Bewertet am 21.5.2018
Logical and minimal approach to GRC saves time!
Kommentare: One of the biggest benefits that has made a huge impact is the time savings we've achieved in our IT Security group by using ZenGRC. Our old email/spreadsheet process would be a multi-week process, cause confusion every audit and often get us lost in the weeds of details when we needed to be focusing on the auditors. The first audit we ran through ZenGRC saved us literally a full week of time that would have been dedicated to reviewing evidence submission via email and spreadsheets. Having ZenGRC in place allowed us to put multiple review points in place BEFORE the evidence came to our group for review practically eliminating the requirement of follow-up request corrections.
Vorteile: ZenGRC brings all the tools you need to run a successful GRC program to the table in a clear, concise and minimalist package that's nimble and efficient. Our company had been utilizing the old method of email/spreadsheets and was getting lost in the weeds even on the smallest of audits and struggling to keep up each year to stay ahead. Our evaluations with other tools fell flat, didn't meet our requirements or introduced complexity. Our evaluation of ZenGRC started with skepticism, but quickly turned positive once we realized how logically organized the system was on the back-end. During our testing period, we were able to quickly create a Sarbanes-Oxley program, using both their template import and the GUI, in a matter of days. Since that time only a few short weeks ago we have now almost completed a full internal audit of our SOX program, complete with evidence collection and control evaluations. Our rough estimate has us gaining back a full week of time from previous audits last year and year prior using the old email/spreadsheet method. We are now rolling out an ISO27001, SOC2 and internal security control framework on the heels of the SOX success.
Nachteile: As with any SaaS from a small company that is new to market (less than 5 years), there are aspects of the tool that require some creative thinking and clever workarounds. This is not necessarily a dislike in my opinion, however less technical individuals may find this aspect difficult or troublesome. ZenGRC staff do redeem themselves on this front as they're quick to respond to feature requests and have already implemented several suggestions our team has submitted. Since starting to use the product, they have continually updated the product with new features, fixes and updates to existing functionality.
Bewertet am 8.11.2019
Powerful, extensible, and easy to use software. Excellent support and product roadmap.
Kommentare: We're facilitating internal audits with ZenGRC, and the software does a great job of it.
Vorteile: The ZenGRC solution streamlines conducting internal audits. Auditors can easily set up control frameworks (tons of templates are provided, which is very helpful), evidence requests, assign them to auditees, and review the evidence submitted. Auditees can easily provide feedback, ask questions, and submit evidence for review. The workflows ZenGRC supports are both incredibly accessible and very powerful. ZenGRC actively listens to customers and has actually incorporated a number of suggestions I (and other customers) have made. I'm excited to see what they'll develop in the future.
Nachteile: The ZenGRC solution is fantastic, and all the complaints I had 1.5 years ago have been resolved, and my expectations exceeded. I wish the vendor/third party management module was receiving more attention, sooner, but the roadmap for its development has been conveyed to me, and I understand the timing. I wish there was a licensing model which was not tied to user counts, which would enable us to do even more with the product.
Bewertet am 22.9.2017
ZenGRC is a major part of our successful compliance programs
Kommentare: Because it's so well organized we've managed to keep the required staff to manage compliance at a minimum.
Vorteile: I have been using ZenGRC for over two years now and it has been an essential tool helping us get and stay organized when we embarked on gaining a SOC 2 attestation. We have since been through two SOC 2 audits and are using ZenGRC to help us assess and remediate our gaps against ISO 27001.
Nachteile: There's still a some things you have to edit by exporting to CSV, editing in your favorite spreadsheet app, then re-importing, so it would be nice if some of that functionality was built into the UI. That being said, that workflow is actually ideal for some tasks. Our last audit firm wasn't able to use the app directly for requesting and managing audit evidence so there was a bit of duplication of effort. The ZenGRC team is making some changes to make that better though.
Bewertet am 10.11.2017
ZenGRC Delivers Compliance and Automation
Kommentare: The immediate benefits are streamlining of processes and simplification of evidence collection. What used to be a multi-step JIRA project with a manual review, then publishing to a separate project where our auditors could view the evidence, is now a simple workflow. This is a huge timesaver and makes the audit process as painless as possible.
Vorteile: Simple, easy to use, despite managing complex workflows and multiple audits across ,multiple teams. Easy to import specific controls and modify existing control sets to meet our needs as necessary. Audit readiness dashboard is critical as you prepare for new compliance initiatives or are questioned on "how difficult" it would be to be to become compliant with a specific regulation or framework to close a deal.
Nachteile: The JIRA integration is improving in significant ways, however the complexity and manner with which we implemented JIRA makes an effective integration difficult and as a result the immediate integration is not as useful as we would like to see. That being said, the two-way sync has made a dramatic improvements, and for most customers, the existing integration is likely more than sufficient.
Bewertet am 21.4.2017
Best Governance, Risk and Compliance tool on the market
Kommentare: ZenGRC is the easiest to use, and most flexible, GRC tool on the market. It is simple enough that even small organizations will find it useful, but powerful enough to help the largest of companies. Its power comes from the way it links objects to each other. Controls, objectives, threats, risks, systems, vendors, customers, contracts, etc. are all cross linked to each other. And best of all, Reciprocity has a vast library of compliance standards that are cross-linked. Because of this, you can have a single set of master controls that are linked to PCI, SOC2, HIPAA, HITRUST, NIST, ISO, or whatever other frameworks you are using. Simplifies and "audit once" methodology for companies that deal with many different standards. Additionally, the risk management capabilities of ZenGRC make it easy to integrate enterprise risk management into your overall compliance program. There are few pieces of software I can't live without, but ZenGRC is one I'd fight for at any company I joined.
Ease of use
Relationships of objects
Bewertet am 15.11.2017
Reciprocity is an invaluable partner in meeting our data management needs.
Vorteile: The ability to customize the use of the software to meet our unique needs. The technical folks also understand our use case and suggest different ways for us to think about our data and how best to represent it. I like way the system has matured and is tying various elements together (like audit and risk). Customer service is excellent and I really, really like having the same person to deal with all the time. This eliminates having to re-explain your data set to the next help desk guy.
Nachteile: While many of the changes to the system have been helpful, the constant changes can be hard to keep up with and difficult to plan how to expand our use of the system.
Bewertet am 23.5.2018
ZenGRC Product and Team is great to work with
Vorteile: The team loves the flexibility of the tool, and how we can adapt the models to work that is not traditional controls development, testing and tracking.
Nachteile: I cannot think of anything my team does not like about the product and services. We are very happy with out purchase.
Bewertet am 10.4.2018
I have been actively using this tool for my PCI and SOC2 audit. This a great workflow tool.
Kommentare: I am able to manage multiple audits and collect and test evidences from different customer with less amount of manual work.l
Vorteile: Managing multiple audits in one platform in the past we used to track our communication via email and in spreadsheet and now we can have log of each communication via this tool.
Nachteile: Audit manager are not able to choose the request template based on the different types of audit frameworks.
Bewertet am 18.7.2017
Best GRC tool I have used. It's easy and user friendly for risk and compliance requirements
Kommentare: It does everything I need in a fraction of the time. It is efficient and very easy to navigate around.
Vorteile: Easy to set up and begin recording and reporting on risks. All our compliance requirements in one central place and accessable by a few clicks of a button.
Nachteile: It needs more reporting and visual features as my target audience need more graphs and items to show different risk profiles, risk appetite, thresholds etc
Bewertet am 15.7.2018
Great Compliance / Audit Tool
Kommentare: Automating our audit and compliance issues into one platform that is easily accessible when needed to pull these files.
Vorteile: This tool is very user friendly and navigation is around. It gives us one single platform to keep our audits managed efficiently and easily accessed if needed. We now have a tracking system for our compliance issues to resolve them swiftly and avoid fines and penalties to stay compliant. This tool has been a great organizational tool with many features to save time with tedious audits.
Nachteile: There could be more reporting features available. There seems to be a lot of editing involved to download and/or export documents. If this was a built in feature with this software that would be helpful.
Bewertet am 17.8.2017
Intuitive and User-friendly Approach to Managing Complex Business Processes
Kommentare: It's essential to meet these objectives not only for legal, security, and governance, but also in furthering and enhancing mobility capabilities across the enterprise, and add new solutions as the proliferation of connected devices continues to accelerate.
Vorteile: As a non-technical founder, I evaluated this product on behalf of our customer/prospects. Its intuitive, easy to follow workflows in managing the complexity of rapidly changing and dynamic requirements in compliance, governance, and security are issues that are top of mind early in the product design and discovery phase. Having a trusted partner provides reassurances and more holistic solutions to meet these challenges and increase value.
Nachteile: The only cons are related to having not used the product as an end user, but rather evaluated from demos, meetings, and whitepapers to enhance customer value and as a potential partner.
Bewertet am 19.9.2017
ZenGRC is the perfect solution for our compliance and audit teams at our tech company
Vorteile: ZenGRC has a nice user interface and is fairly intuitive to use. I can't tell you how many horrible GRC tools I've used. ZenGRC is refreshing.
Nachteile: I would love to see a way to use ZenGRC as a tool to automate audit workprograms, testing, spreadsheets and reporting.
Bewertet am 28.6.2017
Effective and Efficient
Vorteile: Since implementing ZenGRC, Vision Critical has improved our ability to effectively and efficiently manage our compliance audits. ZenGRC provides a user-friendly mechanism for submitting evidence and ensuring that appropriate artifacts have been submitted. Furthermore, The ZenGRC dashboards allow Vision Critical to manage and track multiple audits and risk items, while delivering successful results.
Nachteile: We are anxiously awaiting storage integration with AWS S3 and will continue to review other potential solutions with Reciprocity labs.
Bewertet am 12.9.2017
ZenGRC is a great workflow tool from starting a request to collect evidences and close out request.
Kommentare: ZenGRC is a great tool for managing different audits. I love the workflow from starting multiple requests to collecting and accepting evidences. It is reducing the manual effort of tracking requests in excel file. The audit report matrix gives a solid picture for management to track and find the status of the active audit.
Nachteile: The tool needs some enhancements and bug fix to add value to the customers and be user friendly. We are actively using the tool to manage our PCI audit. There are some features that needs to be added to save time during evidence collection and verifying process. I do not think the ZenGRC has met their SLA for customer support. I hope they work on redefining their SLA for their customer.
Bewertet am 10.12.2017
Great GRC Tool
Kommentare: Great Tool Overall
It gives me everything I need in regards to dashboards, heatmaps and condensing all of my risks and regulations.
The evidence collection and workflows replaced what was an otherwise tedious and duplicative process with JIRA tickets.
Needs more reporting functions and different dashboard types
A fair amount of things you have to edit by exporting to CSV, editing in your favorite spreadsheet app, then re-importing, so it would be nice if some of that functionality was built into the U
Bewertet am 31.3.2017
Audit Management Made Easy
Kommentare: ZenGRC has been a great help for managing our assessments. The system is flexible, easy to use and constantly improving with regular updates.
Antwort des Softwareanbieters
von RECIPROCITY an 3.4.2017
Thanks for submitting your review! We're pleased to hear that you are getting a lot of value out of ZenGRC.
Bewertet am 31.3.2017
Great compliance tool
Kommentare: Before ZenGRC, we used spreadsheets and emails to manage our audits. After using ZenGRC, I'll never go back. Their Customer Success team is amazing. They go above and beyond to make sure that we're well taken care of.
Bewertet am 11.4.2017
Streamlining issue management
Kommentare: We used to spend a ton of time sending emails to manage issue tracking and resolution for audits. ZenGRC makes tracking issues incredibly simple.
Bewertet am 8.2.2018
Great customization for GRC software
Vorteile: Software has a simple user interface which is easy to use and customize. This exceeds expectations compared to its competitors.
Nachteile: The reporting side could be better. I did like to see more metric visuals based on the target audience