For this interview we sat down with Blake Brannon, CTO at OneTrustto discuss Governance, Risk Management and Compliance (GRC).
More than 8,000 customers, including half of the Fortune 500, use OneTrust to build integrated programs that comply with CCPA, GDPR, LGPD, PDPA, ISO27001, and hundreds of privacy and security laws around the world.
Companies have accelerated their digital transformation plans due to the pandemic. How does GRC integrate into the process? What information security challenges do risk management professionals need to be aware of?
The global pandemic and the effects of COVID-19 have rocked businesses around the world. As a result, organizations are evolving their information security programs to ensure that risk management initiatives span the entire organization.
Organizations typically look for custom GRC management solutions to streamline and automate complex review, risk, compliance, and policy processes. Custom solutions aim to increase functionality and efficiency by mirroring specific use cases and processes. However, they are often costly and require extensive implementation and ongoing maintenance support.
To address the challenges posed by accelerated plans for digital transformation during the pandemic, organizations need to simplify and automate the execution of risk and policy activities rather than creating further complications like too much data with too little context to search through.
OneTrust GRC is designed to support these types of challenges. As an integrated risk management platform, OneTrust GRC provides a complete, measured view of a company’s risk portfolio, provides clear leadership insights and accelerates the execution of routine tasks.
Companies focus on a user-friendly experience and use our flexible framework to align business operations with standardized risk methodologies. By mapping policies and risk management workflows to controls, companies can better meet their own internal governance and external regulatory requirements.
How is the global regulatory landscape affecting companies? How can GRC technology help address evolving problems for businesses?
Digital transformation and an increase in safety-conscious consumers is leading to changes in the regulatory environment. As a result, companies have to comply with a wide variety of different standards, frameworks and regulations for information security. Additionally, identifying the intersection between risk management initiatives and controls can be time consuming for everyone involved and can be lost with different data management tools.
OneTrust GRC provides a centralized platform for organizations to stay in control of these regulatory changes while monitoring and managing governance, risk, and compliance efforts. The technology highlights what risks the business needs to consider and provides controls to minimize risk where possible.
With OneTrust GRC, risk management professionals can get a multi-dimensional view of risk across business lines while measuring compliance to identify regulatory loopholes and assess performance over time.
Based on feedback from your customers, what do GRC executives see as the greatest challenges in meeting regulatory requirements?
The main challenge companies face in meeting regulatory requirements is keeping business data up to date. Organizations of all sizes work to reduce the delay between distributing a risk assessment, receiving responses, understanding their risk insights, and making risk-based decisions. The insights a company gains from this work can lose value over time if the data is not kept up to date and monitored for compliance.
By using data classification methods and risk formulas, companies can reduce delays, gain real-time risk insights, and standardize risk on a scale. OneTrust GRC provides workflows to find, collect, document, and classify data in real time to gain meaningful insights into risk and help comply with regulations.
There is a growing variety of GRC tools for businesses of all sizes. What are the main features of the OneTrust GRC platform? What makes it stand out in the market?
OneTrust GRC is fast becoming the de facto standard for GRC technology. Our integrated risk management platform scales with companies of all sizes and industries, and offers a flexible approach to risk and compliance advancement.
The key features of OneTrust GRC include:
- IT & security management: Identify and respond to threats and collaborate internally and externally across data, processes, assets, risks and controllers.
- Management of corporate and operational risks: Integrate risk into your business for real-time insights into digital, corporate and operational risks.
- Audit & Controls Management: Streamline review efforts along a guided workflow to meet reporting requirements.
- Supplier risk management: Centralize providers and work seamlessly across teams by automating the engagement lifecycle.
- Policy management: Map business practices to meet the standards of internal rules and external regulations.
- Business Continuity Support: Create contingency plans to eliminate potential risk factors.
The special thing about our GRC solution is that it is integrated into the entire OneTrust trust platform. Trust differs as a business outcome and not just as a compliance exercise. Organizations now need to move beyond the tactical governance tools of the past to a modern platform with centralized workflows that bring together all the elements of trust: privacy, data governance, ethics and compliance, GRC, third party risk, and ESG. OneTrust does just that.
You have received recognition from both Gartner and Forrester. Why do customers choose OneTrust GRC?
OneTrust is the largest and fastest growing software on the market. OneTrust enables 8,000 companies to manage data protection, security and governance at scale while enabling companies to comply with internal governance and external regulatory requirements.
Customers choose OneTrust GRC because of our flexible approach to risk management technology. OneTrust GRC provides new product versions every 3 weeks. This agile approval process includes customer inquiries, feedback, and the latest regulatory and industry updates. Releases are delivered on a strategic timeline for customer adoption and maturity, and smaller versions are released through feature toggles to test new functionality.
We can do this thanks to our hardworking and global research and development and regulatory research teams. The company has the largest dedicated research and development team in the industry. 45% of the more than 1,500 employees are dedicated to product and customer success. This enables OneTrust to be agile and update the platform to meet its customers’ needs almost instantly.
The platform is updated with the latest data protection laws and security updates thanks to more than 40 in-house, full-time third-party privacy, security and risk researchers and a global network of 500 lawyers from 300 jurisdictions.
One of our clients, Director of Compliance, Security and Privacy at a leading healthcare technology company, said, “Auditors are used to cumbersome GRC tools. When they see the OneTrust GRC platform they are shocked at the flexibility and ease of use. useful. Often times, our auditors suggest that their customers buy OneTrust for this reason. “
The OneTrust GRC product line will continue to grow to support additional initiatives from data protection, third-party risk, information security, operational risk, and auditing professionals who come together to address GRC operations. Loosely interconnected tools cannot support these different teams, which is why OneTrust created the comprehensive GRC platform.