In recent news, OneTrust, a leading platform dedicated to helping organizations utilize data and AI responsibly, has unveiled new features designed to bolster resilience within the financial sector and facilitate compliance with the European Union’s Digital Operational Resilience Act (DORA). These new capabilities, built upon the existing OneTrust Third-Party Management solution, aim to provide organizations with innovative tools such as automated DORA “register of information” report generation and comprehensive screening and compliance data right out of the box.
Shiven Patel, the Director of Third-Party Management at OneTrust, emphasized the importance of understanding and managing risks within an organization’s extended enterprise, particularly in light of increased global requirements for cyber resiliency like DORA. By enhancing their Third-Party Management capabilities with cutting-edge features, OneTrust enables teams to gain visibility, automate risk and compliance management, and fortify resilience against potential threats.
To further support organizations in efficiently managing information and communication technology (ICT) and digital supply chain resilience while operationalizing compliance with DORA, OneTrust has introduced several standout capabilities. These include:
1. 4th- and nth-party risk management: Teams can now identify, link, and evaluate fourth and even nth parties to effectively monitor concentration risk and demonstrate proportionality.
2. Two-click register of information reporting: Users can swiftly generate a comprehensive “register of information” relating to all contractual arrangements regarding the use of ICT services provided by ICT Third-Party Service Providers and ICT service supply chains.
3. Enhanced risk and compliance data feeds: Organizations can satisfy due diligence requirements by screening ICT service providers against pre-existing risk and compliance datasets from prominent sources like Dow Jones Risk & Compliance, HackNotice, ISS-Corporate, RapidRatings, RiskRecon, Security Scorecard, and Supply Wisdom.
The existing Third-Party Management solution from OneTrust is already instrumental in empowering organizations to centralize the entire risk management lifecycle, with a specific focus on ICT and supply chain risks. This solution enables teams to adopt a data-centric and risk-based approach to identifying and mitigating risks while continuously monitoring changes in risk posture. By leveraging OneTrust’s cross-domain insights, organizations can align internal teams and make informed decisions to cultivate a more resilient, secure, and scalable third-party ecosystem.
As the deadline for DORA’s implementation approaches in January 2025, Third-Party Management assists organizations in meeting the Act’s requirements related to third-party ICT, including pre-contract ICT assessment and the inventory, linking, and reporting on the ICT supply chain. Moreover, Third-Party Management seamlessly integrates with other solutions within the OneTrust Platform, facilitating a cohesive approach to compliance automation and the establishment of a fully compliant ICT risk management program.
If you are interested in learning more about OneTrust’s latest capabilities and how they can benefit your organization, be sure to visit booth 412 at the Gartner Security & Risk Management Summit in London from September 23-25.
About OneTrust:
OneTrust is dedicated to unlocking the full potential of data and AI in a responsible manner. Their comprehensive suite of solutions encompasses data and AI security, privacy, governance, risk, ethics, and compliance, enabling seamless collaboration between data and risk teams for trusted innovation. With over 300 patents and a customer base exceeding 14,000 globally, OneTrust is recognized as a market leader in trust.
For more information about OneTrust and their offerings, please visit www.onetrust.com. © 2024 OneTrust LLC. All rights reserved. OneTrust and the OneTrust logo are trademarks or registered trademarks of OneTrust LLC in the United States and other jurisdictions. All other brand and product names are trademarks or registered trademarks of their respective holders.