OneTrust has announced new capabilities aimed at enhancing resilience within the financial sector and facilitating compliance with the European Union’s Digital Operational Resilience Act (DORA).
The platform, which aids organisations in the responsible use of data and artificial intelligence, is expanding its comprehensive Third-Party Management solution to include first-to-market features. These include automated creation of DORA “register of information” reports and comprehensive screening and compliance data.
OneTrust third-party management director Shiven Patel said: “An organisation’s supply chain can be one of its biggest assets for efficiency and innovation, as well as its most significant obstacle to cyber resiliency. Amid growing global mandates for cyber resiliency like DORA, teams need a deep understanding of their extended enterprise and tools for managing risk at scale.
“By expanding on our robust Third-Party Management capabilities with game-changing, new capabilities, teams can gain much-needed visibility, automate risk and compliance management, and strengthen resilience.”
To support organisations in managing information and communication technology (ICT) and enhancing digital supply chain resilience, OneTrust is introducing several capabilities.
These include automated identification and assessment of fourth and nth parties to monitor concentration risk, as well as a streamlined process for generating a complete “register of information” related to contractual arrangements with ICT Third-Party Service Providers (ICT TPPs).
Additionally, OneTrust will provide enhanced risk and compliance data feeds to assist organisations in meeting due diligence requirements, utilising datasets from sources such as Dow Jones Risk & Compliance and Security Scorecard.
The Third-Party Management solution currently empowers organisations to centralise the end-to-end risk management lifecycle. It facilitates a data-centric and risk-based approach to identifying and mitigating risks while enabling continuous monitoring of changes to risk posture.
With OneTrust’s cross-domain insights, organisations can better align internal teams and guide risk-aware decision-making, ultimately contributing to a more secure and scalable third-party ecosystem.
As DORA is set to take effect in January 2025, Third-Party Management assists organisations in fulfilling the Act’s requirements related to pre-contract ICT assessment, inventory, linkage and reporting on the ICT supply chain, ICT risk treatment, and ICT lifecycle management.
Moreover, Third-Party Management integrates effectively with various solutions across the OneTrust Platform, including the newly launched Compliance Automation. Together, these tools aim to operationalise an actionable breakdown of DORA regulatory requirements into measurable capabilities, helping organisations build a fully compliant ICT risk management programme.