Compliance Manager GRC Reviews

“Another highly satisfactory Kaseya product

Pros

This product has some decent integrations and a few features that save a lot of time. It's pretty easy to use.

Cons

It's really expensive for what it offers. The lack of ISO standards and SOC makes it more suited for MSPs working directly with clients and it's mostly US-focused.

“Governance, Risk, and Compliance Manager

Pros

We have really been able to get our compliance in order. It might not make you an expert but it definitely helps move the process along.

Cons

You have to keep in mind that it will not make you an expert in your field of work.

“Great customer service and a dependable platform

Pros

I've been very satisfied with our overall usage. The built-in templates make my life so much easier!

Cons

I love that it integrates with IT Glue but there seems to be a bit of a lag sometimes.

“Kaseya lacks proper support for its current customers

Pros

I love the ability to customize the assessment and controls for each specific engagement. The ability to �assign� tasks to subject matter experts is also really helpful. Right now, the product doesn't make it easy for these experts to see the guidance for the specific standard I'm asking them to upload evidence for. I hope this feature is implemented soon, as it would make the process a lot easier. Right now we still rely on spreadsheets to gather evidence, which we were hoping to move away from.

Cons

What I like least about it is the customer support especially when things are broken. There have been multiple issues with both Compliance Manager and Compliance Manager GRC over the two years we've used it. Despite requesting a root cause analysis multiple times, even from senior product managers, I've received no updates. I have had to cancel compliance final meetings with customers because the software performed poorly and even after escalating the issue as �Sev-1� to the front line, I got no response for days. If it's a simple question that front-line engineers can handle, support is good but anything that needs to be escalated to the dev team rarely gets a proactive response. In one instance, they clearly broke something with the Requirements Analysis modal. It worked one day, broke the next, and I noted the update on that day. Two weeks later and they still haven't identified the issue. I run development shops and the first thing we do is figure out what was just pushed out and how it impacted things but apparently, that's not the approach for Kaseya's development team. It's still broken.

“Streamlining and automating compliance management

Pros

We're using Compliance Manager for multiple compliance domains, HIPAA, NIST CSF, Cyber Insurance and GDPR. It's brought three key improvements: 1) Automation for what was previously a manual discovery process, 2) Standardizing processes and deliverables across compliance domains and 3) Creating a foundation for ongoing service offerings and deliverables.

Cons

The scanning installation works fine for on premises Windows environments but it's cumbersome for non-Windows devices. Cloud support for scanning is limited, which is a big downside. It fits well with smaller to medium sized environments but installing scanners in large environments can be a real challenge. A helpful request would be mapping control areas between compliance domains and integrating evidence cataloging with pointers.

“A crucial element in our compliance portfolio

Pros

We have clients that need to maintain compliance for both DoD work and HIPAA. Compliance Manager helps us keep these clients in a state of continuous compliance through various tools.

Cons

Active Directory auditing interface could use some fine-tuning. It would be great to have more granular control for OU filtering. I think integration would be the only change I'd recommend.

“Does not meet CMMC or 800-171 compliance standards yet

Pros

This does a great job of collecting data from your network which is super useful for audits. It also offers great ways to track certain data for clients.

Cons

The software isn't really designed to help with audits like CMMC. Compared to a program like FutureFeed.co (which is specifically made for CMMC audits), it doesn't help you track your progress, build your SSP and POA&M or manage SAC. It's more of an extension of their Network Detective data gathering program than a comprehensive CMMC compliance tool.

“A great step forward in v2.0, eager to see more GRC features

Pros

The ability to crawl multiple data collections across different standards is a huge plus. For example, our HIPAA clients also need to be PCI SAQ-C compliant but I had never done a PCI assessment before. Now, we can blend them together, saving time and ensuring the correct effort is charged.

Cons

The shift away from a question driven interface means more time spent reviewing the standards to figure out what's considered compliant. It's always been useful to have the standard immediately accessible when a question needed clarification but now it takes longer.

“Needs an update...

Pros

It simplifies our assessment process with a prompted questionnaire.

Cons

It's not very easy and the customizations just aren't available enough.

“Fantastic product!

Pros

I love the workflow!! it's easy to understand and also to follow.

Cons

I have no complaints and nothing to mention at this time.

“Effective compliance management tool

Pros

It used to be the software to use. What I like most is the comprehensive set of reports. The integration of HIPAA interview (On-Site Survey), walkthrough notes, network scans, secondary data collection worksheets, etc is fantastic. There's nothing else like it on the market.

Cons

I'm having major issues setting up a new HIPAA risk assessment. I'm trying to set one up for the Center for Advanced Orthopedics but it's not intuitive and hard to navigate. I didn't have this issue before and I've been working on it for hours. I'll reach out to support shortly but wanted to share this feedback.

“Ideal tool for basic compliance audits and management

Pros

The product is generally easy to use, and it's simple enough that even sales teams can use it for the discovery process. The reporting is complete and provides a good framework for talking points with customers and prospects.

Cons

Some compliance frameworks aren't available yet.

“Never put into action, though tested

Pros

It looks great on paper, but I would need to get an agreement and install an instance to really know how it works.

Cons

It would be great to get an agreement for 2023 to start using the product. Not being able to implement it yet is affecting my opinion of it.