ZenGRC is a cloud-based and on-premise governance, risk and compliance (GRC) management solution. It serves businesses of all sizes in any industry, including technology, retail, consumer goods, health care and finance. Primary features include audit management, compliance management, contract management, policy management, risk assessment and reporting.
ZenGRC helps users in internal auditing, compliance and information-security teams. With it, these teams can manage and implement audit and compliance processes. It automates audit evidence collection, routine compliance and helps with the creation of new compliance programs. Other features include team collaboration, role-based access, project management, import/export and dashboards.
ZenGRC offers content and regular upgrades for COBIT 5, COSO, FedRAMP, HIPAA, PCI-DSS and SOX compliance programs. It provides integration with JIRA, Google Drive, OneLogin, Okta, Microsoft Active Directory and PingOne, and it provides users with a single sign-on option. It is available in a subscription pricing option. Online and phone-based support is available, as is a knowledge base.
Sara from Focus Mobility
Employees number: 1 employee
It's essential to meet these objectives not only for legal, security, and governance, but also in furthering and enhancing mobility capabilities across the enterprise, and add new solutions as the proliferation of connected devices continues to accelerate.
As a non-technical founder, I evaluated this product on behalf of our customer/prospects. Its intuitive, easy to follow workflows in managing the complexity of rapidly changing and dynamic requirements in compliance, governance, and security are issues that are top of mind early in the product design and discovery phase. Having a trusted partner provides reassurances and more holistic solutions to meet these challenges and increase value.
The only cons are related to having not used the product as an end user, but rather evaluated from demos, meetings, and whitepapers to enhance customer value and as a potential partner.
Pramod from CUNA Mutual Group
Employees number: 1,001-5,000 employees
ZenGRC is a great tool for managing different audits. I love the workflow from starting multiple requests to collecting and accepting evidences. It is reducing the manual effort of tracking requests in excel file. The audit report matrix gives a solid picture for management to track and find the status of the active audit.
The tool needs some enhancements and bug fix to add value to the customers and be user friendly. We are actively using the tool to manage our PCI audit. There are some features that needs to be added to save time during evidence collection and verifying process. I do not think the ZenGRC has met their SLA for customer support. I hope they work on redefining their SLA for their customer.
Leo from FanDuel
Employees number: 1,001-5,000 employees
It does everything I need in a fraction of the time. It is efficient and very easy to navigate around.
Easy to set up and begin recording and reporting on risks. All our compliance requirements in one central place and accessable by a few clicks of a button.
It needs more reporting and visual features as my target audience need more graphs and items to show different risk profiles, risk appetite, thresholds etc
Faisal from Vision Critical
Employees number: 501-1,000 employees
Since implementing ZenGRC, Vision Critical has improved our ability to effectively and efficiently manage our compliance audits. ZenGRC provides a user-friendly mechanism for submitting evidence and ensuring that appropriate artifacts have been submitted. Furthermore, The ZenGRC dashboards allow Vision Critical to manage and track multiple audits and risk items, while delivering successful results.
We are anxiously awaiting storage integration with AWS S3 and will continue to review other potential solutions with Reciprocity labs.
William from Omada Health, Inc.
Employees number: 201-500 employees
ZenGRC is the easiest to use, and most flexible, GRC tool on the market. It is simple enough that even small organizations will find it useful, but powerful enough to help the largest of companies. Its power comes from the way it links objects to each other. Controls, objectives, threats, risks, systems, vendors, customers, contracts, etc. are all cross linked to each other. And best of all, Reciprocity has a vast library of compliance standards that are cross-linked. Because of this, you can have a single set of master controls that are linked to PCI, SOC2, HIPAA, HITRUST, NIST, ISO, or whatever other frameworks you are using. Simplifies and "audit once" methodology for companies that deal with many different standards.
Additionally, the risk management capabilities of ZenGRC make it easy to integrate enterprise risk management into your overall compliance program.
There are few pieces of software I can't live without, but ZenGRC is one I'd fight for at any company I joined.
Ease of use
Relationships of objects
Once we were comfortable with the software, we redesigned our risk management and policy management programs around the way the software works. It ended up being more intuitive that the way we were doing them before. It's a powerful tool that enables collaboration between the security, compliance and privacy teams.
Gemma from Airbnb
We used to spend a ton of time sending emails to manage issue tracking and resolution for audits. ZenGRC makes tracking issues incredibly simple.
Dave from Access Corp
Before ZenGRC, we used spreadsheets and emails to manage our audits. After using ZenGRC, I'll never go back. Their Customer Success team is amazing. They go above and beyond to make sure that we're well taken care of.
David from Peak 10, Inc.
ZenGRC has been a great help for managing our assessments. The system is flexible, easy to use and constantly improving with regular updates.