How OneTrust helps with information security

How OneTrust helps with information security

As adequate security becomes a legal mandate, there is a greater understanding that privacy is not truly attainable without security.


ISO 27001 requires a substantial amount of documentation to be created, reviewed, updated and properly controlled over the life of the ISMS. This documentation is vital to the effectiveness and continuous improvement of the ISMS, as well as to achieving and maintaining certification. OneTrust’s document repository can be used to store and organize ISMS documentation in a central location for access by the ISMS team and other need-to-know personnel.

Security awareness training, testing and attestation

OneTrust privacy and security training templates, such as the Privacy and Security Training Quiz and Attestation template, can be used to assist with testing the effectiveness of awareness training, as well as to record employee attestations to acceptable use policies or employee responsibility documents.

Risk assessment and treatment

OneTrust can be used to identify threats and vulnerabilities for information assets, or vendors, as well as to calculate risks, and to craft and track risk treatment plans.

Statement of applicability

Clause 6.1.3 of ISO 27001 calls for the creation of a “statement of applicability” that documents the ISO 27001 Annex A controls that have been deemed applicable to the ISMS, based on a risk assessment, along with justifications for including and excluding certain controls. When combined with risk assessment capabilities in OneTrust, the ISO 27001 Statement of Applicability template can be used to create this documentation with ease.

Internal audits

Use the ISO 27001 Audit Checklist template, a fully customisable questionnaire in OneTrust based on ISO 27001 to assist in conducting internal or external audits of the ISMS, to evaluate the maturity and overall effectiveness of the ISMS, and to track corrective action plans. After completing an audit, OneTrust allows you to easily generate an audit report showing an overview of your answers, comments and evidence attachments. OneTrust is also great for documenting and demonstrating the continual improvement of an ISMS. With assessment versioning and reporting features, you can easily see how your programme has grown year over year.

Asset and vendor inventory

With OneTrust, you can create and maintain inventories of your organisation’s assets and vendors, the risks associated with each, and their owners within the organisation. Additionally, OneTrust automatically generates visualisations and data-flow diagrams as tools for easier analysis and executive communication.

Incidents and breaches

With OneTrust, you can enable self-service reporting of security incidents and weaknesses, maintain incident and breach records, evaluate against breach notification obligations, and analyse overall risk with connections to your underlying inventories of data, processing activities, assets and vendors. OneTrust can be used to put incident management policies and procedures into action.

Download our whitepaper, How OneTrust Helps: Information Security to learn more.

OneTrust legal team

With the EU General Data Protection Regulation (GDPR) now in force, and other new privacy laws on its heels, the concept of “adequate security” is becoming a legal mandate on a global level, and it is now commonly understood that privacy cannot truly be attained without security. This overlap between privacy and security calls for new ways for these two teams to collaborate, communicate more effectively and use common tools. OneTrust helps with the establishment, maintenance and continual improvement of an information security management system (ISMS), as well as the planning and implementation of industry standards such as ISO 27001, AICPA TSC (SOC 2), CSA STAR, NIST CSF and more. Here is an outline demonstrating how OneTrust helps with information security, relating specifically to ISO 27001.


Copyright Lyonsdown Limited 2021

Top Articles

teissTalk: Cyber Policy & Supply Chain Resilience

On 15 April, teissTalk host Geoff White was joined by a panel of four cyber security experts to discuss keeping supply chains cyber secure and resilient.

teissTalk: Malicious or Non-Malicious? Tackling the Remote Insider Threat

On 13 April, teissTalk host Jenny Radcliffe was joined by a panel of four cybersecurity professionals to discuss insider threats, especially the threat posed by remote workers.

Meet the teissTalk Hosts - The state of cyber crime in 2021

Social engineer Jenny Radcliffe and investigative journalist Geoff White, the joint hosts of teissTalk, introduce themselves

Related Articles