Data privacy, governance, and compliance platform OneTrust has announced plans to acquire Tugboat Logic, a platform that companies use to garner security certifications such as ISO 27001. Terms of the deal were not disclosed.

Founded in 2016, OneTrust is one of numerous companies that specialize in helping other businesses maintain data privacy, both for regulatory compliance and to meet customers’ growing expectations that their data will be treated with kid gloves. OneTrust offers a self-assessment tool that businesses such as Allianz, Maersk, and Huawei can use to see how they comply with GDPR and other legal frameworks (or fail to), with additional tools such as “data mapping” that illustrate how data flows through an organization and across borders, as well as myriad services spanning cookie compliance, consent management, and breach response.

Gartner predicts that by 2023, data from nearly two-thirds of the world’s population will be covered by local and regional privacy regulations — such as Europe’s GDPR and California’s CCPA. As such, the enterprise governance, risk, and compliance (GRC) market was pegged at $35 billion in 2020.

Automation for the people

While OneTrust has some existing functionality to help businesses when they’re audited for certification, Tugboat Logic is specifically about removing friction from the process by automating key steps. The four-year-old VC-backed company is ultimately focused on addressing a skills gap in the security and compliance industry.

Using AI and machine learning, Tugboat Logic automates information security (InfoSec) policy creation and “audit readiness” so companies can prove to customers that they are serious about data protection. The Tugboat Logic platform includes a prebuilt library of 40 policies to take a lot of the spadework out of creating information security (InfoSec) policies, and it also offers automated security questionnaire responses to expedite request for proposal (RFP) submissions.

“Any business that uses data is now a regulated business, and regardless of size, these companies are held to the same risk compliance and certification standards as sophisticated programs,” OneTrust CEO Kabir Barday noted in a press release. “Tugboat Logic simplifies security assurance and certification automation to help growing companies easily demonstrate why they can be trusted and give a level of assurance about their security and compliance posture.”

Reach

OneTrust has been on something of an acquisition spree in 2021, bolstering its core offering with third-party risk management platform Shared Assessments; ethics and compliance company Convercent; and automated data-redaction provider DocuVision. These deals have been partially funded by the Atlanta, Georgia-based company’s recent $510 million cash injection, which was spread across two rounds of funding starting last December.

Other notable players in the space include BigID and Didomi, both of which have raised sizable investments in recent months. But by extending its reach into related data privacy and security verticals, OneTrust is positioning itself as a more alluring proposition for companies of all sizes by offering comprehensive tools and services. The company can cross-sell and upsell to Tugboat Logic users as their businesses grow, offering all manner of tools spanning privacy, ethics and compliance, ESG, third-party risk, data governance, and more.

OneTrust said it expects to close the Tugboat Logic acquisition in the coming weeks.