Cyber Tool Stack
All tools

OneTrust

By OneTrust

A broad privacy, security, and GRC suite that grew out of consent-management and data-mapping tools, now selling dedicated compliance automation and third-party risk modules alongside its original privacy products under one platform. Divested its separately branded Convercent ethics and whistleblowing business to EQS Group in December 2024 but continues to actively develop the rest of the suite.

Verified Source: 1

Product type
Software
Deployment
SaaS
Organization size
Mid-marketEnterprise
Pricing tier
$$$

Capability checklist

GRC

How OneTrust measures up against the full GRC & Compliance Automation taxonomy.

Control & framework mapping — supported
Maps internal controls to frameworks like SOC 2, ISO 27001, and NIST.
Continuous control monitoring — not supported
Automatically checks that controls remain in place between formal audits.
Risk register & assessments — supported
Tracks identified risks, owners, and treatment plans in one place.
Audit evidence collection — not supported
Automatically gathers and organizes proof of control operation for auditors.
Policy management — supported
Manages the lifecycle of security policies, from drafting to employee attestation.
Vendor & third-party risk tracking — supported
Assesses and monitors the security posture of vendors and partners.

Alternatives

Other GRC & Compliance Automation tools with overlapping capabilities, sized for similar teams.

Appears in stacks

Real-world stacks that include OneTrust.

Search Cyber Tool Stack

Jump to any tool, vendor, category, or glossary term.