Prioritize your vendor inventory with out-of-the-box inherent risk insights, calculated with proprietary methodology, to understand the risk your vendors pose.


See Trust Profiles on all Exchange vendors, which include detailed security, privacy, and compliance information, as well as built-in cyber risk scores.


Access automatically calculated risk analytics and control gap reports on all your vendors, as well as mitigation recommendations provided by in-house researchers.


Maintain records for compliance to demonstrate thorough due diligence and evidence of assessments in the event of an audit.

Exchange Icon data transfers


Get updates when a vendor’s security, privacy, and compliance posture changes, without ever having to conduct a reassessment.

Pinpoint Your High Risk Vendors with Auto Inherent Risk Scores

  • Tier your vendors with quick-view auto inherent risk scores
  • Prioritize risk evaluation efforts on your riskiest vendors
  • Save time by conducting the right depth of due diligence

Get Immediate Insights with Access to Thousands of Vendor Trust Profiles

  • Access Vendor Trust Profiles with in-depth compliance details
  • Know vendors’ security posture with built-in cyber risk scores
  • Use Exchange vendor research to build your vendor inventory

Are You A Vendor? Create Your Trust Profile
By joining the Exchange as a vendor, your company can automatically respond to security questionnaires and proactively share your security, privacy, and compliance details to your customers and promote your program to thousands of OneTrust users.

Save Time on Assessment Reviews with Automated Risk & Control Gap Analysis

  • Measure your vendors’ risk across 18 critical risk domains
  • See control gaps for your preferred framework (NIST, ISO, etc.)
  • Review risk analytics with without tedious assessment reviews

Understand the State of Your Third-Party Risk Program with Powerful Reporting

  • Use dashboards & drill-down reports to track risk exposure
  • Automate recordkeeping to maintain evidence of compliance
  • Generate executive-ready PDFs to provide board-level clarity

Monitor Vendor Risks, Compliance, and Controls Over Time

  • Receive updates when new vendor risks or compliance concerns arise
  • Get proactive alerts from vendors when they update their security programs
  • Automate actions when changes occur using the workflow automation engine

Support for 50+ Global Standards, Frameworks, and Laws

The Exchange uses the Shared Assessments SIG to generate risk analytics and control gaps across 50+ standards, frameworks, and laws, such as ISO 27001 and 27002, NIST 800-53r5, GDPR, EBA, PCI DSS, CSA, FFIEC, HIPAA, and many more.

Onetrust All Rights Reserved