Cloud 101CircleEventsBlog
The CCSK v5 and Security Guidance v5 are now available!

CSA Official Press Release

Published 12/04/2018

​Cloud Security Alliance and OneTrust Launch Free Vendor Risk Management Tool for CSA Members

​Cloud Security Alliance and OneTrust Launch Free Vendor Risk Management Tool for CSA Members

Automate the Vendor Risk Management Lifecycle for Compliance with Global Privacy Laws

DECEMBER 4, 2018 – SEATTLE – Today the Cloud Security Alliance (CSA) and OneTrust launched a free Vendor Risk Management (VRM) tool to automate the vendor risk lifecycle for compliance with the GDPR, CCPA and other global privacy and security frameworks. The CSA selected OneTrust, the largest and most widely used dedicated privacy management technology platform, to power vendor risk assessment and compliance automation for its more than 90,000 members. CSA members can access the tool today and automate vendor risk management at no cost.

Get started today with the CSA-OneTrust VRM tool

The CSA-OneTrust VRM tool is pre-populated with templates reproducing the CSA's best practices for cloud security and privacy assurance and compliance, including the Cloud Control Matrix (CCM), the Consensus Assessment Initiative Questionnaire (CAIQ) and GDPR Code of Conduct. Privacy and security tea­­ms can also build upon existing templates or create custom vendor assessments based on their business-specific needs.

The CSA-OneTrust VRM tool automates the entire vendor management lifecycle, including onboarding and offboarding vendors, triaging vendors, populating vendor information and monitoring the vendor risk lifecycle, all while maintaining records for accountability and compliance purposes. The tool is powered by Vendorpedia™ by OneTrust, a database of privacy and security details of more than 4,000 vendors that automatically populates vendor assessments based on the most up-to-date vendor information.

“In today’s world of rapidly changing regulatory and security requirements, we needed to provide our members a comprehensive and continuously updated solution to manage the complete vendor risk lifecycle,” said Jim Reavis, CEO, Cloud Security Alliance. “CSA members span industry, size, region and jurisdiction, and OneTrust’s broad appeal, simplified model and international focus has the ability to scale for the diverse needs of our members. We’re proud to offer their technology to our members free of cost so they can focus less on the time-consuming process of manually managing vendor relationships and instead focus on strategic imperatives within their teams.”

“With the GDPR and CCPA putting the responsibility of personal data management on the shoulders of both data controllers and their vendors, it’s crucial that businesses of all sizes can manage their vendors in an automated and centralised platform that’s based on the most up-to-date vendor information,” said Kabir Barday, OneTrust CEO and Fellow of Information Privacy (FIP). “We want to give privacy and security professionals the power to automate and simplify what can be an overwhelming task of managing and monitoring vendor risk. We’re honoured to be the solution of choice for the CSA community and to deliver a free solution for organizations using the CSA CCM, CAIQ and GDPR CoC frameworks.”


About Cloud Security Alliance

The Cloud Security Alliance (CSA) is the world’s leading organization dedicated to defining and raising awareness of best practices to help ensure a secure cloud computing environment. CSA harnesses the subject matter expertise of industry practitioners, associations, governments, and its corporate and individual members to offer cloud security- specific research, education, certification, events and products. CSA’s activities, knowledge and extensive network benefit the entire community impacted by cloud — from providers and customers, to governments, entrepreneurs and the assurance industry — and provide a forum through which diverse parties can work together to create and maintain a trusted cloud ecosystem.

About OneTrust

OneTrust is the largest and most widely used dedicated privacy management technology platform for compliance with global privacy laws. More than 1,700 customers, including 200 of the Global 2,000, use OneTrust to comply with global data privacy regulations across sectors and jurisdictions, including the EU GDPR, ePrivacy (Cookie Law), California Consumer Privacy Act (CCPA) and more. An additional 10,000 companies use OneTrust’s technology through partnerships with organisations such as the International Association of Privacy Professionals (IAPP), the world’s largest global information privacy community.

The comprehensive platform is based on a combination of intelligent scanning, regulator guidance-based questionnaires, automated workflows and developer plugins used together to automatically generate the record keeping required for an organisation to demonstrate compliance to regulators and auditors. The platform is enriched with content from hundreds of templates based on the world-class privacy research conducted by our 300+ in-house certified privacy professionals.

The software, available in 50+ languages, is backed by 27 awarded patents and can be deployed in either on the cloud or on-premise.

OneTrust helps organisations implement global privacy requirements, including Data Protection by Design and Default (PbD), Data Protection Impact Assessments (PIA/DPIA), Vendor Risk Management, Incident and Breach Management, Records of Processing (Data Mapping), Consent Management, Cookie Consent, Data Subject Rights, as well as demonstrating accountability and compliance.

PrivacyConnect, OneTrust’s user community, hosts free workshops in 85 international cities, and is attended by thousands of privacy professionals to share best practices.

PrivacyTECH, OneTrust's global user conference, occurs annually in London. OneTrust PrivacyTECH brings together privacy professionals to breakdown the latest technology innovations driving global privacy compliance.

OneTrust is co-headquartered in Atlanta, GA and in London, UK, with additional offices in Bangalore, Melbourne, Munich and Hong Kong. The fast-growing team of privacy and technology experts surpasses 500 employees worldwide. To learn more, visit

Media Contact:

Gabrielle Ferree
OneTrust Public Relations
+1 770-294-4668
[email protected]

Share this content on your favorite social network today!

About Cloud Security Alliance

The Cloud Security Alliance is a not-for-profit organization with a mission to promote the use of best practices for providing security assurance within Cloud Computing, and to provide education on the uses of Cloud Computing to help secure all other forms of computing. The Cloud Security Alliance is led by a broad coalition of industry practitioners, corporations, associations and other key stakeholders. For further information, follow us on Twitter @cloudsa.

For press inquiries, email Zenobia Godschalk of ZAG Communications or reach her by phone at 650.269.8315.