ZenGRC Reviews

“Ideal tool for emerging businesses

Pros

The implementation process was really easy and their customer service has been great throughout.

Cons

The tool wasn't able to grow with our needs as we expanded.

“It's good for managing inventory

Pros

It's a good product overall but the customer service could use some improvement.

Cons

It would be really helpful to have a product that could communicate with the POS system and generate a prep list for each day.

“Basic GRC tool for simplicity

Pros

It is an incredibly flexible and simple GRC tool. It allows for customization to suit a company's specific needs. What really stands out is its ability to map findings, reviews and other data to predefined security frameworks. It's simple, user friendly and perfect for companies just starting their GRC journey.

Cons

The tool lacks several features that are available in more established enterprise GRC systems. It requires a fair amount of development work from the implementing team since many features aren't prebuilt. The UI is quite cluttered and some of the advanced vendor module functionalities are missing.

“Great tool for managing various certifications

Pros

This is great for mapping requirements and controls from multiple certifications which helps avoid duplicating work. You can complete some core tasks once and it applies to everything.

Cons

The different levels of concepts can be a bit confusing especially when some frameworks have to be imported. You have to decide on the frameworks upfront but there's not a lot of context about the differences between them.

“Easy GRC management approach

Pros

PCI assessments are much more efficient with ZenGRC. We've migrated our Objects, Controls, Requests and Evidence from spreadsheets and file repositories into a single system with relational mapping. Mapping risks to our vendors and vulnerability management programs gives us a complete view of our security posture. It strikes a great balance between ease of use and the necessary functionality for a GRC tool.

Cons

Initially we deployed on premises to meet our Privacy and Data Governance requirements but we quickly realized that software upgrades required a lot of IT involvement. The specs for on-premises hosting didn't align with our internal standards, so we reassessed the risks of storing sensitive info off site. After doing more due diligence on ZenGRC, we decided to migrate to the cloud hosted version. Ideally we would have stayed on premises if there was better upgrade automation that the ZenGRC administrators could manage through the user interface.

“Perfect for our requirements

Pros

ZenGRC is perfect for our team especially because we have one contract with a lot of requirements. It allows for customization without the added costs of other off-the-shelf software.

Cons

A small thing I would change is the ability to rename some of the main attributes. We use different terminology and it can be confusing for some of our users.

“Outstanding customer service

Pros

This software gives me a quick overview of my systems' compliance. It helps me track issues that need fixing. The support staff is fantastic and helped me resolve some issues I had when getting familiar with the product. Once you know how to use it, the software is really easy to navigate.

Cons

Some features feel a bit limited but support was open to my suggestions on how to improve the software.

“Robust, customizable and easy to use software with great support

Pros

ZenGRC makes internal audits a breeze. It's simple to set up control frameworks (tons of templates are available, which is super helpful), request evidence, assign tasks to auditees and review the submissions. Auditees can easily provide feedback and submit evidence for review. The workflows are both accessible and powerful. ZenGRC listens to customer feedback and they've already incorporated several suggestions. Im excited to see what they develop next.

Cons

ZenGRC has been fantastic. All the issues I had 1.5 years ago have been resolved and my expectations have been exceeded. I do wish the vendor/third party management module had received more attention sooner but the roadmap for it has been shared with me and I understand the timing. It would also be great if there was a licensing model that wasn't tied to user counts so we could do even more with the product.

“great tool for both compliance and auditing

Pros

This tool is so userfriendly and navigating through it is easy. It gives us one platform to manage our audits efficiently and access everything when we need it. We now have a system to track compliance issues, resolve them quickly and avoid penalties. It's been a great organizational tool with tons of features that save time on audits.

Cons

There could definitely be more reporting features. Right now, downloading and exporting documents requires a lot of editing. If that was built into the software, it would save a lot of time.

“Minimal and logical GRC approach that boosts efficiency

Pros

It brings everything you need for a successful GRC program into one simple, concise and efficient package. Before we used email and spreadsheets but we were always getting lost in the weeds even on the smallest audits. After evaluating other tools, we found they either didn't meet our needs or introduced unnecessary complexity. At first we were skeptical about it but once we saw how well organized it was on the back end, we changed our minds. During the testing period, we quickly set up a Sarbanes-Oxley program using their templates and GUI in just a few days. Since then, we have almost completed our internal SOX audit in just a few weeks, and we have saved a full week of time compared to previous audits. Now we're working on ISO27001, SOC2, and internal security controls based on our success with SOX.

Cons

As with any SaaS product from a smaller company that's still growing, there are some areas that require creative thinking and workarounds. This isn't necessarily a downside, but less technical users may find it difficult. That said, their staff are quick to respond to feature requests and have already implemented several suggestions we have made. Since we started using the product, they've continually updated it with new features, fixes and improvements.

“Working with ZenGRC's product and team has been great

Pros

The team really likes the flexibility of it and how we can adapt the models to track tasks that don't follow traditional controls development.

Cons

I honestly can't think of anything my team doesn't like about the product and services. We're very happy with our purchase.

“A reliable workflow tool for managing PCI and SOC2 audits

Pros

We used to track audit communication via email and spreadsheets but now we can log everything in one place with ZenGRC, which has been a game-changer.

Cons

Audit managers can't select request templates based on different audit frameworks, which is a bit of a limitation.

“Excellent tool for GRC

Pros

ZenGRC gives me everything I need: dashboards, heatmaps and a consolidated view of risks and regulations. The evidence collection and workflows replaced what used to be a tedious process with JIRA tickets.

Cons

It definitely needs more reporting functions and different dashboard options.

“ZenGRC offers complete compliance with automation

Pros

It's simple and easy to use, even though it helps manage complex workflows and audits across multiple teams. Importing specific controls and modifying control sets is super easy. The audit readiness dashboard is key when preparing for new compliance initiatives or answering questions about how difficult it would be to become compliant with a specific regulation.

Cons

The JIRA integration has improved significantly but because of the complexity of how we set it up, the integration is not as effective as we'd like it to be. However the two way sync has been a huge improvement and for most customers, the existing integration is probably more than sufficient.

“Reciprocity is a crucial partner in managing our data needs

Pros

I really appreciate the ability to customize the software to meet our unique needs. The technical team also understands our use case and suggests different ways to represent our data. I like how the system has evolved and how it ties everything together like audit and risk. Customer service is excellent and I really like having the same person to help me every time. It saves me from having to re explain everything to a new support rep.

Cons

While the changes to the system have mostly been helpful, keeping up with them can be challenging and it's hard to plan how to expand our use of the system with all the updates.

“It has been central to our compliance programs' success

Pros

I've been using ZenGRC for over two years and it's been essential for helping us get organized during our SOC 2 attestation process. We have gone through two SOC 2 audits and are now using it to assess and fix gaps for ISO 27001.

Cons

There are still some tasks that require editing by exporting to CSV, making changes in a spreadsheet app and then re importing. It would be nice if some of this functionality was built directly into the UI, though the workflow is actually ideal for some tasks.

“It is an excellent tool for managing the entire workflow, from request to closure

Pros

It is fantastic for managing audits. I love the workflow of starting requests, collecting evidence and accepting submissions. It's taken the manual effort of tracking requests in Excel off our plate. The audit report matrix gives management a clear view of the status of our audits.

Cons

The tool could use some enhancements and bug fixes to improve its value and make it more user-friendly. We're actively using it to manage our PCI audit but there are features that need to be added to make evidence collection and verification more efficient. I also feel like ZenGRC hasn't met its SLA for customer support and I hope they work on improving that.

“Simple tool for managing complex business processes

Pros

As a non technical founder, I evaluated this product for our customers and prospects. The intuitive workflows in it make it easy to manage the complexity of compliance, governance and security requirements. It's reassuring to have a trusted partner to meet these challenges and add value to the process.

Cons

The only downsides I can mention are based on my evaluation of the product as I haven't used it as an end user. I have mainly seen it through demos, meetings and whitepapers to evaluate its customer value and potential for partnership.

“Best GRC tool for risk and compliance management

Pros

ZenGRC is easy to set up and helps us start recording and reporting risks. All our compliance requirements are in one central place and it's accessible with just a few clicks.

Cons

It could definitely use more reporting and visual features. My target audience needs more graphs and visuals to display different risk profiles, risk appetite, thresholds etc.

“Market's best tool for Governance, Risk and Compliance

Pros

This is the easiest and most flexible GRC tool on the market. It's simple enough for small organizations but powerful enough for large companies. Its strength lies in how it links various objects, controls, objectives, threats, risks, systems, vendors, customers and contracts, across different frameworks like PCI, SOC2, HIPAA, HITRUST, NIST and ISO. This simplifies the "audit once" approach for companies dealing with multiple standards. The risk management features make it easy to integrate enterprise risk management into your overall compliance program. This is one of the few pieces of software I can't live without and I'd fight to have it at any company I join.

Cons

I would like to see better relationships between objects within the system.