OneTrust Using OneTrust: Managing AI

AI presents significant opportunities, but it also creates regulatory, ethical, and operational risks that organizations need to manage in a structured and scalable way. In this session, we’ll walk through how we use OneTrust to govern AI responsibly across teams, use cases, and stages of maturity.

We’ll share not only how our program is structured today, but also what we have learned as our AI governance approach has evolved, including how we can adapt to newer use cases such as agentic AI.

You’ll learn how our internal teams use OneTrust to:

• Maintain an AI Inventory of systems, models, and use cases across the business
• Classify AI systems based on risk level and regulatory exposure, including frameworks such as the EU AI Act and ISO/IEC 42001
• Tailor intake and assessment workflows depending on the nature of the AI use case, including product AI, internal agentic AI, and third-party AI tools
• Conduct AI Impact Assessments to evaluate issues such as bias, fairness, accountability, and appropriate human oversight
• Document development processes, data sources, inputs, and governance decisions to support transparency and defensibility
• Align internal policies and operational controls with evolving legal, regulatory, and ethical expectations
• Scale AI governance in a way that is practical to maintain, while still collecting the right information from the right stakeholders at the right time

AI governance is still evolving, but OneTrust is already helping us build a more scalable and adaptable program, strengthen cross-functional accountability, and embed responsible practices into how we innovate.