OneTrust

OneTrust Privacy. Privacy Management Software. Operationalize Your ​Privacy Program for ​CCPA, GDPR & ​All the World's Privacy Laws​.

  • $300 – $6,500 per vulnerability
  • Safe harbor
Submit report

Version 6.33 Released!

Summary

Happy Wednesday, Researchers! OneTrust has released its latest version (6.33), which has provided new features to our solution for you to review and test. We have provided a list of new features that have been added along with the respective modules.

Our First-to-Find bonuses for our Featured Module for the Month of March (Incident Response) are still in place.

New Features

Assessment Automation

  • Change Workflows for Customer Approval Workflows

    Utilize the new Change Workflow feature with Customer Approval Workflows to reassign workflows. This feature allows admins to manually change an assessment's workflow to another based on identified criteria.

  • Add Task Collaborators

    Add multiple collaborator(s) to tasks on the assessment with Assessment Automation templates rules.

Audit Management

  • Manage All Tasks

    Use the new Tasks menu to manage, reassign, complete, and delete all tasks listed in the Audit Management module. This feature allows users to easily view and manage all audit, workpaper, and finding tasks related to an organization in a central location. Users can also complete the following actions using the new menu:

    • Filter and sort the tasks list to easily find tasks.
    • Export the task list to further analyze and report on the data outside of the OneTrust application.
    • Receive email notifications when a new task has been assigned to you and requires action.

Awareness Training

  • Users Enrollment Details Report

    Use the User Enrollment Details report in the Reporting module to generate detailed user reports. This report is broken down by individual users, courses, and the status of the course.

Consent Management

  • Integration Events for Not Given Transactions

    Integration events are now triggered when a Not Given transaction is passed through a data subject. This allows transactions with a Not Given status to be updated in third-party systems automatically from the API payload.

  • Receipt Transaction Trigger

    Generate a receipt transaction using the Create a Consent Receipt endpoint on an integration workflow on the Connections screen in the Integrations module. This enables you to create a standardized approach to processing transactions.

Cookie Compliance

  • Create Custom Frameworks

    Create templates with predefined custom settings and text by leveraging custom frameworks to meet your organization's specific compliance needs. Custom frameworks can be created by converting an existing template to a custom framework or by importing an Excel file containing your desired settings. Custom frameworks are designed to support modifying templates for different compliance requirements.

Dashboards & Reporting

  • Enhanced Rich Text Editor

    Format text within PDF reports using the enhanced rich text editor that provides users with the ability to:

    • Select from additional fonts
    • Clear text formatting
    • Insert links, images, and tables
    • Increase and decrease indents

DataDiscovery

  • Worker Node Troubleshooting Script

    Execute the new node_doctor.sh script to triage information and check the health of worker node deployment. The included commands assist with the install by confirming dependencies, network URL connections, proxy variables, and platform recommendations.

  • Thycotic Secret Server for Manual Installs

    Deploy with Thycotic Secret Server as a credential vault option for manual worker node deployments. Using the new variables in the .envs file, organizations can use Thycotic during worker node deployment to create data source credentials.

  • Worker Node Access Controls by Organization

    Limit viewing and editing privileges for worker nodes to only users with access to the organization level. This ensures that worker nodes created in the organizational level are only accessible by users with equal access.

  • Track Scan Profile Creator

    The Created By column is now available in the Scan Profile list screen to identify the user who created the object in the application.

  • Object-Level Details

    Refer to object-level details to understand when an object was last scanned and the last seen job ID. Currently supported in Data Catalog, these details are now shown everywhere the object is listed, giving users important information on the last scan run for improved reporting metrics.

Data Mapping

  • Bulk Import and Update Inventory Attributes

    Create or update inventory attributes using the Bulk Import inventory attributes templates.

Data Redaction

  • Mark Files for Redaction During Upload

    Choose whether a file should be redacted when first uploading it to the application. This redaction enhancement allows users to initially decide if their file(s) should be redacted at all before being sent to data subjects, as some use cases simply require file uploads without any redactions applied.

ESG Program Management

  • Tasks on Initiatives

    Create, edit, delete, and assign tasks using the Tasks tab on the Initiative Details screen. Tasks allow you to break down initiatives into segments of actionable work and improve performance against metrics that are impactful for your organization. You can also upload files and enter comments on tasks for more detailed record keeping.

Incident Response Management (March Featured Module)

  • Translated Jurisdictions

    View the translated names of regions when managing jurisdictions on an incident. With this enhancement, users can translate jurisdictions into their preferred language, providing them with a more tailored experience.

IT Risk Management

  • Create Control Profiles

    Create and build rules for Control Profiles using the new Control Profiles menu. This feature allows users to configure rules to automatically assign controls to inventory records based on the conditions met.

  • Search and Filter Execution Results

    Search and filter the results list on the Execution Results tab of the Control Profile Details screen. This feature allows users to search results to quickly locate records and filter the results by the following fields:

    • Execution Date
    • Rule
    • Controls
    • Inventory Type

  • Configure the Control Approver Attribute

    Configure the Control Approver attribute in the Attribute Manager to track the approver of control implementations. This feature also allows users to send notifications to control approvers when they are assigned a new control.

Privacy Rights (DSAR)

  • Display Date Format in Privacy Portal

    View the Date Format label (MM/DD/YYYY) when accessing the Requests and Data Subject Request Details screens in the Privacy Portal.

  • Support Managing Organizations on Workflows

    Set managing organizations when creating, editing, or managing workflows. This feature allows users to only have access to requests belonging to lower level or specific organizations.

Vendor Portal

  • Question Assignment

    Assign questions to subject matter experts within your organization while reviewing a questionnaire. This feature allows you to delegate questions to respondents who can confirm responses, upload attachments, and comment with additional detail.

  • Add Attachments from Question Assignment

    View documents attached during question assignment on the Request Details screen. This allows users to view documents shared during question assignments.

Vendor Risk Management

  • Link Risks from Original Assessment

    Link risks to the previous assessments by selecting Link Risk to Original Assessment when configuring automation rules to send assessments. This prevents duplicate risks from being created as a result of vendor reassessments launched by automation rules.

  • Bulk Import Custom User-Type Attributes for Contracts

    Create and update custom user-type attributes when using the Update Contracts and Create Contracts import templates. This allows you to import or make changes to custom user-type attributes on multiple contracts at once.

  • Assessment Deadlines and Reminders for Vendor Workflows

    Set deadlines and reminders for assessments launched from vendor workflow stage rules. This allows you to provide a deadline for assessment completion and configure reminder notifications when configuring Stage Rules on the Vendor Workflow Details screen.

  • Manage Location List

    Manage the location list options for location-type attributes directly within the Location List screen of the Attribute Manager. This allows users to customize the order which the location list is displayed, add custom location options, and deactivate existing locations.

  • Export Current View for Engagements

    Select Export Current View when exporting the engagements from the Engagements screen. This allows you to export a subset of data by exporting only the currently selected view.

  • Error Handling for Vendor Workflow Routing Rules

    See errors when configuring vendor workflow routing rules. This feature shows you which fields contain invalid data or data which would stop the rule from executing directly on the Routing Rules tab of the Workflows & Rules screen.

  • Get Vendor ID for Deleted Vendors

    Utilize the Integrations module to view the Vendor ID for deleted vendors. This feature allows users to retrieve the Vendor ID in the OneTrust application and map it to an external system for deletion.

  • Deactivate System Engagement Attributes

    Deactivate system engagement attributes on the Attribute Manager screen. This feature allows you to deactivate non-required, system engagement attributes.

OneTrust
OneTrust