Frequently Asked Questions

  • As a third-party vendor, why should I join the exchange?

    Joining the exchange helps create a better experience for your team and the customers assessing you. By storing your assessment within the exchange, your team doesn’t need to answer every assessment from scratch. Your answers are already populated, just review, make updates if necessary, and send to the inquiring enterprise. For your customers, they benefit by receiving your completed assessments faster, helping your sales team close deals faster while making your customers more comfortable in your ability to meet their security and privacy needs.

  • Can I use the exchange to request pre-completed assessments if I am not a OneTrust customer?

    No, only OneTrust customers with a Vendor Risk Management license can request and receive pre-completed risk assessments through Vendorpedia. If you are not currently a OneTrust customer, request a demo today.

  • Does Vendorpedia support both privacy and security for my industry or region?

    Yes, Vendorpedia is a cross-industry and global exchange that addresses both security and privacy. The 6,000+ third-party vendor security and privacy profiles with the exchange store pertinent research that is widely relevant. Pre-completed assessments map to nearly every framework and standard and support global security and privacy compliance around the world. The OneTrust software itself is used by companies in every industry and enterprises operating in 50+ countries around the world.

  • How are assessment answers validated?

    There are three tiers of validation to help increase confidence in third-party assessment answers.

    Level 1: Self Attestation – Third-party vendors complete assessments and answers are attested only by the third-party vendor themselves. This is most frequently relied on when assessing low-risk third parties. With level 1, OneTrust will “chase” third-party vendors on your behalf to get assessments completed in less time.

    Level 2: Automated Validation – A OneTrust risk identification algorithm identifies inconsistencies and confirms that assessments are fully completed. This is most frequently relied on when assessing medium- to high-risk third parties. With level 2, OneTrust will both “chase” third parties on your behalf as well as validate the data.

    Level 3: Remote or Onsite Audit – One of our world-class vendor auditing partners will audit your third-party vendor. Order remote or onsite audits for your most high-risk vendors directly through the exchange.

  • How do I get started?

    For OneTrust customers that currently license the Vendor Risk Management solution, getting started is easy. Vendorpedia is included with your Vendor Risk Management license.

    OneTrust customers not currently using the Vendor Risk Management solution and are interested in learning more about Vendorpedia and the Vendor Risk Management solution can contact your OneTrust representative.

    If you are not currently a OneTrust customer, request a demo today.

    For third-party vendors interested in adding your pre-completed assessment into the exchange, please request a demo.

  • How do I view my company's security and privacy profile in Vendorpedia?

    Request your organization’s Security & Privacy profile.

  • How does Vendorpedia handle new regulations and evolving standards?

    The OneTrust security, privacy, and legal team is constantly researching the regulatory environment, taking a proactive approach to anticipate changes before they come into effect. Beyond this, OneTrust relies on a steering committee consisting on the world’s leading privacy and security experts to help direct the Vendorpedia approach.

  • How is the Vendorpedia exchange approach different than others?

    Other third-party exchanges, as well as many standards and frameworks, focus primarily on security.

    Vendorpedia combines both security and privacy to create a centralized tool that benefits both ends of the spectrum. Pre-completed assessments from third-party vendors map to NIST, SIG, CSA CAIQ, ISO, FedRAMP, GDPR, CCPA, NYDFS Cybersecurity Regulation, and more.

    Additionally, Vendorpedia is included as a core component of the OneTrust Vendor Risk Management solution and integrates deeply with the entire platform. By linking vendors to assets and processing activities with OneTrust Data Inventory and Mapping technology, your enterprise can gain a holistic view of all your third-party vendors.

    Other exchanges charge by the assessment or by the vendor. OneTrust does not. And most others focus on third-party vendors that only operate in the United States. OneTrust takes a global approach. Our multi-national scale (OneTrust customers operate in 75+ countries) as well as our global privacy and security expertise, gives Vendorpedia the depth, scale, and scope to meet your needs.

    Lastly, Vendorpedia does not lock you into a single assessment. You can bring your own assessment, use ours, or take a hybrid approach and combine our assessment with your custom questions.

  • If I share my assessment in the exchange, will anyone be able to see my data?

    No, your assessment will only be shared with specific enterprises based on your team’s approval. Pre-completed assessments within the exchange are stored in an encrypted database.

  • What if the third-party vendor assessment I request is not in the exchange?

    The OneTrust team will work directly with the third-party vendor, on your behalf, to get the assessment completed and added to the exchange as quickly as possible.