For this interview, we sat down with Blake Brannon, CTO at OneTrust, to discuss governance, risk management, and compliance (GRC).
More than 8,000 customers, including half of the Fortune 500, use OneTrust to build integrated programs that comply with the CCPA, GDPR, LGPD, PDPA, ISO 27001 and hundreds of the world’s privacy and security laws.
Organizations have been accelerating their digital transformation plans due to the pandemic. How does GRC integrate into the process? What information security challenges do risk management professionals have to be aware of?
The global pandemic and impacts stemming from COVID-19 shook up business operations across the globe. As a result, companies are evolving their information security programs to ensure risk management initiatives span the entire organization.
Businesses typically seek out custom GRC management solutions to streamline and automate complex audit, risk, compliance, and policy operations. Custom solutions aim to increase functionality and efficiency by mirroring specific use-cases and processes, but they are often costly and require heavy support for implementation and ongoing maintenance.
In order to meet the challenges posed by accelerated digital transformation plans during the pandemic, companies must simplify and automate the execution of risk and policy activities, rather than create further complications such as too much data, with too little context to sort through.
OneTrust GRC is built to support these types of challenges. As an integrated risk management platform, OneTrust GRC, delivers a complete, measured view of a business’s risk portfolio, provides clear insights to leadership, and expedites the execution of routine tasks.
Focusing on a user-friendly experience, organizations use our flexible framework to align business operations with standardized risk methodologies. By mapping policies and risk management workflows to controls, organizations can better comply with their own internal governance and external regulatory requirements.
How is the global regulatory landscape impacting businesses? How can GRC technology help address evolving issues for enterprises?
Digital transformation and an increase in security-aware consumers are creating changes in the regulatory environment. As a result, businesses must comply with a host of different information security standards, frameworks, and regulations. Additionally, identifying the overlap between risk management initiatives and controls can be time-consuming for all stakeholders and get lost across different data management tools.
OneTrust GRC provides a centralized platform for organizations to stay in control of these regulatory changes while monitoring and managing governance, risk, and compliance efforts. The technology highlights what risks the business needs to be aware of and offers controls to mitigate risk where possible.
With OneTrust GRC, risk management professionals can get a multi-dimensional view of risk across business domains while measuring compliance to identify regulatory gaps and benchmark performance over time.
Based on the feedback from your customers, what do GRC leaders see as the top challenges in fulfilling regulator requests?
The key challenges organizations face in fulfilling regulator requests is keeping business data up to date. Organizations of all sizes are working to reduce the delay between distributing a risk assessment, receiving responses, understanding their risk insights, and making risk-based decisions. The insights an organization receives from this work can lose value over time if the data isn’t kept up-to-date and monitored for compliance.
By leveraging data classification methods and risk formulas, organizations can reduce lag time, gain real time risk insights and standardize risk at scale. OneTrust GRC provides workflows to find, collect, document and classify data in real-time to gain meaningful risk insights and support compliance.
There’s a growing range of GRC tools for organizations of all sizes. What are the main capabilities of the OneTrust GRC platform? What makes it stand out in the marketplace?
OneTrust GRC is quickly becoming the de-facto standard for GRC technology. Our integrated risk management platform scales with organizations of all sizes and industries and provides a flexible approach to evolving risk and compliance.
OneTrust GRC’s key capabilities include:
- IT & Security Management: Identify and respond to threats and collaborate across data, processes, assets, risks and control owners, both internally and externally.
- Enterprise & Operational Risk Management: Integrate risk across your business to gain real time insights across digital, enterprise and operational risk.
- Audit & Controls Management: Streamline auditing efforts along a guided workflow to complete reporting requirements.
- Vendor Risk Management: Centralize vendors and work seamlessly across teams by automating the engagement lifecycle.
- Policy Management: Map business practices to meet the standards of internal rules and external regulations.
- Business Continuity Support: Create contingency plans to remediate potential risk factors.
What sets our GRC solution apart is that it is integrated into the entire OneTrust platform of trust. Trust differentiates as a business outcome, not simply a compliance exercise. Companies nowneed to mature beyond the tactical governance tools of the past and into a modern platform with centralized workflows that bring together all the elements of trust: privacy, data governance, ethics and compliance, GRC, third-party risk, and ESG. OneTrust does just that.
You’ve received recognition from both Gartner and Forrester. Why do customers choose OneTrust GRC?
As the largest and fastest-growing software in the market, OneTrust is how 8,000 organizations manage privacy, security and governance at scale, all while enabling businesses to comply with internal governance and external regulatory requirements.
Customers choose OneTrust GRC due to our flexible approach to risk management technology. OneTrust GRC deploys new product releases every 3 weeks. This agile release process incorporates customer requests, feedback, and the latest regulatory and industry updates. Releases are deployed on a strategic customer adoption and maturity timeline and minor versions are released via feature toggles to test new functionality.
We’re able to do this thanks to our hard-working and global R&D and regulatory research teams. The company has the industry’s largest dedicated R&D team, with 45% of the 1,500+ employees dedicated to product and customer success. As a result, OneTrust is able to be agile and update the platform to almost instantly meet the needs of its customers.
The platform is updated with the latest privacy laws and security updates thanks to 40+ in-house, full-time privacy, security, and third-party risk researchers and a globally available network of 500 lawyers representing 300 jurisdictions.
As one of our customers, a Director of Compliance, Security and Privacy at a leading healthcare technology organization, shared, “Auditors are used to cumbersome GRC tools, so when they see the OneTrust GRC platform, they are shocked with the flexibility and ease-of-use. Oftentimes our auditors suggest that their clients purchase OneTrust because of this.”
The OneTrust GRC product line continues to expand to support further initiatives undertaken by privacy, third-party risk, information security, operational risk, and audit professionals as they come together to tackle operations around GRC. Loosely tied-together tools cannot support these various teams, which is why OneTrust built the comprehensive GRC platform.