skip to main content


In December 2018, privacy management provider OneTrust announced a partnership with the Cloud Security Alliance (CSA) and the availability of free vendor risk assessment capabilities to all CSA members.


  • Vendor risk assessment is a data protection prerequisite that goes far beyond meeting the requirements of a single regulation, such as GDPR.
  • OneTrust's vendor risk assessment capabilities are designed to be ongoing and evergreen, modernizing the point assessment approach typified by traditional GRC offerings.
  • The "Vendorpedia" database powering OneTrust's vendor assessment capabilities is a key differentiator, allowing the enterprise to automate monitoring of vendor relationships.

Features and Benefits

  • Evaluates current vendor risk assessment capabilities, as offered by the market, and identifies weak points in methodology.
  • Identifies the role of vendor risk assessment capabilities in meeting the requirements and obligations of GDPR, along with similar regulations.
  • Assesses the need for ongoing, perpetual evaluation of vendor relationships in the data protection regulatory era.
  • Identifies OneTrust's integration capabilities, which facilitate the embedding of vendor risk assessment into existing enterprise workflows.
  • Identifies key technical differentiators of the OneTrust vendor assessment offering, underpinned by its "Vendorpedia" database.

Key questions answered

  • What is the current state of vendor risk assessment capabilities on the market, and why might they not be sufficient for modern regulatory requirements?
  • How can ongoing vendor risk assessment simultaneously help the enterprise achieve both regulatory requirements and enhanced customer loyalty?
  • What technology offered by OneTrust helps the enterprise automate and continually monitor vendor risk assessment?
  • What are OneTrust's differentiators in offering vendor risk assessment, and how can the enterprise expect to integrate the technology into existing workflows?
  • How was OneTrust's proprietary "Vendorpedia" database designed, and how does it relate to existing technology and capabilities offered by the company?

Table of contents

Ovum view

  • Summary
  • Capabilities go far beyond GDPR compliance
  • Meeting the need for ongoing, evergreen vendor assessment
  • Vendorpedia evaluates vendor capabilities and credentials


  • Further reading
  • Author