The World's Only Security and Privacy Third-Party Risk Exchange​


Instantly access 6,000+ global vendor security & privacy profiles and retrieve unlimited pre-completed risk assessments​

The Next Evolution of Third-Party Risk Management


Vendorpedia Third-Party Risk Exchange by OneTrust​

With Vendorpedia™ security and privacy professionals can research third parties faster, complete risk assessments quicker, and monitor threats over time. The exchange houses detailed Security & Privacy Profiles on more than 6,000 global vendors. Enterprises can assess thousands of third parties through the exchange with rapid retrieval of pre-completed assessments. For third-party vendors, the exchange reinvents the assessment response process by enabling respondents to store answers within the exchange. ​

Vendorpedia maps to NIST, SIG, CSA CAIQ, ISO, FedRAMP, and others; all while supporting compliance for hundreds of global regulations such as the GDPR, CCPA, NYDFS Cybersecurity Regulation, and more.

An Unprecedented Repository
of Third-Party Vendor Research​


The Vendorpedia Third-Party Risk Exchange is more than a way to share and request pre-completed questionnaires. Within Vendorpedia are security and privacy profiles on more than 6,000 global vendors. This research, which is time consuming to collect for enterprises, is readily available and continually updated within the exchange. The profiles contain aggregated data from proprietary sources, including details such as active security and privacy certifications, security and trust registrations, and more.​

Retrieve Pre-Completed Risk Assessments with Ease​​


The security, privacy, and legal teams at OneTrust have collaborated with industry veterans to develop an assessment that maps to widely-used standards and frameworks across industries (NIST, SIG, CSA CAIQ, ISO, FedRAMP, and more) and supports compliance with global security and privacy laws, such as the GDPR, CCPA, NYDFS Cybersecurity Regulation, and others.​ The assessment will even enable mapping to your custom questionnaires.

And Many More!

Vendorpedia Managed Services​


Risk for third-party vendors varies depending on business context. For all three assessment levels, OneTrust or one of our world-class auditing partners will work directly with the third party, offloading the work so your enterprise can focus on other priorities.

Level 1

Self Attestation

For Low-Risk Vendors​

Concise Assessment

Third-party vendors self attest to the validity of their assessment answers

Level 2

Automated Validation

For Medium to High-Risk Vendors​​

Robust Assessment​

OneTrust reviews answers via a risk identification algorithm to identify inconsistencies

Level 3

Remote or Onsite Audit

For High-Risk Vendors​​

Extensive Assessment

Independent and world-class OneTrust partners perform remote or onsite vendor auditing​

Vendorpedia FAQs


Yes, Vendorpedia is a cross-industry and global exchange that addresses both security and privacy. The 6,000+ third-party vendor security and privacy profiles with the exchange store pertinent research that is widely relevant. Pre-completed assessments map to nearly every framework and standard and support global security and privacy compliance around the world. The OneTrust software itself is used by companies in every industry and enterprises operating in 50+ countries around the world.

For OneTrust customers that currently license the Vendor Risk Management solution, getting started is easy. Vendorpedia is included with your Vendor Risk Management license.

OneTrust customers not currently using the Vendor Risk Management solution and are interested in learning more about Vendorpedia and the Vendor Risk Management solution can contact your OneTrust representative.

If you are not currently a OneTrust customer, request a demo today.

For third-party vendors interested in adding your pre-completed assessment into the exchange, please request a demo.

The OneTrust security, privacy, and legal team is constantly researching the regulatory environment, taking a proactive approach to anticipate changes before they come into effect. Beyond this, OneTrust relies on a steering committee consisting on the world’s leading privacy and security experts to help direct the Vendorpedia approach.

Other third-party exchanges, as well as many standards and frameworks, focus primarily on security.

Vendorpedia combines both security and privacy to create a centralized tool that benefits both ends of the spectrum. Pre-completed assessments from third-party vendors map to NIST, SIG, CSA CAIQ, ISO, FedRAMP, GDPR, CCPA, NYDFS Cybersecurity Regulation, and more.

Additionally, Vendorpedia is included as a core component of the OneTrust Vendor Risk Management solution and integrates deeply with the entire platform. By linking vendors to assets and processing activities with OneTrust Data Inventory and Mapping technology, your enterprise can gain a holistic view of all your third-party vendors.

Other exchanges charge by the assessment or by the vendor. OneTrust does not. And most others focus on third-party vendors that only operate in the United States. OneTrust takes a global approach. Our multi-national scale (OneTrust customers operate in 75+ countries) as well as our global privacy and security expertise, gives Vendorpedia the depth, scale, and scope to meet your needs.

Lastly, Vendorpedia does not lock you into a single assessment. You can bring your own assessment, use ours, or take a hybrid approach and combine our assessment with your custom questions.