Privacy management firm OneTrust have announced a vendor risk management deal with cloud protection authority Cloud Security Alliance (CSA) to facilitate security and risk compliance services for enterprises. With this deal, OneTrust will offer a free vendor risk assessment platform with a built-in CSA Consensus Assessment (CAIQ), CSA Common Controls Matrix, and CSA GDPR code of conduct templates.
According to OneTrust, GDPR and other privacy laws hold companies and vendors jointly responsible for compliance, resulting in an increased focus on vendors’ data protection policies. They say that this responsibility puts the onus on both stakeholders (vendors and enterprises) to keep up with issues related to risk management as well as the inclusion of languages to boost local participation.
By partnering with CSA, OneTrust say that they will-
1) Offer a free version of their Vendor Risk Management Platform equipped with CSA’s Common Controls Matrix and Consensus Assessment CAIQ, to maintain compliance on the cloud and other IT environments,
2) Translate the Cloud Security Alliance CAIQ, CCM, and GDPR code of conduct templates into a number of European languages, like Danish, Dutch, French, German, Italian, etc. to encourage participation in local markets, and
3) Serve as a founding member of the CSA GDPR Centre of Excellence and on the advisory board, to play an active role in its European strategies.
Speaking about the alliance, Kabir Barday, CEO and Fellow of Information Privacy (FIP) at OneTrust, commented:
We’re proud to build upon our partnership with the CSA and provide their members with new resources for successful privacy and security teams.
Together we can provide members and customers with the industry’s best in vendor risk management tools and templates for GDPR and global privacy law compliance.
CSA are thrilled with this partnership and are looking forward to adding OneTrust’s members to their strategy team. Jim Reavis, CEO, Cloud Security Alliance, commented:
We’re excited to empower our members with their market-leading Vendor Risk Assessment module and give our members access to translated templates leveraging OneTrust’s in-house global privacy translations team.
Together we are enabling cloud vendors to maintain compliance and be successful across GDPR and other global privacy laws.
Patrons of the industry claim that this step taken by OneTrust is in the right direction and is bound to strengthen their offering to the IT market in Europe. This move is reminiscent of Telos’ launch of cyber risk and compliance platform a few months ago.