skip to main content
Close Icon We use cookies to improve your website experience.  To learn about our use of cookies and how you can manage your cookie settings, please see our Cookie Policy.  By continuing to use the website, you consent to our use of cookies.
Global Search Configuration


In December 2018, privacy management provider OneTrust announced a partnership with the Cloud Security Alliance (CSA) and the availability of free vendor risk assessment capabilities to all CSA members.


  • Vendor risk assessment is a data protection prerequisite that goes far beyond meeting the requirements of a single regulation, such as GDPR.
  • OneTrust's vendor risk assessment capabilities are designed to be ongoing and evergreen, modernizing the point assessment approach typified by traditional GRC offerings.
  • The "Vendorpedia" database powering OneTrust's vendor assessment capabilities is a key differentiator, allowing the enterprise to automate monitoring of vendor relationships.

Features and Benefits

  • Evaluates current vendor risk assessment capabilities, as offered by the market, and identifies weak points in methodology.
  • Identifies the role of vendor risk assessment capabilities in meeting the requirements and obligations of GDPR, along with similar regulations.
  • Assesses the need for ongoing, perpetual evaluation of vendor relationships in the data protection regulatory era.
  • Identifies OneTrust's integration capabilities, which facilitate the embedding of vendor risk assessment into existing enterprise workflows.
  • Identifies key technical differentiators of the OneTrust vendor assessment offering, underpinned by its "Vendorpedia" database.

Key questions answered

  • What is the current state of vendor risk assessment capabilities on the market, and why might they not be sufficient for modern regulatory requirements?
  • How can ongoing vendor risk assessment simultaneously help the enterprise achieve both regulatory requirements and enhanced customer loyalty?
  • What technology offered by OneTrust helps the enterprise automate and continually monitor vendor risk assessment?
  • What are OneTrust's differentiators in offering vendor risk assessment, and how can the enterprise expect to integrate the technology into existing workflows?
  • How was OneTrust's proprietary "Vendorpedia" database designed, and how does it relate to existing technology and capabilities offered by the company?

Table of contents

Ovum view

  • Summary
  • Capabilities go far beyond GDPR compliance
  • Meeting the need for ongoing, evergreen vendor assessment
  • Vendorpedia evaluates vendor capabilities and credentials


  • Further reading
  • Author

Recommended Articles


Have any questions? Speak to a Specialist

Europe, Middle East & Africa team: +44 7771 980316

Asia-Pacific team: +61 (0)3 960 16700

US team: +1 212-652-5335

Email us at

You can also contact your named/allocated Client Services Executive using their direct dial.
PR enquiries - Email us at

Contact marketing -

Already an Ovum client? Login to the Knowledge Center now