestandteil der KI-Governance, aber Sie müssen Ihren Bewertungsprozess nicht bei Null beginnen. Erfahren Sie mehr darüber, wie Sie einen ganzheitlichen Ansatz bei der Bewertung von KI-Anbietern verfolgen.
Blog
Die Risikobewertung von KI-Anbietern ist ein wichtiger Bestandteil der KI-Governance, aber Sie müssen Ihren Bewertungsprozess nicht bei Null beginnen. Erfahren Sie mehr darüber, wie Sie einen ganzheitlichen Ansatz bei der Bewertung von KI-Anbietern verfolgen.
Blog
Evaluar el riesgo de terceros de los proveedores de IA es fundamental para la gobernanza de la IA, pero no tienes por qué iniciar tu proceso de evaluación desde cero. Obtén más información sobre cómo adoptar un enfoque integral con respecto a las evaluaciones de proveedores para la IA.
Blog
Evaluar el riesgo de terceros de los proveedores de IA es fundamental para la gobernanza de la IA, pero no tienes por qué iniciar tu proceso de evaluación desde cero. Obtén más información sobre cómo adoptar un enfoque integral con respecto a las evaluaciones de proveedores para la IA.
Blog
La valutazione dei rischi da parte di terzi per quanto riguarda i vendor di intelligenza artificiale è di fondamentale importanza per la governance dell'IA, ma non è necessario iniziare questo processo da zero. Scopri di più su come adottare un approccio globale alle valutazioni dei vendor di intelligenza artificiale.
Blog
La valutazione dei rischi da parte di terzi per quanto riguarda i vendor di intelligenza artificiale è di fondamentale importanza per la governance dell'IA, ma non è necessario iniziare questo processo da zero. Scopri di più su come adottare un approccio globale alle valutazioni dei vendor di intelligenza artificiale.
Checklist
Managing third-party risk is a critical part of AI governance, but you don’t have to start from scratch. Use these questions to adapt your existing vendor assessments to be used for AI.
Checklist
Managing third-party risk is a critical part of AI governance, but you don’t have to start from scratch. Use these questions to adapt your existing vendor assessments to be used for AI.
Infographic
What key challenges do CISOs face going into the new year? Download this infographic to hear what experts from industries across the board have to say.
Infographic
What key challenges do CISOs face going into the new year? Download this infographic to hear what experts from industries across the board have to say.
Webinar
Join this webinar as we discuss key trends for third-party management and lessons learned over the last year.
Webinar
Join this webinar as we discuss key trends for third-party management and lessons learned over the last year.
Webinar
Attend this demo to see how our TPRM solution can help you identify and mitigate risk as well as automate manual and repetitive tasks to ultimately reduce the time you spend managing your vendors
Webinar
Insight into your third parties’ inherent risks can change the way you run your TPM program.
Webinar
Insight into your third parties’ inherent risks can change the way you run your TPM program.
Webinar
Join our webinar to learn the primary goals of successful Third-Party Risk and Third-Party Due Diligence programs.
Webinar
Join our webinar to learn the primary goals of successful Third-Party Risk and Third-Party Due Diligence programs.
Blog
What role do third parties play in your privacy compliance efforts? Learn how the two functions overlap and ways to keep data secure across your supply chain.
Blog
What role do third parties play in your privacy compliance efforts? Learn how the two functions overlap and ways to keep data secure across your supply chain.
Blog
Quel rôle les tiers jouent-ils dans votre conformité en matière de confidentialité ? Découvrez les connections entre les deux fonctions et comment garantir la sécurité des données dans votre chaîne d’approvisionnement.
Blog
Quel rôle les tiers jouent-ils dans votre conformité en matière de confidentialité ? Découvrez les connections entre les deux fonctions et comment garantir la sécurité des données dans votre chaîne d’approvisionnement.
Webinar
Join our risk assessments experts as we discuss best practices, program templates, and how provide an assessment that provides the best value for your organization.
Webinar
Join our risk assessments experts as we discuss best practices, program templates, and how provide an assessment that provides the best value for your organization.
Webinar
Join our webinar and learn how to save time and streamline third-party risk assessment throughout the TPRM lifecycle.
Webinar
Join our webinar and learn how to save time and streamline third-party risk assessment throughout the TPRM lifecycle.
eBook
Understand the importance of data privacy in third-party risk management, and 10 best practices for achieving privacy compliance when working with third parties.
eBook
Understand the importance of data privacy in third-party risk management, and 10 best practices for achieving privacy compliance when working with third parties.
Blog
Security teams can help create and champion organizational trust despite interdepartmental silos
Blog
As the technological landscape continues to evolve, teams are seeing increases in compliance obligations, regulations, and the proliferation of cloud technology.
Blog
Security teams can help create and champion organizational trust despite interdepartmental silos
Blog
As the technological landscape continues to evolve, teams are seeing increases in compliance obligations, regulations, and the proliferation of cloud technology.
Blog
The cybersecurity awareness hub pulls resources from our experts on the Security CoE, GRC, Privacy, DataGuidance, and TPRM teams to a central resource.
Blog
The cybersecurity awareness hub pulls resources from our experts on the Security CoE, GRC, Privacy, DataGuidance, and TPRM teams to a central resource.
Webinar
Join us for a live demo of OneTrust's third-party risk management solution and see how it can help automate and streamline your TPRM program.
Webinar
Join us for a live demo of OneTrust's third-party risk management solution and see how it can help automate and streamline your TPRM program.
Webinar
Join this webinar to learn how to manage the third-party risk lifecycle across teams while optimizing your processes with automation.
Webinar
Join this webinar to learn how to manage the third-party risk lifecycle across teams while optimizing your processes with automation.
Webinar
In this webinar, we'll share seven practical tips for effective third-party risk monitoring, helping you to identify new risks and take timely action to protect your business.
Webinar
In this webinar, we'll share seven practical tips for effective third-party risk monitoring, helping you to identify new risks and take timely action to protect your business.
Infographic
Learn how to actively screen and monitor your third parties in the OneTrust Third-Party Risk Exchange.
Infographic
Learn how to actively screen and monitor your third parties in the OneTrust Third-Party Risk Exchange.
Webinar
Join our in-depth webinar and learn how to define third-party due dilligence levels and when to apply them during your vendor management lifecycle.
Webinar
Join our in-depth webinar and learn how to define third-party due dilligence levels and when to apply them during your vendor management lifecycle.
Webinar
Join us as we explore how automating third-party management workflows streamlines processes, drives alignment across teams, and reduces reduntant work.
Webinar
Join us as we explore how automating third-party management workflows streamlines processes, drives alignment across teams, and reduces reduntant work.
Webinar
Dieses Webinar erläutert, wie Sie mit einem Third Party Risk Management-Programm datenschutzbezogene Risiken verringern, Compliance Records mit Leichtigkeit führen und die Zusammenarbeit von Geschäftseinheiten fördern können.
Webinar
Dieses Webinar erläutert, wie Sie mit einem Third Party Risk Management-Programm datenschutzbezogene Risiken verringern, Compliance Records mit Leichtigkeit führen und die Zusammenarbeit von Geschäftseinheiten fördern können.
Webinar
In this webinar, we examine the scope of third-party due dilligence, best practices, and industry trends driving greater scrutiny on third parties.
Webinar
In this webinar, we examine the scope of third-party due dilligence, best practices, and industry trends driving greater scrutiny on third parties.
Blog
Learn how to implement an effective third-party risk management program that meets your organization's needs.
Blog
How to start a third-party risk management program: Monitor and maintain performance
Blog
Create a TPRM program that addresses your organization’s highest security risks and aligns with strategic objectives
Blog
Learn how to implement an effective third-party risk management program that meets your organization's needs.
Blog
How to start a third-party risk management program: Monitor and maintain performance
Blog
Create a TPRM program that addresses your organization’s highest security risks and aligns with strategic objectives
Webinar
Join our webinar and learn how to create an effective, privacy-focused third-party risk management (TPRM) program that streamlines recordkeeping and reduces your risk exposure.
Webinar
Join our webinar and learn how to create an effective, privacy-focused third-party risk management (TPRM) program that streamlines recordkeeping and reduces your risk exposure.
Blog
Learn about the different types of third-party risks and how to address each one
Blog
Learn about the different types of third-party risks and how to address each one
Video
See how OneTrust's third-party management solution can help scale your third-party lifecycle and evaluate vendors with real-time risk intelligence.
Video
See how OneTrust's third-party management solution can help scale your third-party lifecycle and evaluate vendors with real-time risk intelligence.
Video
The OneTrust Vendor Risk Management provides businesses access to pre-completed vendor risk assessments while supporting industry standards.
Video
The OneTrust Vendor Risk Management provides businesses access to pre-completed vendor risk assessments while supporting industry standards.
Webinar
Join OneTrust and HackNotice as we discuss effective ways to protect your organization from third-party data breaches and build strong incident response workflows.
Webinar
Join OneTrust and HackNotice as we discuss effective ways to protect your organization from third-party data breaches and build strong incident response workflows.
Webinar
Join our upcoming webinar as we explore the pivotal ways procurement and InfoSec teams can collaborate to reduce third-party risks.
Webinar
Join our upcoming webinar as we explore the pivotal ways procurement and InfoSec teams can collaborate to reduce third-party risks.
Seminario web
Dominar el arte de la diligencia debida y la gestión de riesgos y cómo armonizarlos para maximizar su eficacia.
eBook
Download our eBook to learn practical advice on how to approach third-party risk management like an InfoSec expert.
eBook
Download our eBook to learn practical advice on how to approach third-party risk management like an InfoSec expert.
Blog
OneTrust customers can take advantage of HackNotice’s near real-time breach alerts.
Blog
OneTrust customers can take advantage of HackNotice’s near real-time breach alerts.
Blog
The recent decision cast fresh doubt over the effectiveness of transfer safeguards and supplementary measures in conjunction with the practical application of third-country surveillance laws.
Blog
The recent decision cast fresh doubt over the effectiveness of transfer safeguards and supplementary measures in conjunction with the practical application of third-country surveillance laws.
Webinar
In this live webinar, our expert panel discuss emerging third-party risk regulatory trends in the Nordic region and show how OneTrust can help your business stay complaint.
Webinar
In this live webinar, our expert panel discuss emerging third-party risk regulatory trends in the Nordic region and show how OneTrust can help your business stay complaint.
Webinar
Join us for a live demo of OneTrust's Third-Party Management capabilities and how our holistic approach helps you monitor and screen third parties across critial risk domains with up-to-date intelligence.
Webinar
In this webinar, see how OneTrust's Third-Party Management can help you build a more holistic program that actively monitors your third parties and lowers your risk exposure.
Blog
OneTrust anuncia nuevas innovaciones dentro de su plataforma de Trust Intelligence para ayudar a las empresas a utilizar los datos de forma responsable y desarrollar inteligencia de confianza a escala.
Webinar
In this webinar, you will learn how to reduce the use of spreadsheets for third-party risk management and cut costs when building your TPRM program.
Webinar
In this webinar, you will learn how to reduce the use of spreadsheets for third-party risk management and cut costs when building your TPRM program.
Webinar
Watch this webinar to learn how to align your TPRM and TPDD programs to achieve workflow efficiencies and the distinction between the two discipline areas.
Webinar
Watch this webinar to learn how to align your TPRM and TPDD programs to achieve workflow efficiencies and the distinction between the two discipline areas.
Blog
In-Person Event
Join this OneTrust live event series, which will address critical topics such as navigating data management, compliance automation and third-party risk.
In-Person Event
Join this OneTrust live event series, which will address critical topics such as navigating data management, compliance automation and third-party risk.
Infographic
The number of businesses and third-party suppliers has increased, widening the risk landscape. This infographic shows how businesses are managing that risk.
Infographic
The number of businesses and third-party suppliers has increased, widening the risk landscape. This infographic shows how businesses are managing that risk.
Webinar
Learn how to balance the intricacies of CPRA, VCDPA, CPA, CTDPA, and UCPA when managing third parties and understanding privacy-related risks.
Webinar
Learn how to balance the intricacies of CPRA, VCDPA, CPA, CTDPA, and UCPA when managing third parties and understanding privacy-related risks.
Blog
Businesses need a comprehensive third-party management strategy covering all aspects of their relationships with third parties, such as security, privacy, ethics, and ESG.
Blog
Businesses need a comprehensive third-party management strategy covering all aspects of their relationships with third parties, such as security, privacy, ethics, and ESG.
Blog
Sharing information and resources across organizational silos is mutually beneficial for teams with the common goal of mitigating data privacy risk.
Blog
Sharing information and resources across organizational silos is mutually beneficial for teams with the common goal of mitigating data privacy risk.
Blog
The partnership with Supply Wisdom brings compliance, financial, location-based ESG, and cyber risk data to Exchange customers and their third parties.
Blog
The partnership with Supply Wisdom brings compliance, financial, location-based ESG, and cyber risk data to Exchange customers and their third parties.
Webinar
Attend this webinar to learn about Third-Party Risk Management (TPRM) workflow definition and maintenance best practices you can apply to your business.NEED
Webinar
Attend this webinar to learn about Third-Party Risk Management (TPRM) workflow definition and maintenance best practices you can apply to your business.NEED
Webinar
In this webinar, you will learn how to utilize TPRM to help to optimize workflows, leverage data, and increase accountability across sourcing and procurement.
Webinar
In this webinar, you will learn how to utilize TPRM to help to optimize workflows, leverage data, and increase accountability across sourcing and procurement.
Webinar
Dieses Webinar thematisiert einen strukturierten und effektiven Umgang mit IT-/IS- Risikomanagement.
Webinar
Dieses Webinar thematisiert einen strukturierten und effektiven Umgang mit IT-/IS- Risikomanagement.
Blog
The Third-Party Risk Exchange allows businesses to learn more about each other's security posture, offer SIG Lite assessments on-demand, and more.
Blog
The Third-Party Risk Exchange allows businesses to learn more about each other's security posture, offer SIG Lite assessments on-demand, and more.
Webinar
Our third-party risk software helps you build a vendor inventory, conduct vendor assessments, mitigate risks, monitor vendors over time, and more.
Webinar
Our third-party risk software helps you build a vendor inventory, conduct vendor assessments, mitigate risks, monitor vendors over time, and more.
Blog
From a new focus on ESG to a renewed need for cybersecurity, third-party and vendor risk management solutions have become a priority for organizations.
Blog
From a new focus on ESG to a renewed need for cybersecurity, third-party and vendor risk management solutions have become a priority for organizations.
Seminario web
En la tercera sesión de la Academia RGPD hablaremos sobre los riesgos de proveedores (y empleados), crítico en los programas de privacidad.
Webinar
In this third-party lifecycle webinar, we’ll explore the contracting problem many organizations face when limiting risk exposure while automating processes.
Blog
A well-designed compliance program should apply risk-based due diligence and have a process for the full lifecycle of third-party risk management
Blog
A well-designed compliance program should apply risk-based due diligence and have a process for the full lifecycle of third-party risk management
Video
Watch the demo video to learn how OneTrust Third-Party Risk Management can help your TPRM program meet your privacy team's expectations.
Video
Watch the demo video to learn how OneTrust Third-Party Risk Management can help your TPRM program meet your privacy team's expectations.
Webinar
In this session, we’ll outline how to identify, reduce, and monitor cyber risk as it relates to your third parties including methods for tracking cyber risks over time.
Webinar
In this session, we’ll outline how to identify, reduce, and monitor cyber risk as it relates to your third parties including methods for tracking cyber risks over time.
Webinar
Join OneTrust for a demo on how our privacy management platform helps Canadian businesses streamline ISO 27001:2022 compliance.
Blog
To help organizations take a holistic approach to the third-party contracting and risk management process, OneTrust has partnered with Ironclad.
Webinar
Join OneTrust for a demo on how our privacy management platform helps Canadian businesses streamline ISO 27001:2022 compliance.
Blog
To help organizations take a holistic approach to the third-party contracting and risk management process, OneTrust has partnered with Ironclad.
Blog
CPOs track risk via data mapping, in which data is discovered, assessed, and tracked as it flows throughout the organization, including to third parties.
Blog
CPOs track risk via data mapping, in which data is discovered, assessed, and tracked as it flows throughout the organization, including to third parties.
Webinar
Learn how InfoSec teams can automate scoping mandatory requirements and streamline generating evidence to prove compliance across ISO.
Webinar
Learn how InfoSec teams can automate scoping mandatory requirements and streamline generating evidence to prove compliance across ISO.
Webinar
In this webinar session, we’ll outline how to take a data-driven approach to understand, reduce, and monitor cyber risks as it relates to your third parties.
Webinar
In this webinar session, we’ll outline how to take a data-driven approach to understand, reduce, and monitor cyber risks as it relates to your third parties.
Blog
We are partnering with RiskRecon, a Mastercard Company to make cybersecurity ratings available out-of-the-box to all Third-Party Risk Exchange customers.
Blog
We are partnering with RiskRecon, a Mastercard Company to make cybersecurity ratings available out-of-the-box to all Third-Party Risk Exchange customers.
Webinar
This webinar focuses on the fundamental considerations when managing third parties and enables your organization to build a solid and scalable foundation.
Webinar
This webinar focuses on the fundamental considerations when managing third parties and enables your organization to build a solid and scalable foundation.
Blog
In 2021, there was a 62% global attack spike in ransomware (158% increase in North America), and an increased focus on attacks by regulatory bodies.
Blog
In 2021, there was a 62% global attack spike in ransomware (158% increase in North America), and an increased focus on attacks by regulatory bodies.
Webinar
In this webinar, we provide a live product demonstration to show you how your organization can optimize and scale a third-party risk program.
Webinar
In this webinar, we provide a live product demonstration to show you how your organization can optimize and scale a third-party risk program.
Webinar
This webinar will provide live product demonstrations to show you how your organization can optimize and scale a third-party risk program.
Webinar
Watch this webinar as OneTrust discusses how privacy and security teams can save time throughout the third-party risk assessment lifecycle.
Webinar
Watch this webinar as OneTrust discusses how privacy and security teams can save time throughout the third-party risk assessment lifecycle.
Webinar
We’ll discuss the 7 core metrics successful third-party risk programs track and how to track them, such as critical metrics to track as your program matures.
Webinar
We’ll discuss the 7 core metrics successful third-party risk programs track and how to track them, such as critical metrics to track as your program matures.
Blog
OneTrust simplifies third-party management by enabling control and visibility throughout the entire third-party lifecycle while you manage third parties.
Blog
OneTrust simplifies third-party management by enabling control and visibility throughout the entire third-party lifecycle while you manage third parties.
Blog
OneTrust simplifica la gestión de terceros al permitir el control y la visibilidad a lo largo de todo el ciclo de vida de los terceros mientras tú los administras.
Blog
OneTrust simplifica la gestión de terceros al permitir el control y la visibilidad a lo largo de todo el ciclo de vida de los terceros mientras tú los administras.
Webinar
Learn the top 7 red flags for risky third parties, mitigation tactics for reducing third-party risk, and key ways to streamline risk identification, and more.
Webinar
Learn the top 7 red flags for risky third parties, mitigation tactics for reducing third-party risk, and key ways to streamline risk identification, and more.
Webinar
In this webinar, we'll discuss third-party risk management's role in privacy compliance and cost-effective techniques for maintaining records for compliance.
Webinar
In this webinar, we'll discuss third-party risk management's role in privacy compliance and cost-effective techniques for maintaining records for compliance.
eBook
Ensure your enterprise IT risk assessment is a success with a top-down approach that gets executive buy-in from the start
eBook
Ensure your enterprise IT risk assessment is a success with a top-down approach that gets executive buy-in from the start
Webinar
Watch our LkSG webinar to understand the scope of LkSG, how your company will need to adjust, and the repercussions of noncompliance.
Webinar
Watch our LkSG webinar to understand the scope of LkSG, how your company will need to adjust, and the repercussions of noncompliance.
Blog
As more tasks are outsourced to third-party providers, risk management programs become critical to securing sensitive data
Blog
As more tasks are outsourced to third-party providers, risk management programs become critical to securing sensitive data
Webinar
In this webinar, we discuss best practices for how privacy and security teams can work better to eliminate redundant work, save time, and be more efficient.
Webinar
In this webinar, we discuss best practices for how privacy and security teams can work better to eliminate redundant work, save time, and be more efficient.
Webinar
Watch this webinar to hear how to leverage third-party risk management workflow creation and maintenance best practices.
Webinar
Watch this webinar to hear how to leverage third-party risk management workflow creation and maintenance best practices.
Webinar
In this panel discussion, we address critical points such as defining the metrics to track in relation to third parties and their cybersecurity risks.
Webinar
In this panel discussion, we address critical points such as defining the metrics to track in relation to third parties and their cybersecurity risks.
Webinar
In this webinar, we’ll review services providers under the ADPPA and outline how you can ready your third-party risk program to align with privacy regulations.
Webinar
In this webinar, we’ll review services providers under the ADPPA and outline how you can ready your third-party risk program to align with privacy regulations.
Checklist
Download our LkSG readiness checklist to understand your readiness for risk management systems and responsibilities, and due diligence obligations.
Checklist
Download our LkSG readiness checklist to understand your readiness for risk management systems and responsibilities, and due diligence obligations.
Infographic
In this infographic, you'll discover third-party risk and learn how to operationalize a "3A approach", including addressing evolving risk factors and timelines.
Infographic
In this infographic, you'll discover third-party risk and learn how to operationalize a "3A approach", including addressing evolving risk factors and timelines.
Webinar
In this webinar, we’ll explore these questions and layout 7 must-know best practices to conduct more meaningful third-party risk assessments.
Webinar
In this webinar, we’ll explore these questions and layout 7 must-know best practices to conduct more meaningful third-party risk assessments.
Blog
To become a trust-based business, protect your brand's reputation, and ensure compliance, you'll need to vet and monitor your third-party relationships.
Blog
To become a trust-based business, protect your brand's reputation, and ensure compliance, you'll need to vet and monitor your third-party relationships.
eBook
Understand what it takes to build a successful third-party risk management program through OneTrust's third-party risk management guide.
eBook
Understand what it takes to build a successful third-party risk management program through OneTrust's third-party risk management guide.
Webinar
Join our panel of experts as we discuss the German Supply Chain Due Dilligence Act and the best practices for compliance.
Webinar
Join our panel of experts as we discuss the German Supply Chain Due Dilligence Act and the best practices for compliance.
Blog
The information gathered from security questionnaires is critical in the evaluation of business and security practices, and is crucial for compliance.
Blog
The information gathered from security questionnaires is critical in the evaluation of business and security practices, and is crucial for compliance.
Webinar
This webinar will discuss best practices for how privacy and security teams can work together to eliminate redundant work, save time, and be more efficient.
Webinar
This webinar will discuss best practices for how privacy and security teams can work together to eliminate redundant work, save time, and be more efficient.
Webinar
Join this webinar to learn how you can integrate your Third-Party Risk Management program within a broader IT Security platform
Webinar
Join this webinar to learn how you can integrate your Third-Party Risk Management program within a broader IT Security platform
Webinar
In this webinar, we will provide you with the steps that you need to define a solid third-party risk management program
Webinar
In this webinar, we will provide you with the steps that you need to define a solid third-party risk management program
Blog
OneTrust is expanding its partnership with SecurityScorecard to enable Third-Party Risk Exchange customers to view complementary Cybersecurity Ratings.
Blog
OneTrust is expanding its partnership with SecurityScorecard to enable Third-Party Risk Exchange customers to view complementary Cybersecurity Ratings.
Report
See why Forrester named OneTrust a leader in The Forrester Wave: Third-Party Risk Management Platforms, Q2 2022 report.
Infographic
Download this infographic and learn how a central platform can integrate IT, security, and risk-management and streamline collaboration across your business.
Webinar
Watch this webinar and see how the COVID-19 pandemic forced companies to accelerate automation and scale their third-party management.
Webinar
Watch this webinar and see how the COVID-19 pandemic forced companies to accelerate automation and scale their third-party management.
Blog
A zero-day Java vulnerability, "Spring4Shell" surfaced and experts believe it could be as impactful as 2021's Log4j. Read to learn more.
Webinar
Discover effective strategies for preparing security questionaire responses with our free webinar.
Webinar
Discover effective strategies for preparing security questionaire responses with our free webinar.
Blog
A zero-day Java vulnerability, "Spring4Shell" surfaced and experts believe it could be as impactful as 2021's Log4j. Read to learn more.
Webinar
Watch this webinar and learn how to launch an effective third-party risk managment program and practical methods to track success.
Webinar
Watch this webinar and learn how to launch an effective third-party risk managment program and practical methods to track success.
eBook
Download our guide on third-party management and learn what you need to know to shift your buisness to TPM.
eBook
Download our guide on third-party management and learn what you need to know to shift your buisness to TPM.
Report
Download the 2022 Gartner Peer Insights Customers' Choice for IT VRM Tools to see why customers choose OneTrust Vendorpedia.
Blog
OneTrust has been named a Customers' Choice in the 2022 Gartner Peer Insights ‘Voice of the Customer': IT Vendor Risk Management Tools.
Blog
OneTrust has been named a Customers' Choice in the 2022 Gartner Peer Insights ‘Voice of the Customer': IT Vendor Risk Management Tools.
White Paper
Download this joint research report conducted by CyberRisk Alliance and Vendorpedia to understand today's third-party risk landscape.
White Paper
Download this joint research report conducted by CyberRisk Alliance and Vendorpedia to understand today's third-party risk landscape.
Blog
Introducing QRA cell detection – a powerful QRA enhancement that eases the spreadsheet-based questionnaire response process for vendors.
Blog
Introducing QRA cell detection – a powerful QRA enhancement that eases the spreadsheet-based questionnaire response process for vendors.
Blog
Third-party risk management is key to any business. Learn how to master the TPRM lifecycle across your organization in our newest video blog!
Blog
Third-party risk management is key to any business. Learn how to master the TPRM lifecycle across your organization in our newest video blog!
Blog
Make the business case for TPRM in your organization and get access to our TPRM buy-in guide to learn how! Read the blog to learn more.
Blog
Make the business case for TPRM in your organization and get access to our TPRM buy-in guide to learn how! Read the blog to learn more.
eBook
In this eBook, learn the business value of TPRM software and why all leading organizations rely on it when working with third-party vendors.
eBook
In this eBook, learn the business value of TPRM software and why all leading organizations rely on it when working with third-party vendors.
Webinar
Join this webinar to learn best practices on how your organization can step-up business resilience with better third-party risk management.
Webinar
Watch our free webinar to discover how to optimize your third-party risk program and reduce manual data management with automation.
Webinar
Join this webinar to learn best practices on how your organization can step-up business resilience with better third-party risk management.
Webinar
Watch our free webinar to discover how to optimize your third-party risk program and reduce manual data management with automation.
Blog
Third-Party Trust Management (TPTM) is the next evolution of third-party risk and is key enterprise trust strategy. Learn more in our blog!
Blog
Third-Party Trust Management (TPTM) is the next evolution of third-party risk and is key enterprise trust strategy. Learn more in our blog!
Webinar
Prepare for 2022 Trends in Third-Party Risk Management and future-proof your Third-Party Trust program.
Webinar
Prepare for 2022 Trends in Third-Party Risk Management and future-proof your Third-Party Trust program.
Webinar
This webinar will discuss how to create a Third-Party Risk Management (TPRM) program that prioritizes privacy compliance and simplifies record-keeping.
Webinar
This webinar will discuss how to create a Third-Party Risk Management (TPRM) program that prioritizes privacy compliance and simplifies record-keeping.
Blog
In 2021, TPRM and cybersecurity remained at the forefront of business strategy, so what's next? Learn about 2022 TPRM predictions in our blog!
Blog
In 2021, TPRM and cybersecurity remained at the forefront of business strategy, so what's next? Learn about 2022 TPRM predictions in our blog!
Blog
Learn about the impact of third-party service outages and how to stand up a TPRM-informed business resilience strategy in our latest blog.
Blog
Learn about the impact of third-party service outages and how to stand up a TPRM-informed business resilience strategy in our latest blog.
Blog
A new, critical vulnerability that impacts a popular open-source Java logging library, Apache Log4j 2 exists. Read more in our blog.
Blog
A new, critical vulnerability that impacts a popular open-source Java logging library, Apache Log4j 2 exists. Read more in our blog.
eBook
Download the OneTrust Vendor Risk Management Handbook for an in-depth understanding of updated regulations, requirements and more.
eBook
Download the OneTrust Vendor Risk Management Handbook for an in-depth understanding of updated regulations, requirements and more.
Blog
Learn how to manage risk in a time-friendly, cost-effective way with low effort for your vendors with our SIG 2022 shared assessments support.
Blog
Learn how to manage risk in a time-friendly, cost-effective way with low effort for your vendors with our SIG 2022 shared assessments support.
Blog
For the third consecutive year, OneTrust is a leader in the 2021 Gartner Magic QuadrantTM for IT Vendor Risk Management Tools.
Blog
For the third consecutive year, OneTrust is a leader in the 2021 Gartner Magic QuadrantTM for IT Vendor Risk Management Tools.
Blog
Implementing a consistent security questionnaire answering process will save your organization time and money. Read our guide to learn more.
Blog
Implementing a consistent security questionnaire answering process will save your organization time and money. Read our guide to learn more.
Report
Read why OneTrust once again received analyst recognition The Forrester Wave: Third-Party Risk Management Platforms, Q4 2020.
Webinar
Access this free webinar to learn how to be a trusted vendor.
Webinar
Access this free webinar to learn how to be a trusted vendor.
eBook
Download our third-party risk management eBook and get a complete roadmap to your TPRM lifecycle.
eBook
Download our third-party risk management eBook and get a complete roadmap to your TPRM lifecycle.
Blog
AutoZone Goes the Extra Mile and drives TPRM operations with OneTrust Third-Party Risk Management. Learn more from Auto Zone TPRM, Ryan Walker.
Blog
AutoZone Goes the Extra Mile and drives TPRM operations with OneTrust Third-Party Risk Management. Learn more from Auto Zone TPRM, Ryan Walker.
eBook
Download our guide to building an effective vendor risk management program and how risk exchanges are vital to your business.
Blog
Vendor risk management (VRM) is a form of risk management that focuses on identifying and reducing risks relating to vendors.
Blog
Vendor risk management (VRM) is a form of risk management that focuses on identifying and reducing risks relating to vendors.
Blog
Third-party risk management (TPRM) is a form of risk management that focuses on identifying and reducing risks relating to the use of third parties.
Blog
Third-party risk management (TPRM) is a form of risk management that focuses on identifying and reducing risks relating to the use of third parties.
Blog
Shared Assessments will remain vendor neutral post-acquistion to grow the SIG third-party risk standard globally.
Blog
Shared Assessments will remain vendor neutral post-acquistion to grow the SIG third-party risk standard globally.
Video
Watch the demo of our Questionnaire Response Automation tool and learn how it helps vendors automatically answer any questionnaire.
Video
Watch the demo of our Questionnaire Response Automation tool and learn how it helps vendors automatically answer any questionnaire.
Blog
OneTrust launches Vendorpedia Questionnaire Response Automation to support organizations in automatically answering incoming questionnaires.
Blog
OneTrust launches Vendorpedia Questionnaire Response Automation to support organizations in automatically answering incoming questionnaires.
Blog
The CCPA is only days away from taking effect, and OneTrust has all the resources you need to be CCPA ready by January 1, 2020.
Blog
The CCPA is only days away from taking effect, and OneTrust has all the resources you need to be CCPA ready by January 1, 2020.
Blog
Companies can integrate their information across systems and data collection points to centralize their risk register and reporting efforts.
Blog
Companies can integrate their information across systems and data collection points to centralize their risk register and reporting efforts.
Blog
With the OneTrust Vendor Risk Management platform and data mapping, companies sustain an up-to-date data map and automate alerts and actions.
Blog
With the OneTrust Vendor Risk Management platform and data mapping, companies sustain an up-to-date data map and automate alerts and actions.
Blog
Scale your third-party risk program with pre-populated privacy and security profiles on over 6,000 third-party vendors in OneTrust's Vendorpedia.
Blog
Scale your third-party risk program with pre-populated privacy and security profiles on over 6,000 third-party vendors in OneTrust's Vendorpedia.
Blog
The FStech Awards selected OneTrust as Risk Management Software of the Year in 2018. Thank you to the FStech Awards for this incredible honor
Blog
The FStech Awards selected OneTrust as Risk Management Software of the Year in 2018. Thank you to the FStech Awards for this incredible honor
Blog
OneTrust joins the Cloud Security Alliance or CSA, a global leader in secure cloud computing, to simplify vendor risk management for GDPR compliance.
Blog
OneTrust joins the Cloud Security Alliance or CSA, a global leader in secure cloud computing, to simplify vendor risk management for GDPR compliance.
eBook
Learn how an exchange community of customers and vendors improves security and builds trust.
eBook
Learn how an exchange community of customers and vendors improves security and builds trust.
Request a free demo of OneTrust Third Party Management and get personalized best practice advice from a third-party risk expert.
Get the OneTrust and CSA vendor risk management tool and see how to automate the entire vendor management lifecycle.
Get the OneTrust and CSA vendor risk management tool and see how to automate the entire vendor management lifecycle.
Request a free demo of OneTrust Third Party Management and get personalized best practice advice from a third-party risk expert.
Webinar
Join this webinar series, which will focus on the four foundational pillars of Third-Party Risk Management: Automation, Compliance, Reporting, and Collaboration.
Webinar
Join this webinar series, which will focus on the four foundational pillars of Third-Party Risk Management: Automation, Compliance, Reporting, and Collaboration.
Customer Story
Learn how Rochester Regional Health creates a patient-centric privacy program with OneTrust third-party risk management solutions.
Customer Story
Learn how Rochester Regional Health creates a patient-centric privacy program with OneTrust third-party risk management solutions.
The integration between Atlassian JIRA and OneTrust offers a powerful solution for organizations that need to comply with privacy regulations and manage risk.
Cybersecurity
The integration between BitSight and OneTrust Third-Party Risk is a powerful tool that can help organizations to manage third-party risk and to protect their data.
File Storage & Sharing
OneTrust integrates with DocuSign to automatically send eSignature envelopes and request attestation of responses from customers and vendors.
Cybersecurity
By using Supply Wisdom and OneTrust together, organizations can get a comprehensive view of third-party risk and take proactive steps to mitigate it.
The integration between Atlassian JIRA and OneTrust offers a powerful solution for organizations that need to comply with privacy regulations and manage risk.
Cybersecurity
Integrating OneTrust and BlackKite helps organizations streamline third-party risk assessments while gaining more visibility over technical, financial, and compliance risks.
Compliance
Integrating OneTrust with Bureau van Dijk and RDC can help organizations to identify and assess risks, including financial, operational, and reputational risks.
AML & KYC
Together, Dow Jones and OneTrust offer a powerful solution for third-party risk management, enabling organizations to reduce critical vulnerabilities, improve compliance, and build trust.
Cybersecurity
The integration between BitSight and OneTrust Third-Party Risk is a powerful tool that can help organizations to manage third-party risk and to protect their data.
Cybersecurity
ISS Corporate Solutions provides cyber risk management solutions that help organizations understand their own cyber resilience and the security posture of their vendors.
File Storage & Sharing
OneTrust integrates with DocuSign to automatically send eSignature envelopes and request attestation of responses from customers and vendors.
AML & KYC
Dun & Bradstreet and OneTrust offer a powerful solution for third-party risk management by integrating data and insights to help organizations identify and monitor risks.
Identity Access Management & Identity Verification
SecurityScorecard and OneTrust integrate to provide a comprehensive view of third-party cybersecurity posture and automate risk mitigation.
Cybersecurity
RiskRecon integrates with OneTrust to provide organizations with cybersecurity scores and more, which can be pulled on a scheduled basis.
Cybersecurity
Stay up-to-date on the latest threat intelligence about your organizations third-party vendors by integrating OneTrust with Recorded Future.
Cybersecurity
UpGuard and OneTrust Third-Party Risk Management integrate so organizations have a comprehensive view of third-party risk to help prevent data breaches.
Analytics
Ingest OneTrust data into Tableau for customized dashboards and analytics to drive insight into the privacy program’s activity and create custom reports.
Cybersecurity
By using Supply Wisdom and OneTrust together, organizations can get a comprehensive view of third-party risk and take proactive steps to mitigate it.
Compliance
The integration with LexisNexis Risk Solutions and OneTrust can help complete consumer requests requirements under the CCPA and other state privacy laws.
Hazte con la herramienta de gestión de riesgos de terceros de OneTrust y de la CSA, y aprende a automatizar todo el ciclo de vida de la gestión de proveedores.
Avec l’outil OneTrust-CSA, découvrez comment automatiser l’ensemble du cycle de vie de la gestion de vos fournisseurs.
Demandez une démonstration gratuite de la solution OneTrust pour la gestion des tiers et obtenez des conseils personnalisés d’un expert sur les bonnes pratiques du secteur.
Solicita una demostración gratuita de Gestión de riesgos de terceros de OneTrust y recibe consejos personalizados sobre prácticas recomendadas de un experto.
Customer Story
Multinational sports brand reinvents vendor risk management with collaborative, organization-wide approach.
Customer Story
Multinational sports brand reinvents vendor risk management with collaborative, organization-wide approach.
Fordern Sie eine kostenfreie Demo des OneTrust Drittparteienrisikomanagements an und lassen Sie sich von einem Experten für Drittparteirisiken persönlich beraten.
Holen Sie sich das OneTrust-CSA Lieferantenrisikomanagement-Tool und erfahren Sie, wie Sie den gesamten Lebenszyklus des Lieferantenmanagements automatisieren.
Blog
Dieser Blog diskutiert, wie ein effektives Third Party Management etabliert werden kann, das Sicherheit für Datenschutz-, Sicherheits-, Ethik- und ESG-Teams schafft.
Solicite uma demonstração gratuita da ferramenta de Gestão de Riscos de Terceiros da OneTrust e obtenha o aconselhamento personalizado de um especialista sobre boas práticas nesse campo.
Obtenha a ferramenta de gerenciamento de riscos de fornecedores OneTrust-CSA e saiba como automatizar todo o ciclo de vida da gestão de fornecedores.
Richiedi una demo gratuita di Third Party Management di OneTrust e ricevi pratiche consigliate personalizzate da un esperto dei rischi da parte di terzi.
Ottieni lo strumento Gestione del rischio fornitore OneTrust e CSA e scopri come automatizzare l'intero ciclo di vita della gestione dei fornitori.
Richiedi una demo gratuita di Third Party Management di OneTrust e ricevi pratiche consigliate personalizzate da un esperto dei rischi da parte di terzi.
Ottieni lo strumento Gestione del rischio fornitore OneTrust e CSA e scopri come automatizzare l'intero ciclo di vita della gestione dei fornitori.
Fordern Sie eine kostenfreie Demo des OneTrust Drittparteienrisikomanagements an und lassen Sie sich von einem Experten für Drittparteirisiken persönlich beraten.
Holen Sie sich das OneTrust-CSA Lieferantenrisikomanagement-Tool und erfahren Sie, wie Sie den gesamten Lebenszyklus des Lieferantenmanagements automatisieren.
Blog
Dieser Blog diskutiert, wie ein effektives Third Party Management etabliert werden kann, das Sicherheit für Datenschutz-, Sicherheits-, Ethik- und ESG-Teams schafft.
Solicite uma demonstração gratuita da ferramenta de Gestão de Riscos de Terceiros da OneTrust e obtenha o aconselhamento personalizado de um especialista sobre boas práticas nesse campo.
Obtenha a ferramenta de gerenciamento de riscos de fornecedores OneTrust-CSA e saiba como automatizar todo o ciclo de vida da gestão de fornecedores.
Testimonio de cliente
La marca deportiva internacional reinventa la gestión de riesgos de terceros con un enfoque colaborativo en toda la organización.
Testimonio de cliente
La marca deportiva internacional reinventa la gestión de riesgos de terceros con un enfoque colaborativo en toda la organización.
Témoignage client
Une multinationale du sport réinvente la gestion des risques tiers avec une approche collaborative à l’échelle de l’organisation.
Storia del cliente
Una multinazionale dello sport reinventa la gestione dei rischi legati ai fornitori con un approccio collaborativo a livello di organizzazione
Storia del cliente
Una multinazionale dello sport reinventa la gestione dei rischi legati ai fornitori con un approccio collaborativo a livello di organizzazione
Témoignage client
Une multinationale du sport réinvente la gestion des risques tiers avec une approche collaborative à l’échelle de l’organisation.
Compliance
Valence Security and OneTrust have partnered to create a seamless integration between SSPM and TPRM, bridging the gap between risk managers and security analysts.
Compliance
Valence Security and OneTrust have partnered to create a seamless integration between SSPM and TPRM, bridging the gap between risk managers and security analysts.
Analytics
Ingest OneTrust data into Tableau for customized dashboards and analytics to drive insight into the privacy program’s activity and create custom reports.
Cybersecurity
UpGuard and OneTrust Third-Party Risk Management integrate so organizations have a comprehensive view of third-party risk to help prevent data breaches.
Compliance
The integration with LexisNexis Risk Solutions and OneTrust can help complete consumer requests requirements under the CCPA and other state privacy laws.
Cybersecurity
ISS Corporate Solutions provides cyber risk management solutions that help organizations understand their own cyber resilience and the security posture of their vendors.
Compliance
Integrating OneTrust with Bureau van Dijk and RDC can help organizations to identify and assess risks, including financial, operational, and reputational risks.
AML & KYC
Dun & Bradstreet and OneTrust offer a powerful solution for third-party risk management by integrating data and insights to help organizations identify and monitor risks.
AML & KYC
Together, Dow Jones and OneTrust offer a powerful solution for third-party risk management, enabling organizations to reduce critical vulnerabilities, improve compliance, and build trust.
Cybersecurity
Stay up-to-date on the latest threat intelligence about your organizations third-party vendors by integrating OneTrust with Recorded Future.
Cybersecurity
Integrating OneTrust and BlackKite helps organizations streamline third-party risk assessments while gaining more visibility over technical, financial, and compliance risks.
Cybersecurity
RiskRecon integrates with OneTrust to provide organizations with cybersecurity scores and more, which can be pulled on a scheduled basis.
Identity Access Management & Identity Verification
SecurityScorecard and OneTrust integrate to provide a comprehensive view of third-party cybersecurity posture and automate risk mitigation.
Customer Story
See how this Southern Veterinary Partners improved third-party risk management and enhanced its security and efficiency.
Customer Story
See how this Southern Veterinary Partners improved third-party risk management and enhanced its security and efficiency.
Customer Story
Learn how OneTrust helped Progress build a robust compliance deparment and fostered employee trust.
Customer Story
Learn how OneTrust helped Progress build a robust compliance deparment and fostered employee trust.
Solicita una demostración gratuita de Gestión de riesgos de terceros de OneTrust y recibe consejos personalizados sobre prácticas recomendadas de un experto.
Hazte con la herramienta de gestión de riesgos de terceros de OneTrust y de la CSA, y aprende a automatizar todo el ciclo de vida de la gestión de proveedores.
GRC e garanzia di sicurezza
Partecipa al nostro webinar il 24 ottobre alle 11:00 per approfondire i principali requisiti della Direttiva NIS2 e il suo impatto sul territorio italiano.
GRC e garanzia di sicurezza
Partecipa al nostro webinar il 24 ottobre alle 11:00 per approfondire i principali requisiti della Direttiva NIS2 e il suo impatto sul territorio italiano.