Solve evolving business problems with GRC technology
For this interview, we spoke with Blake Brannon, CTO at OneTrust, to discuss governance, risk management and compliance (GRC).
Over 8,000 customers, half of the Fortune 500, use OneTrust to create integrated programs that comply with CCPA, GDPR, LGPD, PDPA, ISO27001 and hundreds of global privacy and security laws.
Organizations have accelerated their digital transformation plans due to the pandemic. How does GRC fit into the process? What information security challenges should risk management professionals be aware of?
The global pandemic and the impacts of COVID-19 have disrupted business operations around the world. As a result, companies are evolving their information security programs to ensure that risk management initiatives cover the entire organization.
Organizations typically seek custom GRC management solutions to streamline and automate complex audit, risk, compliance, and policy operations. Custom solutions aim to increase functionality and efficiency by reflecting specific use cases and processes, but they are often expensive and require significant support for implementation and ongoing maintenance.
In order to meet the challenges posed by accelerated digital transformation plans during the pandemic, companies must simplify and automate the execution of risk and policy activities, rather than creating other complications such as too much data, with too much data. little context to sort.
OneTrust GRC is designed to support these types of challenges. As an integrated risk management platform, OneTrust GRC provides a comprehensive and measured view of an enterprise’s risk portfolio, provides clear insights to leaders, and speeds up the execution of routine tasks.
By focusing on a user-friendly experience, organizations use our flexible framework to align their business operations with standardized risk methodologies. By mapping risk management policies and workflows to controls, organizations can better comply with their own internal governance and external regulatory requirements.
What is the impact of the global regulatory landscape on businesses? How can GRC technology help solve evolving business problems?
Digital transformation and the increase in the number of security-conscious consumers are creating changes in the regulatory environment. As a result, companies must comply with a multitude of information security standards, frameworks and regulations. Additionally, identifying the overlap between risk management initiatives and controls can be time consuming for all stakeholders and get lost in different data management tools.
OneTrust GRC provides a centralized platform for organizations to maintain control over these regulatory changes while monitoring and managing governance, risk and compliance efforts. Technology highlights the risks the business needs to be aware of and offers controls to mitigate the risks where possible.
With OneTrust GRC, risk management professionals can gain a multidimensional view of risk across business areas while measuring compliance to identify regulatory gaps and compare performance over time.
Based on feedback from your clients, what are the main challenges that GRC executives consider in meeting the demands of regulators?
The main challenge that organizations face in meeting the demands of regulators is keeping business data up to date. Organizations of all sizes are working to reduce the time between distributing a risk assessment, receiving responses, understanding their knowledge of the risk, and making risk-based decisions. The information an organization receives from this work can lose value over time if the data is not kept up to date and checked for compliance.
By leveraging data classification methods and risk formulas, organizations can reduce latency, gain real-time risk insights, and standardize risks at scale. OneTrust GRC provides workflows to find, collect, document and categorize data in real time to gain meaningful risk insight and ensure compliance.
There is a growing range of GRC tools for organizations of all sizes. What are the main features of the OneTrust GRC platform? What sets it apart in the market?
OneTrust GRC is quickly becoming the de facto standard for GRC technology. Our integrated risk management platform adapts to organizations of all sizes and industries and offers a flexible approach to evolving risk and compliance.
The main features of OneTrust GRC include:
- IT and security management: Identify and respond to threats and collaborate between data, processes, assets, risks and owners of control, both internally and externally.
- Business and operational risk management: Integrate risk into your business to gain real-time insight into digital, business, and operational risks.
- Audit and control management: Streamline audit efforts along a guided workflow to meet reporting requirements.
- Supplier risk management: Centralize suppliers and work seamlessly across teams by automating the engagement lifecycle.
- Policy management: Map business practices to meet the standards of internal rules and external regulations.
- Assistance with business continuity: Create contingency plans to address potential risk factors.
What sets our GRC solution apart is that it is integrated with the entire OneTrust trust platform. Trust differentiates itself as a business outcome, not just an exercise in compliance. Companies must now mature beyond the tactical governance tools of the past and become a modern platform with centralized workflows that bring together all the elements of trust: privacy, data governance, ethics and compliance, GRC, risk third parties and ESG. OneTrust does exactly that.
You have received recognition from Gartner and Forrester. Why do customers choose OneTrust GRC?
As the largest and fastest growing software in the market, OneTrust enables 8,000 organizations to manage privacy, security and governance at scale, while enabling enterprises to comply with internal governance and external regulatory requirements.
Customers choose OneTrust GRC because of our flexible approach to risk management technology. OneTrust GRC deploys new product versions every 3 weeks. This agile publishing process incorporates customer requests, feedback, and the latest regulatory and industry updates. Releases are deployed on a strategic customer adoption and maturity timeline, and minor releases are released through feature switches to test new features.
We are able to do this through our hard-working, global regulatory research and research teams. The company has the largest dedicated R&D team in the industry, with 45% of the 1,500+ employees dedicated to product and customer success. As a result, OneTrust is able to be agile and update the platform to meet the needs of its customers almost instantly.
The platform is updated with the latest privacy laws and security updates thanks to over 40 full-time in-house privacy, security and third-party risk researchers and a network available worldwide 500 lawyers representing 300 jurisdictions.
As one of our clients, director of compliance, security and privacy at a leading healthcare technology organization, said, “Auditors are used to cumbersome GRC tools, so when ‘they see the OneTrust GRC platform, they are shocked at the flexibility and the ease. useful. Often our listeners suggest their customers buy OneTrust for this reason. “
The OneTrust GRC product line continues to expand to support other initiatives undertaken by privacy, third-party risk, information security, operational risk and audit professionals as they come together to tackle the operations around the RCMP. Weakly linked tools cannot support these different teams, which is why OneTrust built the complete GRC platform.