Barrier Networks Privacy, Security, and Third-party risk management (OneTrust)
This modular offering gives customers the visibility, automation and record keeping they need for the laws and frameworks that matter most to their compliance program
Features
- Benchmark your organisations GDPR program, identify gaps, with suggested remediation
- Track DPIA’s across your organisation with subtask allocation across teams
- Generate Reports and Dashboards to prove compliance
- Keep your IAR evergreen, identify data flows across your organisation
- Cookie Consent & Website Scanning with reports to meet regulations
- Respond and track DSAR’s/FOI’s/ EIR within Regulatory timeframes
- Build an Incident & Breach Management Plan
- Measure safety of your Third Parties and Vendors
- Monitor digital properties while measuring/reporting on your risk portfolio
- Build your ethics and compliance program
Benefits
- Demonstrate Compliance & Accountability with built-in template and customisable reports.
- Operationalize your Privacy Program GDPR,CCPA & all Privacy Laws
- Generate a Processing Register for Article 30
- Dynamic linkage across modules ensures de-duplication of work
- Reduce single point of failure by tasks allocation across teams
- Review and Remediate Vendor Risks
- Prepare an Incident Notification Workflow
- Add transparency and choice for your customers
- Simplify Data Discovery and classification across your organisation
- Save time and increase accuracy whilst automating compliance
Pricing
£25 a person a year
- Education pricing available
- Free trial available
Service documents
Request an accessible format
If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format,
email the supplier at info@barriernetworks.com.
Tell them what format you need. It will help if you say what assistive technology you use.
Framework
G-Cloud 14
Service ID
8 2 8 9 1 1 0 2 2 3 4 1 7 5 9
Contact
Barrier Networks
Iain Slater
Telephone: 0141 356 0101
Email: info@barriernetworks.com
Service scope
- Software add-on or extension
- No
- Cloud deployment model
-
- Public cloud
- Private cloud
- Service constraints
- None
- System requirements
- Web Browser
User support
- Email or online ticketing support
- Email or online ticketing
- Support response times
- Defined by the chosen support plan by the client
- User can manage status and priority of support tickets
- No
- Phone support
- Yes
- Phone support availability
- 9 to 5 (UK time), 7 days a week
- Web chat support
- No
- Onsite support
- Yes, at extra cost
- Support levels
- Please see service definition
- Support available to third parties
- Yes
Onboarding and offboarding
- Getting started
- Implementation and training services are provided, these can be onsite or deliverered remotely. All customers have access to the online support portal.
- Service documentation
- Yes
- Documentation formats
-
- HTML
- Other
- Other documentation formats
- On-line support portal
- End-of-contract data extraction
- In the event of contract termination, a copy of customer data is provided to the customer and all remaining data on OneTrust systems is deleted within thirty days of contract termination; Microsoft Azure follows NIST 800-88 data destruction policies.
- End-of-contract process
- In the event of contract termination, a copy of customer data is provided to the customer and all remaining data on OneTrust systems is deleted within thirty days of contract termination; Microsoft Azure follows NIST 800-88 data destruction policies.
Using the service
- Web browser interface
- Yes
- Supported browsers
-
- Internet Explorer 11
- Microsoft Edge
- Firefox
- Chrome
- Safari
- Application to install
- No
- Designed for use on mobile devices
- Yes
- Differences between the mobile and desktop service
- Not all functionality available in mobile vs desktop
- Service interface
- Yes
- User support accessibility
- None or don’t know
- Description of service interface
- GUI of the app available through internet browser
- Accessibility standards
- WCAG 2.1 AAA
- Accessibility testing
- Testing conducted internally
- API
- Yes
- What users can and can't do using the API
- Yes, OneTrust has the largest network of deep, pre-defined system integrations through our API connectivity abilities. This includes a catalogue of pre-integrated applications that make it easy to integrate privacy into your existing application workflows across your organization. We offer the industry’s broadest and deepest set of integrations and are continuously adding new ones to our library. The OneTrust platform provides a powerful but flexible way to connect to your applications through APIs, SDKs, data feeds, system integration, and more. Out of the box integration capabilities include JIRA, ServiceNow, Zendesk, Slack, email, Tableau, Google Suite, and popular tag managers such as Tealium, Google Tag Manager, Adobe Launch, and much more. Please see our website for additional details.
- API documentation
- Yes
- API documentation formats
-
- Open API (also known as Swagger)
- HTML
- API sandbox or test environment
- Yes
- Customisation available
- Yes
- Description of customisation
- Through API
Scaling
- Independence of resources
- The VM's do not use resource pools; they use individual guaranteed CPU/memory cycles.
Analytics
- Service usage metrics
- Yes
- Metrics types
- All support levels include Software Updates, remote support, unlimited support requests, and support requests and responses via telephone (onetrust.com/company/contact) or web (my.onetrust.com). Scheduled maintenance takes place between the hours of 10PM – 2AM local time based upon the location of the data centre and users will receive notification of scheduled maintenance 24 hours in advance via the support portal (provided such user has opted to receive notices from the support centre). See further information in our Support Level Document
- Reporting types
-
- Real-time dashboards
- Reports on request
Resellers
- Supplier type
- Reseller providing extra support
- Organisation whose services are being resold
- OneTrust
Staff security
- Staff security clearance
- Other security clearance
- Government security clearance
- Up to Developed Vetting (DV)
Asset protection
- Knowledge of data storage and processing locations
- Yes
- Data storage and processing locations
-
- United Kingdom
- European Economic Area (EEA)
- User control over data storage and processing locations
- Yes
- Datacentre security standards
- Complies with a recognised standard (for example CSA CCM version 3.0)
- Penetration testing frequency
- At least once a year
- Penetration testing approach
- ‘IT Health Check’ performed by a CHECK service provider
- Protecting data at rest
- Physical access control, complying with CSA CCM v3.0
- Data sanitisation process
- Yes
- Data sanitisation type
- Explicit overwriting of storage before reallocation
- Equipment disposal approach
- Complying with a recognised standard, for example CSA CCM v.30, CAS (Sanitisation) or ISO/IEC 27001
Data importing and exporting
- Data export approach
- Data portability is defined in our terms and conditions
- Data export formats
- CSV
- Data import formats
-
- CSV
- Other
- Other data import formats
- Via API
Data-in-transit protection
- Data protection between buyer and supplier networks
- TLS (version 1.2 or above)
- Data protection within supplier network
- TLS (version 1.2 or above)
Availability and resilience
- Guaranteed availability
- OneTrust guarantees a high availability of our solution through our SLA of 99.95% during any given calendar month. If the client wants to attach the SLA to their contract with OneTrust, you can purchase Enterprise level Support and Licensing.
- Approach to resilience
- Backups are stored at secondary Azure data centre, more details available on request.
- Outage reporting
- Through our online support portal
Identity and authentication
- User authentication needed
- Yes
- User authentication
-
- 2-factor authentication
- Public key authentication (including by TLS client certificate)
- Identity federation with existing provider (for example Google Apps)
- Username or password
- Access restrictions in management interfaces and support channels
- Strict access control policy
- Access restriction testing frequency
- At least every 6 months
- Management access authentication
-
- 2-factor authentication
- Public key authentication (including by TLS client certificate)
- Identity federation with existing provider (for example Google Apps)
- Username or password
Audit information for users
- Access to user activity audit information
- Users have access to real-time audit information
- How long user audit data is stored for
- At least 12 months
- Access to supplier activity audit information
- Users have access to real-time audit information
- How long supplier audit data is stored for
- User-defined
- How long system logs are stored for
- At least 12 months
Standards and certifications
- ISO/IEC 27001 certification
- Yes
- Who accredited the ISO/IEC 27001
- Coalfire Labs
- ISO/IEC 27001 accreditation date
- 01/01/2020
- What the ISO/IEC 27001 doesn’t cover
- N/A
- ISO 28000:2007 certification
- No
- CSA STAR certification
- Yes
- CSA STAR accreditation date
- 31/12/2006
- CSA STAR certification level
- Level 2: CSA STAR Attestation
- What the CSA STAR doesn’t cover
- Managed by Microsoft Azure
- PCI certification
- No
- Cyber essentials
- Yes
- Cyber essentials plus
- Yes
- Other security certifications
- No
Security governance
- Named board-level person responsible for service security
- Yes
- Security governance certified
- Yes
- Security governance standards
-
- ISO/IEC 27001
- Other
- Other security governance standards
-
ISO 27701
SOC 2 Type II - Information security policies and processes
- OneTrust manages our security program according to the ISO 27001 framework, and reviews and responds to data protection and privacy requirements under that management structure to ensure compliance with relevant requirements.
Operational security
- Configuration and change management standard
- Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
- Configuration and change management approach
- Defined in our SOC 2 Type II report, available on request
- Vulnerability management type
- Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
- Vulnerability management approach
- Defined in our SOC 2 Type II report, available on request
- Protective monitoring type
- Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
- Protective monitoring approach
- Defined in our SOC 2 Type II report, available on request
- Incident management type
- Conforms to a recognised standard, for example, CSA CCM v3.0 or ISO/IEC 27035:2011 or SSAE-16 / ISAE 3402
- Incident management approach
- Defined in our SOC 2 Type II report, available on request
Secure development
- Approach to secure software development best practice
- Independent review of processes (for example CESG CPA Build Standard, ISO/IEC 27034, ISO/IEC 27001 or CSA CCM v3.0)
Public sector networks
- Connection to public sector networks
- No
Social Value
- Social Value
-
Social Value
- Equal opportunity
- Wellbeing
Equal opportunity
• To create an environment in which individual differences and the contributions of all our staff are recognised and valued.
• Every employee is entitled to a working environment that promotes dignity and respect to all. No form of intimidation, bullying or harassment will be tolerated.
• Training, development and progression opportunities are available to all staff.
• To promote equality in the workplace which we believe is good management practice and makes sound business sense.
• We will review all our employment practices and procedures to ensure fairness.
• Breaches of our Equality Policy will be regarded as misconduct and could lead to disciplinary proceedings.
• This policy is fully supported by Senior Management.
• The policy will be monitored and reviewed regularly.Wellbeing
• We promote an open, supportive company culture where employees look out for one another and feel comfortable discussing any difficulties. Mental health is valued equally to physical health.
• Employees have access to confidential counselling, therapy, and other mental health resources through our employee assistance program.
• We encourage taking time off when needed for mental health days in addition to sick days. Employees are trusted to manage their time off responsibly.
• Training is provided to managers on recognizing signs of burnout,
work overload, and other mental health concerns. Managers work to
proactively address issues and reduce employee stress.
• Employee workloads and schedules are designed to be reasonable
and sustainable.
• Wellness initiatives like meditation breaks, stress management
workshops, mindfulness programs, and social events are offered
throughout the year.
Pricing
- Price
- £25 a person a year
- Discount for educational organisations
- Yes
- Free trial available
- Yes
- Description of free trial
- Trial versions can be provided
Service documents
Request an accessible format
If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format,
email the supplier at info@barriernetworks.com.
Tell them what format you need. It will help if you say what assistive technology you use.