ZenGRC Software


 

ZenGRC is a cloud-based and on-premise governance, risk and compliance (GRC) management solution. It serves businesses of all sizes in any industry, including technology, retail, consumer goods, health care and finance. Primary features include audit management, compliance management, contract and policy management, risk assessment and reporting.

ZenGRC helps users in internal auditing, compliance and information security teams. With it, these teams can manage and implement audit and compliance processes. It automates audit evidence collection, routine compliance and helps with the creation of new compliance programs. Other features include team collaboration, role-based access, project management, import and export and dashboards.

ZenGRC offers content and regular upgrades for COBIT 5, COSO, FedRAMP, HIPAA, PCI-DSS and SOX compliance programs. It provides integration with JIRA, Google Drive, OneLogin, Okta, Microsoft Active Directory and PingOne, and it provides users with a single sign-on option. It is available in a subscription pricing option. Online and phone-based support is available, as is a knowledge base.

 

ZenGRC - Audit management
 
  • ZenGRC - Audit management
    Audit management
  • ZenGRC - Control policy
    Control policy
  • ZenGRC - Dashboard
    Dashboard
  • ZenGRC - Evidence gathering
    Evidence gathering
  • ZenGRC - New audit
    New audit
  • ZenGRC - Workflow management
    Workflow management
Supported Operating System(s):
Windows 7, Windows Vista, Windows XP, Mac OS, Web browser (OS agnostic), Windows 2000, Windows 8

19 Reviews of ZenGRC

 

Start your review of ZenGRC

Click to start
https://www.softwareadvice.com/risk-management/zengrc-review/
Software Advice Reviews (2)
More Reviews (17)

Showing 1-2 of 2

Ankit from International Flavors & Fragrances
Specialty: Engineering
Number of employees: 5,001-10,000 employees Employees number: 5,001-10,000 employees

December 2017

December 2017

Great GRC Tool

Ease-of-use

Functionality

Product Quality

Customer Support

Value for Money

Great Tool Overall

Pros

It gives me everything I need in regards to dashboards, heatmaps and condensing all of my risks and regulations.
The evidence collection and workflows replaced what was an otherwise tedious and duplicative process with JIRA tickets.

Cons

Needs more reporting functions and different dashboard types
A fair amount of things you have to edit by exporting to CSV, editing in your favorite spreadsheet app, then re-importing, so it would be nice if some of that functionality was built into the U

Review Source
 
 

Sara from Focus Mobility
Specialty: Other
Number of employees: 1 employee Employees number: 1 employee

August 2017

August 2017

Intuitive and User-friendly Approach to Managing Complex Business Processes

Ease-of-use

Functionality

Product Quality

Customer Support
N/A

It's essential to meet these objectives not only for legal, security, and governance, but also in furthering and enhancing mobility capabilities across the enterprise, and add new solutions as the proliferation of connected devices continues to accelerate.

Pros

As a non-technical founder, I evaluated this product on behalf of our customer/prospects. Its intuitive, easy to follow workflows in managing the complexity of rapidly changing and dynamic requirements in compliance, governance, and security are issues that are top of mind early in the product design and discovery phase. Having a trusted partner provides reassurances and more holistic solutions to meet these challenges and increase value.

Cons

The only cons are related to having not used the product as an end user, but rather evaluated from demos, meetings, and whitepapers to enhance customer value and as a potential partner.

Review Source
 
 
 
Showing 1-17 of 17


July 2018

July 2018

Great Compliance / Audit Tool

Ease-of-use

Functionality

Product Quality

Customer Support

Value for Money

Ease-of-use
Usability
Functionality
Functionality
Product Quality
Quality
Value for Money
Value
Support

Automating our audit and compliance issues into one platform that is easily accessible when needed to pull these files.

Pros

This tool is very user friendly and navigation is around. It gives us one single platform to keep our audits managed efficiently and easily accessed if needed. We now have a tracking system for our compliance issues to resolve them swiftly and avoid fines and penalties to stay compliant. This tool has been a great organizational tool with many features to save time with tedious audits.

Cons

There could be more reporting features available. There seems to be a lot of editing involved to download and/or export documents. If this was a built in feature with this software that would be helpful.

Review Source: Capterra
 

Darcy from GitHub Inc.

May 2018

May 2018

ZenGRC Product and Team is great to work with

Ease-of-use

Functionality

Product Quality

Customer Support

Value for Money

Ease-of-use
Usability
Functionality
Functionality
Product Quality
Quality
Value for Money
Value
Support
Pros

The team loves the flexibility of the tool, and how we can adapt the models to work that is not traditional controls development, testing and tracking.

Cons

I cannot think of anything my team does not like about the product and services. We are very happy with out purchase.

Review Source: Capterra
 

Andrew from Bentley Systems
Number of employees: 1,001-5,000 employees Employees number: 1,001-5,000 employees

May 2018

May 2018

Logical and minimal approach to GRC saves time!

Ease-of-use

Functionality

Product Quality

Customer Support

Value for Money

Ease-of-use
Usability
Functionality
Functionality
Product Quality
Quality
Value for Money
Value
Support

One of the biggest benefits that has made a huge impact is the time savings we've achieved in our IT Security group by using ZenGRC. Our old email/spreadsheet process would be a multi-week process, cause confusion every audit and often get us lost in the weeds of details when we needed to be focusing on the auditors. The first audit we ran through ZenGRC saved us literally a full week of time that would have been dedicated to reviewing evidence submission via email and spreadsheets. Having ZenGRC in place allowed us to put multiple review points in place BEFORE the evidence came to our group for review practically eliminating the requirement of follow-up request corrections.

Pros

ZenGRC brings all the tools you need to run a successful GRC program to the table in a clear, concise and minimalist package that's nimble and efficient. Our company had been utilizing the old method of email/spreadsheets and was getting lost in the weeds even on the smallest of audits and struggling to keep up each year to stay ahead. Our evaluations with other tools fell flat, didn't meet our requirements or introduced complexity. Our evaluation of ZenGRC started with skepticism, but quickly turned positive once we realized how logically organized the system was on the back-end. During our testing period, we were able to quickly create a Sarbanes-Oxley program, using both their template import and the GUI, in a matter of days. Since that time only a few short weeks ago we have now almost completed a full internal audit of our SOX program, complete with evidence collection and control evaluations. Our rough estimate has us gaining back a full week of time from previous audits last year and year prior using the old email/spreadsheet method. We are now rolling out an ISO27001, SOC2 and internal security control framework on the heels of the SOX success.

Cons

As with any SaaS from a small company that is new to market (less than 5 years), there are aspects of the tool that require some creative thinking and clever workarounds. This is not necessarily a dislike in my opinion, however less technical individuals may find this aspect difficult or troublesome. ZenGRC staff do redeem themselves on this front as they're quick to respond to feature requests and have already implemented several suggestions our team has submitted. Since starting to use the product, they have continually updated the product with new features, fixes and updates to existing functionality.

Review Source: Capterra
 

Pramod from Cuna Mutual Group
Number of employees: 1,001-5,000 employees Employees number: 1,001-5,000 employees

April 2018

April 2018

I have been actively using this tool for my PCI and SOC2 audit. This a great workflow tool.

Ease-of-use

Functionality

Product Quality

Customer Support

Value for Money

Ease-of-use
Usability
Functionality
Functionality
Product Quality
Quality
Value for Money
Value
Support

I am able to manage multiple audits and collect and test evidences from different customer with less amount of manual work.l

Pros

Managing multiple audits in one platform in the past we used to track our communication via email and in spreadsheet and now we can have log of each communication via this tool.

Cons

Audit manager are not able to choose the request template based on the different types of audit frameworks.

Review Source: Capterra
 


February 2018

February 2018

Great customization for GRC software

Ease-of-use

Functionality

Product Quality

Customer Support

Value for Money

Ease-of-use
Usability
Functionality
Functionality
Product Quality
Quality
Value for Money
Value
Support
Pros

Software has a simple user interface which is easy to use and customize. This exceeds expectations compared to its competitors.

Cons

The reporting side could be better. I did like to see more metric visuals based on the target audience

Review Source: Capterra
 

Darcy from GitHub Inc.

November 2017

November 2017

Great team to work with!

Ease-of-use

Functionality

Product Quality

Customer Support

Value for Money

Ease-of-use
Usability
Functionality
Functionality
Product Quality
Quality
Value for Money
Value
Support
Pros

ZenGRC has allowed my team to move from a spreadsheet driven workflow to building an effective foundation for scaling our compliance and risk focused work. On top of this, the level of professionalism, responsiveness and practical advice makes the ZenGRC team stand out as a vendor who is an extension of our team, as opposed to just another tooling vendor.

Review Source: Capterra
 

Julie from Montgomery College
Number of employees: 1,001-5,000 employees Employees number: 1,001-5,000 employees

November 2017

November 2017

Reciprocity is an invaluable partner in meeting our data management needs.

Ease-of-use

Functionality

Product Quality

Customer Support

Value for Money

Ease-of-use
Usability
Functionality
Functionality
Product Quality
Quality
Value for Money
Value
Support
Pros

The ability to customize the use of the software to meet our unique needs. The technical folks also understand our use case and suggest different ways for us to think about our data and how best to represent it. I like way the system has matured and is tying various elements together (like audit and risk). Customer service is excellent and I really, really like having the same person to deal with all the time. This eliminates having to re-explain your data set to the next help desk guy.

Cons

While many of the changes to the system have been helpful, the constant changes can be hard to keep up with and difficult to plan how to expand our use of the system.

Review Source: Capterra
 

Travis from Amperity
Number of employees: 11-50 employees Employees number: 11-50 employees

November 2017

November 2017

ZenGRC Delivers Compliance and Automation

Ease-of-use

Functionality

Product Quality

Customer Support

Value for Money

Ease-of-use
Usability
Functionality
Functionality
Product Quality
Quality
Value for Money
Value
Support

The immediate benefits are streamlining of processes and simplification of evidence collection. What used to be a multi-step JIRA project with a manual review, then publishing to a separate project where our auditors could view the evidence, is now a simple workflow. This is a huge timesaver and makes the audit process as painless as possible.

Pros

Simple, easy to use, despite managing complex workflows and multiple audits across ,multiple teams. Easy to import specific controls and modify existing control sets to meet our needs as necessary. Audit readiness dashboard is critical as you prepare for new compliance initiatives or are questioned on "how difficult" it would be to be to become compliant with a specific regulation or framework to close a deal.

Cons

The JIRA integration is improving in significant ways, however the complexity and manner with which we implemented JIRA makes an effective integration difficult and as a result the immediate integration is not as useful as we would like to see. That being said, the two-way sync has made a dramatic improvements, and for most customers, the existing integration is likely more than sufficient.

Review Source: Capterra
 

Dave from Greenhouse Software
Number of employees: 201-500 employees Employees number: 201-500 employees

September 2017

September 2017

ZenGRC is a major part of our successful compliance programs

Ease-of-use

Functionality

Product Quality

Customer Support

Value for Money

Ease-of-use
Usability
Functionality
Functionality
Product Quality
Quality
Value for Money
Value
Support

Because it's so well organized we've managed to keep the required staff to manage compliance at a minimum.

Pros

I have been using ZenGRC for over two years now and it has been an essential tool helping us get and stay organized when we embarked on gaining a SOC 2 attestation. We have since been through two SOC 2 audits and are using ZenGRC to help us assess and remediate our gaps against ISO 27001.

Cons

There's still a some things you have to edit by exporting to CSV, editing in your favorite spreadsheet app, then re-importing, so it would be nice if some of that functionality was built into the UI. That being said, that workflow is actually ideal for some tasks.

Our last audit firm wasn't able to use the app directly for requesting and managing audit evidence so there was a bit of duplication of effort. The ZenGRC team is making some changes to make that better though.

Review Source: Capterra
 

Dana from Simple

September 2017

September 2017

ZenGRC is the perfect solution for our compliance and audit teams at our tech company

Ease-of-use

Functionality

Product Quality

Customer Support

Value for Money

Ease-of-use
Usability
Functionality
Functionality
Product Quality
Quality
Value for Money
Value
Support
Pros

ZenGRC has a nice user interface and is fairly intuitive to use. I can't tell you how many horrible GRC tools I've used. ZenGRC is refreshing.

Cons

I would love to see a way to use ZenGRC as a tool to automate audit workprograms, testing, spreadsheets and reporting.

Review Source: Capterra
 

Pramod from CUNA Mutual Group
Number of employees: 1,001-5,000 employees Employees number: 1,001-5,000 employees

September 2017

September 2017

ZenGRC is a great workflow tool from starting a request to collect evidences and close out request.

Ease-of-use

Functionality

Product Quality

Customer Support

Value for Money

Ease-of-use
Usability
Functionality
Functionality
Product Quality
Quality
Value for Money
Value
Support

ZenGRC is a great tool for managing different audits. I love the workflow from starting multiple requests to collecting and accepting evidences. It is reducing the manual effort of tracking requests in excel file. The audit report matrix gives a solid picture for management to track and find the status of the active audit.

Cons

The tool needs some enhancements and bug fix to add value to the customers and be user friendly. We are actively using the tool to manage our PCI audit. There are some features that needs to be added to save time during evidence collection and verifying process. I do not think the ZenGRC has met their SLA for customer support. I hope they work on redefining their SLA for their customer.

Review Source: Capterra
 

Leo from FanDuel
Number of employees: 1,001-5,000 employees Employees number: 1,001-5,000 employees

July 2017

July 2017

Best GRC tool I have used. It's easy and user friendly for risk and compliance requirements

Ease-of-use

Functionality

Product Quality

Customer Support

Value for Money

Ease-of-use
Usability
Functionality
Functionality
Product Quality
Quality
Value for Money
Value
Support

It does everything I need in a fraction of the time. It is efficient and very easy to navigate around.

Pros

Easy to set up and begin recording and reporting on risks. All our compliance requirements in one central place and accessable by a few clicks of a button.

Cons

It needs more reporting and visual features as my target audience need more graphs and items to show different risk profiles, risk appetite, thresholds etc

Review Source: Capterra
 

Faisal from Vision Critical
Number of employees: 501-1,000 employees Employees number: 501-1,000 employees

June 2017

June 2017

Effective and Efficient

Ease-of-use

Functionality

Product Quality

Customer Support

Value for Money

Ease-of-use
Usability
Functionality
Functionality
Product Quality
Quality
Value for Money
Value
Support
Pros

Since implementing ZenGRC, Vision Critical has improved our ability to effectively and efficiently manage our compliance audits. ZenGRC provides a user-friendly mechanism for submitting evidence and ensuring that appropriate artifacts have been submitted. Furthermore, The ZenGRC dashboards allow Vision Critical to manage and track multiple audits and risk items, while delivering successful results.

Cons

We are anxiously awaiting storage integration with AWS S3 and will continue to review other potential solutions with Reciprocity labs.

Review Source: Capterra
 

William from Omada Health, Inc.
Number of employees: 201-500 employees Employees number: 201-500 employees

April 2017

April 2017

Best Governance, Risk and Compliance tool on the market

Ease-of-use

Functionality

Product Quality

Customer Support

Value for Money

Ease-of-use
Usability
Functionality
Functionality
Product Quality
Quality
Value for Money
Value
Support

ZenGRC is the easiest to use, and most flexible, GRC tool on the market. It is simple enough that even small organizations will find it useful, but powerful enough to help the largest of companies. Its power comes from the way it links objects to each other. Controls, objectives, threats, risks, systems, vendors, customers, contracts, etc. are all cross linked to each other. And best of all, Reciprocity has a vast library of compliance standards that are cross-linked. Because of this, you can have a single set of master controls that are linked to PCI, SOC2, HIPAA, HITRUST, NIST, ISO, or whatever other frameworks you are using. Simplifies and "audit once" methodology for companies that deal with many different standards.

Additionally, the risk management capabilities of ZenGRC make it easy to integrate enterprise risk management into your overall compliance program.

There are few pieces of software I can't live without, but ZenGRC is one I'd fight for at any company I joined.

Pros

Ease of use
Relationships of objects
Standards library

Advice to Others

Once we were comfortable with the software, we redesigned our risk management and policy management programs around the way the software works. It ended up being more intuitive that the way we were doing them before. It's a powerful tool that enables collaboration between the security, compliance and privacy teams.

Review Source: Capterra
 

Gemma from Airbnb

April 2017

April 2017

Streamlining issue management

Ease-of-use

Functionality

Product Quality

Customer Support

Value for Money

Ease-of-use
Usability
Functionality
Functionality
Product Quality
Quality
Value for Money
Value
Support

We used to spend a ton of time sending emails to manage issue tracking and resolution for audits. ZenGRC makes tracking issues incredibly simple.

Review Source: Capterra
 

Dave from Access Corp

March 2017

March 2017

Great compliance tool

Ease-of-use

Functionality

Product Quality

Customer Support

Value for Money

Ease-of-use
Usability
Functionality
Functionality
Product Quality
Quality
Value for Money
Value
Support

Before ZenGRC, we used spreadsheets and emails to manage our audits. After using ZenGRC, I'll never go back. Their Customer Success team is amazing. They go above and beyond to make sure that we're well taken care of.

Review Source: Capterra
 

David from Peak 10, Inc.

March 2017

March 2017

Audit Management Made Easy

Ease-of-use

Functionality

Product Quality

Customer Support

Value for Money

Ease-of-use
Usability
Functionality
Functionality
Product Quality
Quality
Value for Money
Value
Support

ZenGRC has been a great help for managing our assessments. The system is flexible, easy to use and constantly improving with regular updates.

Review Source: Capterra

  Response: RECIPROCITY, Reciprocity

Date: April 2017

April 2017

 

Thanks for submitting your review! We're pleased to hear that you are getting a lot of value out of ZenGRC.