OneTrust automates DORA ICT risk management and compliance

Oct. 1, 2024
The new third-party management capabilities help organizations enhance resilience across the financial sector and operationalize DORA compliance.

OneTrust today announced new capabilities to help organizations enhance resilience across the financial sector and operationalize compliance with the EU’s Digital Operational Resilience Act (DORA). Building upon its comprehensive OneTrust Third-Party Management solution, OneTrust will now offer capabilities such as automated DORA “register of information” report creation and out-of-the-box depth of screening and compliance data.

“An organization’s supply chain can be one of its biggest assets for efficiency and innovation, as well as its most significant obstacle to cyber resiliency. Amid growing global mandates for cyber resiliency like DORA, teams need a deep understanding of their extended enterprise and tools for managing risk at scale. By expanding on our robust Third-Party Management capabilities with game-changing, new capabilities, teams can gain much-needed visibility, automate risk and compliance management, and strengthen resilience," said Shiven Patel, Director of Third-Party Management at OneTrust.

To further help organizations efficiently manage information and communication technology (ICT) and digital supply chain resilience and operationalize DORA compliance, OneTrust is delivering several new capabilities:    

  • 4th- and nth-party risk management: Now, teams can automatically identify, link, and assess fourth and even nth parties to efficiently monitor concentration risk and demonstrate proportionality.   
  • Two-click register of information reporting: Quickly generate a complete “register of information” in relation to all contractual arrangements on the use of ICT services provided by ICT Third-Party Service Providers (ICT TPPs) and ICT service supply chains.  
  • Enhanced risk and compliance data feeds: Meet due diligence requirements and screen ICT service providers against out-of-the-box risk and compliance datasets from Dow Jones Risk & Compliance, HackNotice, ISS-Corporate, RapidRatings, RiskRecon, Security Scorecard, and Supply Wisdom.

Today, Third-Party Management empowers organizations to centralize the end-to-end risk management lifecycle. For ICT and supply chain risks and more, the solution allows teams to implement a data-centric and risk-based approach to identifying and mitigating risk, while continuously monitoring for changes to risk posture. OneTrust’s cross-domain insights allows organizations to align internal teams and guide risk-aware decision-making to create a more resilient, secure, and scalable third-party ecosystem. Ahead of DORA taking effect in January 2025, Third-Party Management helps organizations meet the Act's third-party ICT requirements pertaining to: 

  • Pre-Contract ICT Assessment  
  • Inventory, Link, and Report on the ICT supply chain   
  • ICT Risk Treatment  
  • ICT Lifecycle Management 

Third-Party Management also integrates seamlessly with different solutions across the OneTrust Platform, including the newly introduced Compliance Automation. Compliance Automation and Third-Party Management work together to operationalize an actionable breakdown of the DORA regulatory requirements into measurable capabilities and build a fully compliant ICT risk management program.