Case Study: Percona achieves automated, scalable third-party risk management with OneTrust Vendorpedia

Percona Restructures Their Third-Party Risk Management Program with OneTrust Vendorpedia™

Percona, a global SMB leader in open-source database support and services working with over 3,000 clients, faced gaps in third‑party security and privacy risk management—particularly GDPR subprocessor and Article 30/32 requirements—and relied on manual, Excel-based vendor questionnaires. To modernize compliance operations and support enterprise audits, Percona partnered with OneTrust and deployed modules including Vendorpedia, PIA/DPIA Automation, Data Mapping Automation, Data Subject Rights Management, and Incident & Breach Management.

OneTrust implemented Vendorpedia and related OneTrust modules to centralize vendor data and automate processes—pre‑populating research, automating questionnaire completion, attaching contracts and documents, flagging and mitigating risks, and automating GDPR record‑keeping and data mapping. As a result, Percona moved from manual workflows to a single repository with automated risk‑flagging and mitigation, enabling the team to analyze, measure, and report vendor risks at scale, accelerate third‑party assessments, integrate compliance across systems, and advance toward ISO 27001.

Percona

Travis Futas

Senior Compliance Manager