Try our new research platform with insights from 80,000+ expert users

OneTrust GRC pros and cons

Vendor: OneTrust

4.1 out of 5

14 reviews
78% willing to recommend

Pros & Cons summary

OneTrust GRC enhances vendor management by enabling assessment and rating of vendors with updates and facilitates review of fourth and fifth parties. The platform supports automation of privacy impact assessments, aids in audit and incident management, and offers GDPR and ISO compliance templates. Although the Vendor Risk dashboard is basic and workflows require manual effort, improvements are expected. Integration and implementation challenges exist, and return on investment is not yet clear.

Buyer's Guide

Get pricing advice, tips, use cases and valuable features from real users of this product.

Prominent pros & cons

PROS

OneTrust GRC enables vendor assessments and scheduling for updates at specific intervals.

It provides the capability to review fourth and fifth parties extensively.

OneTrust GRC assists in automating privacy impact assessments and aids in managing audits and incidents efficiently.

It offers comprehensive policy management along with built-in templates for GDPR and ISO compliance.

OneTrust GRC supports IT and vendor risk management, crucial for compliance with data protection regulations globally.

CONS

Vendor Risk dashboard is basic and not interactive, with improvements expected in future releases.

Manual processes are required for workflow automation, and there are limitations to both automation and customized workflows.

Integration capability requires improvement, as linking various DSAR systems can be time-consuming.

Lacks presence of comprehensive professional services offered, such as free initial consultation hours annually.

Implementation challenges exist, particularly in scoping for individuals outside governance, risk, and compliance.

OneTrust GRC Pros review quotes

RW

Privacy Manager at Broadcom

Nov 21, 2019

Vendors can be assessed and rated out of the tool, and assessments can be scheduled for updates at certain intervals.

Read full review

reviewer1589922

Manager, Information Security Risk at a university with 1,001-5,000 employees

May 28, 2021

One of the valuable features of this solution is it has the ability to review fourth and fifth parties to the nth degree.

Read full review

reviewer1945110

Governance, Risk Management & Compliance, Director IT at a tech services company with 1,001-5,000 employees

Aug 22, 2022

OneTrust GRC is stable.

Read full review

Free Report: OneTrust GRC Reviews and More

Learn what your peers think about OneTrust GRC. Get advice and tips from experienced pros sharing their opinions. Updated: January 2026.

881,082 professionals have used our research since 2012.

reviewer2093358

Senior Enterprise Risk Manager at a retailer with 10,001+ employees

Feb 13, 2023

It does help in the automation of our privacy impact assessments.

Read full review

reviewer2122608

Group Head of Risk at a retailer with 1,001-5,000 employees

Mar 27, 2023

As a solution for IT risks, it is a very good product.

Read full review

FC

Regional Security Officer at a comms service provider with 10,001+ employees

Sep 6, 2023

The product helps us streamline audit and incident management processes.

Read full review

AE

André Eder Tavares Lopes

Consultor GRC/IRM at ISH Tecnologia

Apr 12, 2024

We receive notifications or cases and prioritize them accordingly, which helps us address issues promptly.

Read full review

reviewer2394882

Compliance Analyst at a computer software company with 1,001-5,000 employees

Apr 25, 2024

We have data from Jira regarding addiction related to Europe as well as California. Additionally, we have data related to the Indian Data Protection Bill. Therefore, GDPR compliance is highly beneficial.

Read full review

Director - Security & Compliance at Venzo

Apr 26, 2024

One of the most beneficial features of the product has been its cloud-based IT and vendor risk management tools, along with built-in templates for GDPR and ISO compliance.

Read full review

reviewer2055579

Cyber Security Consultant at a tech services company with 51-200 employees

May 31, 2024

The most valuable feature of the solution is that it already has visibility about all the data protection regulations or other cybersecurity regulations related to several countries

Read full review

Show 3 more reviews (out of 13)

OneTrust GRC Cons review quotes

RW

Privacy Manager at Broadcom

Nov 21, 2019

The Vendor Risk dashboard is quite basic today and not interactive, but improvements are in coming the next releases.

Read full review

reviewer1589922

Manager, Information Security Risk at a university with 1,001-5,000 employees

May 28, 2021

They could improve by offering free help. A solution, a lot of times, is not just the use of the solution. For example, it is the overall engagement, how well do they support the system, what is their SLA, and how long their response time is to an issue. It would be beneficial if they had some type of professional services where they offer the first five hours of professional services a year for free. That would be a substantial benefit rather than having to buy professional services or professional services packages.

Read full review

reviewer1945110

Governance, Risk Management & Compliance, Director IT at a tech services company with 1,001-5,000 employees

Aug 22, 2022

OneTrust GRC's workflows aren't automated and need to be manually driven.

Read full review

Free Report: OneTrust GRC Reviews and More

Learn what your peers think about OneTrust GRC. Get advice and tips from experienced pros sharing their opinions. Updated: January 2026.

881,082 professionals have used our research since 2012.

reviewer2093358

Senior Enterprise Risk Manager at a retailer with 10,001+ employees

Feb 13, 2023

There are limitations to customized workflow automation, and they need to increase both the available automation and the customized workflow.

Read full review

reviewer2122608

Group Head of Risk at a retailer with 1,001-5,000 employees

Mar 27, 2023

I haven't seen any return on investment using the solution. If I had the opportunity, I would use a different solution.

Read full review

FC

Regional Security Officer at a comms service provider with 10,001+ employees

Sep 6, 2023

The product is not that easy to set up.

Read full review

AE

André Eder Tavares Lopes

Consultor GRC/IRM at ISH Tecnologia

Apr 12, 2024

We encounter difficulties creating multiple platforms or interfaces and manual processes for changing certain settings.

Read full review

reviewer2394882

Compliance Analyst at a computer software company with 1,001-5,000 employees

Apr 25, 2024

There are several areas for improvement. One is the integration capability. Connecting various DSAR systems can be time-consuming if a single integration takes months to complete.

Read full review

Director - Security & Compliance at Venzo

Apr 26, 2024

They could enhance the product's functionalities like audit management and ensure consistency across modules.

Read full review

reviewer2055579

Cyber Security Consultant at a tech services company with 51-200 employees

May 31, 2024

The platform was not built in a way that allowed multinational entities to use it seamlessly.

Read full review

Show 3 more reviews (out of 13)

Product Categories

Product Categories

IT Vendor Risk Management

Popular Comparisons

Popular Comparisons

MEGA HOPEX vs OneTrust GRC

RSA Archer vs OneTrust GRC

Bitsight vs OneTrust GRC

Workiva Wdesk vs OneTrust GRC

SecurityScorecard vs OneTrust GRC

AuditBoard vs OneTrust GRC

IBM OpenPages vs OneTrust GRC

MetricStream vs OneTrust GRC

ProcessUnity vs OneTrust GRC

Diligent One Platform (formerly Highbond) vs OneTrust GRC

NAVEX One vs OneTrust GRC

SAP BusinessObjects GRC vs OneTrust GRC

RiskRecon vs OneTrust GRC

NAVEX Global vs OneTrust GRC

ServiceNow Vendor Risk Management vs OneTrust GRC

See all alternatives

Product Categories

Product Categories

IT Vendor Risk Management

Popular Comparisons

Popular Comparisons

MEGA HOPEX vs OneTrust GRC

RSA Archer vs OneTrust GRC

Bitsight vs OneTrust GRC

Workiva Wdesk vs OneTrust GRC

SecurityScorecard vs OneTrust GRC

AuditBoard vs OneTrust GRC

IBM OpenPages vs OneTrust GRC

MetricStream vs OneTrust GRC

ProcessUnity vs OneTrust GRC

Diligent One Platform (formerly Highbond) vs OneTrust GRC

NAVEX One vs OneTrust GRC

SAP BusinessObjects GRC vs OneTrust GRC

RiskRecon vs OneTrust GRC

NAVEX Global vs OneTrust GRC

ServiceNow Vendor Risk Management vs OneTrust GRC

See all alternatives

Related questions

101

What are the Top 5 cybersecurity trends in 2022?

33

Which is the best legacy IDM solution for SAP GRC?

18

When evaluating GRC, what aspect do you think is the most important to look for?

14

What privacy concerns should be taken into account when implementing an RPA solution?

49

What is your recommended automated audit software for internal and external audit?

17

What aspect does Symantec Control Compliance Solution cover in IT Governance, Risk and Compliance?

17

What is the best solution for comprehensive Risk Management in financial services?

74

What is the difference between SOC 1, SOC 2, and SOC 3 compliance?

16

What is Security Posture and what categories of Security Posture Management do exist?

13

How many ISO norms do we have in the entire ISO27k security family standards?