No more typing reviews! Try our Samantha, our new voice AI agent.

OneTrust GRC pros and cons

Vendor: OneTrust

4.1 out of 5

14 reviews
78% willing to recommend

Pros & Cons summary

OneTrust GRC enhances vendor management by enabling assessment and rating of vendors with updates and facilitates review of fourth and fifth parties. The platform supports automation of privacy impact assessments, aids in audit and incident management, and offers GDPR and ISO compliance templates. Although the Vendor Risk dashboard is basic and workflows require manual effort, improvements are expected. Integration and implementation challenges exist, and return on investment is not yet clear.

Buyer's Guide

Get pricing advice, tips, use cases and valuable features from real users of this product.

Prominent pros & cons

PROS

OneTrust GRC enables vendor assessments and scheduling for updates at specific intervals.

It provides the capability to review fourth and fifth parties extensively.

OneTrust GRC assists in automating privacy impact assessments and aids in managing audits and incidents efficiently.

It offers comprehensive policy management along with built-in templates for GDPR and ISO compliance.

OneTrust GRC supports IT and vendor risk management, crucial for compliance with data protection regulations globally.

CONS

Vendor Risk dashboard is basic and not interactive, with improvements expected in future releases.

Manual processes are required for workflow automation, and there are limitations to both automation and customized workflows.

Integration capability requires improvement, as linking various DSAR systems can be time-consuming.

Lacks presence of comprehensive professional services offered, such as free initial consultation hours annually.

Implementation challenges exist, particularly in scoping for individuals outside governance, risk, and compliance.

OneTrust GRC Pros review quotes

Governance Risk and Compliance Coordinator at HUB International

Oct 11, 2024

The privacy impact assessment automation tool and the incident management tool are very user-friendly.

Read full review

Brooke Lynne Bowman

Senior Compliance Manager at a healthcare company with 201-500 employees

Oct 23, 2024

The platform is especially useful in startup environments where we're typically starting from scratch.

Read full review

Director - Security & Compliance at Venzo

Apr 26, 2024

One of the most beneficial features of the product has been its cloud-based IT and vendor risk management tools, along with built-in templates for GDPR and ISO compliance.

Read full review

Free Report: OneTrust GRC Reviews and More

Learn what your peers think about OneTrust GRC. Get advice and tips from experienced pros sharing their opinions. Updated: April 2026.

893,221 professionals have used our research since 2012.

reviewer2055579

Cyber Security Consultant at a tech services company with 51-200 employees

May 31, 2024

The most valuable feature of the solution is that it already has visibility about all the data protection regulations or other cybersecurity regulations related to several countries

Read full review

Dave Anifowoshe

Information Security Officer at a financial services firm with 11-50 employees

Oct 24, 2024

The simplicity of OneTrust GRC, particularly its user interface, is valuable as it makes it easy to use and not complex.

Read full review

reviewer2394882

Compliance Analyst at a computer software company with 1,001-5,000 employees

Apr 25, 2024

We have data from Jira regarding addiction related to Europe as well as California. Additionally, we have data related to the Indian Data Protection Bill. Therefore, GDPR compliance is highly beneficial.

Read full review

reviewer2122608

Group Head of Risk at a retailer with 1,001-5,000 employees

Mar 27, 2023

As a solution for IT risks, it is a very good product.

Read full review

FC

Regional Security Officer at a comms service provider with 10,001+ employees

Sep 6, 2023

The product helps us streamline audit and incident management processes.

Read full review

reviewer2093358

Senior Enterprise Risk Manager at a retailer with 10,001+ employees

Feb 13, 2023

It does help in the automation of our privacy impact assessments.

Read full review

reviewer1589922

Manager, Information Security Risk at a university with 1,001-5,000 employees

May 28, 2021

One of the valuable features of this solution is it has the ability to review fourth and fifth parties to the nth degree.

Read full review

Show 3 more reviews (out of 13)

OneTrust GRC Cons review quotes

Governance Risk and Compliance Coordinator at HUB International

Oct 11, 2024

I wish there were more customization options, particularly within the privacy rights automation module.

Read full review

Brooke Lynne Bowman

Senior Compliance Manager at a healthcare company with 201-500 employees

Oct 23, 2024

The implementation of OneTrust could have been smoother, particularly in terms of scoping for those outside of governance, risk, and compliance.

Read full review

Director - Security & Compliance at Venzo

Apr 26, 2024

They could enhance the product's functionalities like audit management and ensure consistency across modules.

Read full review

Free Report: OneTrust GRC Reviews and More

Learn what your peers think about OneTrust GRC. Get advice and tips from experienced pros sharing their opinions. Updated: April 2026.

893,221 professionals have used our research since 2012.

reviewer2055579

Cyber Security Consultant at a tech services company with 51-200 employees

May 31, 2024

The platform was not built in a way that allowed multinational entities to use it seamlessly.

Read full review

Dave Anifowoshe

Information Security Officer at a financial services firm with 11-50 employees

Oct 24, 2024

There could be enhancements related to AI.

Read full review

reviewer2394882

Compliance Analyst at a computer software company with 1,001-5,000 employees

Apr 25, 2024

There are several areas for improvement. One is the integration capability. Connecting various DSAR systems can be time-consuming if a single integration takes months to complete.

Read full review

reviewer2122608

Group Head of Risk at a retailer with 1,001-5,000 employees

Mar 27, 2023

I haven't seen any return on investment using the solution. If I had the opportunity, I would use a different solution.

Read full review

FC

Regional Security Officer at a comms service provider with 10,001+ employees

Sep 6, 2023

The product is not that easy to set up.

Read full review

reviewer2093358

Senior Enterprise Risk Manager at a retailer with 10,001+ employees

Feb 13, 2023

There are limitations to customized workflow automation, and they need to increase both the available automation and the customized workflow.

Read full review

reviewer1589922

Manager, Information Security Risk at a university with 1,001-5,000 employees

May 28, 2021

They could improve by offering free help. A solution, a lot of times, is not just the use of the solution. For example, it is the overall engagement, how well do they support the system, what is their SLA, and how long their response time is to an issue. It would be beneficial if they had some type of professional services where they offer the first five hours of professional services a year for free. That would be a substantial benefit rather than having to buy professional services or professional services packages.

Read full review

Show 3 more reviews (out of 13)

Product Categories

Product Categories

IT Vendor Risk Management

Popular Comparisons

Popular Comparisons

RSA Archer vs OneTrust GRC

MEGA HOPEX vs OneTrust GRC

Axonius vs OneTrust GRC

Netwrix Auditor vs OneTrust GRC

Workiva Wdesk vs OneTrust GRC

Bitsight vs OneTrust GRC

Amazon Inspector vs OneTrust GRC

ACL Analytics vs OneTrust GRC

AuditBoard vs OneTrust GRC

SecurityScorecard vs OneTrust GRC

MetricStream vs OneTrust GRC

IBM OpenPages vs OneTrust GRC

Diligent One Platform (formerly Highbond) vs OneTrust GRC

Microsoft Purview Communication Compliance vs OneTrust GRC

ProcessUnity vs OneTrust GRC

See all alternatives

Product Categories

Product Categories

IT Vendor Risk Management

Popular Comparisons

Popular Comparisons

RSA Archer vs OneTrust GRC

MEGA HOPEX vs OneTrust GRC

Axonius vs OneTrust GRC

Netwrix Auditor vs OneTrust GRC

Workiva Wdesk vs OneTrust GRC

Bitsight vs OneTrust GRC

Amazon Inspector vs OneTrust GRC

ACL Analytics vs OneTrust GRC

AuditBoard vs OneTrust GRC

SecurityScorecard vs OneTrust GRC

MetricStream vs OneTrust GRC

IBM OpenPages vs OneTrust GRC

Diligent One Platform (formerly Highbond) vs OneTrust GRC

Microsoft Purview Communication Compliance vs OneTrust GRC

ProcessUnity vs OneTrust GRC

See all alternatives

Related questions

243

What are the Top 5 cybersecurity trends in 2022?

100

Which is the best legacy IDM solution for SAP GRC?

67

When evaluating GRC, what aspect do you think is the most important to look for?

78

What privacy concerns should be taken into account when implementing an RPA solution?

119

What is your recommended automated audit software for internal and external audit?

137

What is the difference between SOC 1, SOC 2, and SOC 3 compliance?

61

What aspect does Symantec Control Compliance Solution cover in IT Governance, Risk and Compliance?

81

What is the best solution for comprehensive Risk Management in financial services?

85

What is Security Posture and what categories of Security Posture Management do exist?

60

How many ISO norms do we have in the entire ISO27k security family standards?