OneTrust AI Governance

It allows great cooperation between teams.

In capable hands the OneTrust platform is a real Swiss army knife for privacy, security and compliance professionals. The front-end is pretty user-friendly by the standards of the average business software application, and the administrative back-end's intuitiveness, while less straightforward, can become quite an acquired taste. Even though the product has clear target audiences in the privacy, security, compliance and governance spaces, it also has great capabilities and ample flexibility -- at least in some of its modules such as Assessment Automation -- to be put to good use in pretty much any area that involves gathering and managing structured information in an auditable and repeatable fashion. The rich and growing integration library is appealing, and provided that the customer's organization has the maturity and the skills to leverage the API capabilities, it can go a long way to automate processes and cut down on work duplication. At the same time, for everyday business tasks, it requires little (and in some cases no) tech savviness, so professionals with backgrounds in areas like law, economics or project management can still be successful at using the tool, including making it perform tricks which the original software designer may not even have meant to package into the original box.

A lot of the assessments are versioned and streamlined.

Main weakness is probably the interface as it could be improved and make it easier to navigate between different screens.

Permission management is both very complex and tedious to tailor and configure properly, and at the same time incapable of addressing certain basic privacy and security needs such as not giving a user full access to every record in a module where their role only requires read permissions for a few records, and write permission for a single one. There are many odd inconsistencies between seemingly very similar functionalities across different modules, often requiring back-end engineering to reconcile. Requests for such improvements may or may not get on the roadmap, causing certain irritating discrepancies to survive for years. Some fundamentally basic everyday use cases in the privacy and security professions (such as keeping separate and different inventories of internal and external IT assets) cannot be easily accommodated and require out-of-the-box thinking, creativity and engineering by the customer. The only solution is often to figure out a way to leverage an existing but unused functionality for a purpose it was never meant or designed to serve, and which it therefore suits very imperfectly. Too often, to the question of 'how does the tool address this utterly business-as-usual scenario, OneTrust's answer is It doesn't but let us try to figure out a workaround. In the compliance space, that's not a reassuring approach to put on record. Claims of being used successfully by many large organizations become less credible every time OneTrust is unable to demonstrate how certain very ordinary tasks -- which must have come up with every single customer from the outset -- still can't be solved on the platform. No amount of OneTrust green paint all over every privacy event in the world will make that go away. Some Marketing budget would be better spent on Engineering.

It is excellent. I would like to see more AI capabilities.