# Best Vendor Security and Privacy Assessment Software *By [Brandon Summers-Miller](https://research.g2.com/insights/author/brandon-summers-miller)* Vendor security and privacy assessment software helps companies manage cybersecurity and privacy risk assessment processes when identifying, evaluating, and regularly reevaluating their vendors, service providers, and other third parties. The purpose of this software is to help companies understand the privacy and cybersecurity risks associated with doing business with specific prospective and existing third parties. Vendor security and privacy assessments often include reviewing and scoring a vendor’s cybersecurity policies, documentation, results of recent audits, certifications, and legal agreements on how sensitive or personally identifying data will be accessed, used, processed, or sold as defined by data privacy laws such as the GDPR or CCPA. Vendor security and privacy assessment software assists two constituencies—both the company and the third party they do business with. Companies use this software to assess the cybersecurity and data privacy compliance of their third-party vendors, while vendors use this software to more easily reply to buyers’ questionnaires and publish their company’s cybersecurity and data privacy compliance information in a centralized, up-to-date, and referenceable exchange. This software allows vendors to use the same responses across multiple customer assessments, as well as proactively share information with customers, which saves the vendor time instead of manually editing individual spreadsheets or forms. On the customer side, vendor security and privacy assessment software is typically managed by information security teams. On the vendor side, sales teams typically use the software to distribute security and privacy compliance information to prospective customers. Vendor security and privacy assessment software often integrates with other software tools, including [CRM software](https://www.g2.com/categories/crm), [governance, risk & compliance software](https://www.g2.com/categories/governance-risk-compliance) , and [cybersecurity services providers](https://www.g2.com/categories/cybersecurity-services), such as ratings services providers. Vendor security and privacy assessment software is for evaluating external parties and therefore is different from internal privacy or security risk assessment processes which utilize software such as [privacy impact assessment (PIA) software](https://www.g2.com/categories/privacy-impact-assessment-pia) or [security risk analysis software](https://www.g2.com/categories/security-risk-analysis). This software is also different from [IT risk management software](https://www.g2.com/categories/it-risk-management), which monitors risk of a company’s internal systems or data use. Vendor security and privacy assessment software is similar to, but narrower in scope than [vendor management software](https://www.g2.com/categories/vendor-management) and [third party & supplier risk management software](https://www.g2.com/categories/third-party-supplier-risk-management), which evaluates risk more broadly than security or privacy, such as financial fraud, corruption, or human rights violations. To qualify for inclusion in the Vendor Security and Privacy Assessment category, a product must: - Enable vendors to own, manage, and publish a company profile containing cybersecurity and data privacy compliance information and documentation - Allow companies to assess vendor profiles in a centralized catalog, as well as by utilizing workflow to engage with vendors and request documentation such as security questionnaires, audits, certifications, etc. - Provide customer-facing teams with workflow to easily share access to the company’s vendor profile, including the ability to link to the profile on a company website or in marketing materials - Facilitate automated notifications, alerts, and reminders for specific actions including upcoming assessments, profile access requests, etc. - Support standardized security and privacy framework questionnaire templates commonly requested by customers, such as CAIQ, SIG, NIST, VSA, GDPR, ISO 27001, Privacy Shield, etc. ## Category Overview **Total Products under this Category:** 126 ## Trust & Credibility Stats **Why You Can Trust G2's Software Rankings:** - 30 Analysts and Data Experts - 15,000+ Authentic Reviews - 126+ Products - Unbiased Rankings G2's software rankings are built on verified user reviews, rigorous moderation, and a consistent research methodology maintained by a team of analysts and data experts. Each product is measured using the same transparent criteria, with no paid placement or vendor influence. While reviews reflect real user experiences, which can be subjective, they offer valuable insight into how software performs in the hands of professionals. Together, these inputs power the G2 Score, a standardized way to compare tools within every category. ## Best Vendor Security and Privacy Assessment Software At A Glance - **Leader:** [Vanta](https://www.g2.com/products/vanta/reviews) - **Highest Performer:** [RiskProfiler - External Threat Exposure Management](https://www.g2.com/products/riskprofiler-external-threat-exposure-management/reviews) - **Easiest to Use:** [Sprinto](https://www.g2.com/products/sprinto-inc/reviews) - **Top Trending:** [Vanta](https://www.g2.com/products/vanta/reviews) - **Best Free Software:** [Vendor Risk](https://www.g2.com/products/vendor-risk/reviews) --- **Sponsored** ### Conveyor Conveyor is the market-leading AI security review automation platform that helps infosec & presales teams automate the entire security review -- from security questionnaire completion and sharing security documentation like a SOC 2 in one-click. With AI so accurate, you can even pass most of your security review workflows to our new AI Agent for Customer Trust. Why teams love Conveyor: 1. The only trust center to offer an upload questionnaire for instant answers experience along with all the bells & whistles to share security documentation at scale 2. Plus, AI-questionnaire response to auto-generate 95%+ accurate answers to entire questionnaires so you can speed through review. [Visit website](https://www.g2.com/external_clickthroughs/record?secure%5Bad_program%5D=ppc&secure%5Bad_slot%5D=category_product_list&secure%5Bcategory_id%5D=2445&secure%5Bdisplayable_resource_id%5D=2445&secure%5Bdisplayable_resource_type%5D=Category&secure%5Bmedium%5D=sponsored&secure%5Bplacement_reason%5D=page_category&secure%5Bplacement_resource_ids%5D%5B%5D=2445&secure%5Bprioritized%5D=false&secure%5Bproduct_id%5D=75579&secure%5Bresource_id%5D=2445&secure%5Bresource_type%5D=Category&secure%5Bsource_type%5D=category_page&secure%5Bsource_url%5D=https%3A%2F%2Fwww.g2.com%2Fcategories%2Fvendor-security-and-privacy-assessment&secure%5Btoken%5D=f963cb0cd1a15f885e981f3d67c6b1999945425bfff9914f6c80d138e88681ec&secure%5Burl%5D=https%3A%2F%2Fwww.conveyor.com&secure%5Burl_type%5D=company_website) --- ## Top-Rated Products (Ranked by G2 Score) ### 1. [Vanta](https://www.g2.com/products/vanta/reviews) Vanta is the leading Agentic Trust Platform helping 15k+ companies—like Atlassian, Duolingo, Golden State Warriors, and Icelandair—start and scale their security programs and build trust with buyers. Vanta saves security teams time and improves program visibility by automating 35+ compliance frameworks, such as SOC 2 and ISO 27001, and GRC workflows, like risk management. **Average Rating:** 4.6/5.0 **Total Reviews:** 2,416 **User Satisfaction Scores:** - **Ease of Admin:** 8.9/10 (Category avg: 9.0/10) - **Risk Scoring:** 8.6/10 (Category avg: 8.8/10) - **Questionnaire Templates:** 8.4/10 (Category avg: 8.6/10) - **4th Party Assessments:** 7.7/10 (Category avg: 7.9/10) **Seller Details:** - **Seller:** [Vanta](https://www.g2.com/sellers/vanta) - **Company Website:** https://www.vanta.com/ - **Year Founded:** 2018 - **HQ Location:** San Francisco, California - **Twitter:** @TrustVanta (4,618 Twitter followers) - **LinkedIn® Page:** https://www.linkedin.com/company/vanta-security/ (1,624 employees on LinkedIn®) **Reviewer Demographics:** - **Who Uses This:** CTO, CEO - **Top Industries:** Computer Software, Information Technology and Services - **Company Size:** 56% Small-Business, 38% Mid-Market #### Pros & Cons **Pros:** - Ease of Use (798 reviews) - Compliance (606 reviews) - Integrations (463 reviews) - Automation (457 reviews) - Time-saving (446 reviews) **Cons:** - Integration Issues (207 reviews) - Pricing Issues (178 reviews) - Expensive (173 reviews) - Limited Integrations (172 reviews) - Missing Features (165 reviews) ### 2. [Vendor Risk](https://www.g2.com/products/vendor-risk/reviews) UpGuard Vendor Risk is an AI-powered third-party cyber risk management (TPCRM) solution that empowers security teams to eliminate the response gap and take control of their vendor ecosystem. As part of the UpGuard Cyber Risk Posture Management (CRPM) platform, it integrates seamlessly with Breach Risk and User Risk to provide a unified defense against modern cyber threats. As organizations scale, their reliance on third-party vendors expands, creating dangerous blind spots across their supply chain. Traditional assessment methods often rely on point-in-time questionnaires, leaving teams vulnerable to hidden control gaps and unmonitored shifts in a vendor's security posture. Vendor Risk solves this by combining continuous monitoring, AI-powered document analysis, and security questionnaire automation into a single, scalable platform. Key Capabilities: • Continuous Monitoring & Security Ratings: Get a complete picture of your vendor ecosystem. Vendor Risk proactively monitors all your vendors with daily scanning and objective, industry-leading security ratings. Continuous monitoring ensures you are instantly alerted to critical shifts in a vendor's security posture, even between assessments. • AI-Powered Vendor Assessments: Double your assessment speed. UpGuard AI instantly analyzes vendor documentation to uncover control gaps and risks in minutes. It gives you a clear view of which controls are met or failed, the exact risks present, and the actionable remediation steps required—meaning far less evidence chasing. • Security Questionnaire Automation: Move beyond manual spreadsheets. Leverage automation and a complete library of pre-configured questionnaires—including NIST, ISO, SIG, and regional regulations like DORA—to quickly fill any information gaps. Centralized intelligence consolidates vendor communications, cutting manual assessment work by up to 90%. • Reporting & Program Oversight: Scale without limits. Generate accurate, point-in-time risk assessment reports in under a minute using UpGuard AI. With intuitive, one-click reporting, security teams can easily communicate current risks and compliance status to stakeholders like the board or C-Suite. By translating complex third-party risks into objective, quantifiable Security Ratings, UpGuard Vendor Risk enables security leaders to benchmark vendor performance, accelerate onboarding workflows, and confidently prove supply chain risk reduction to the board. **Average Rating:** 4.5/5.0 **Total Reviews:** 693 **User Satisfaction Scores:** - **Ease of Admin:** 9.1/10 (Category avg: 9.0/10) - **Risk Scoring:** 8.8/10 (Category avg: 8.8/10) - **Questionnaire Templates:** 8.5/10 (Category avg: 8.6/10) - **4th Party Assessments:** 7.9/10 (Category avg: 7.9/10) **Seller Details:** - **Seller:** [UpGuard](https://www.g2.com/sellers/upguard) - **Company Website:** https://upguard.com - **Year Founded:** 2012 - **HQ Location:** Mountain View, California - **Twitter:** @UpGuard (8,722 Twitter followers) - **LinkedIn® Page:** https://www.linkedin.com/company/upguard/ (322 employees on LinkedIn®) **Reviewer Demographics:** - **Who Uses This:** CISO, Security Analyst - **Top Industries:** Financial Services, Information Technology and Services - **Company Size:** 47% Enterprise, 38% Mid-Market #### Pros & Cons **Pros:** - Ease of Use (267 reviews) - Security (151 reviews) - Risk Management (140 reviews) - Time-saving (111 reviews) - Customer Support (109 reviews) **Cons:** - Lack of Clarity (56 reviews) - Expensive (38 reviews) - Limited Functionality (36 reviews) - Improvement Needed (28 reviews) - Limited Customization (27 reviews) ### 3. [Drata](https://www.g2.com/products/drata/reviews) Drata is a security and compliance automation platform that continuously monitors and collects evidence of a company's security controls, while streamlining compliance workflows end-to-end to ensure audit readiness. Drata helps thousands of companies streamline their compliance efforts through continuous, automated control monitoring and evidence collection, resulting in lower costs and time spent preparing for annual audits and better overall security posture. Drata's supported frameworks include: SOC 2, ISO 27001, HIPAA, GDPR, PCI DSS, CCPA, CCM, CMMC, ISO 27701, ISO 27017, ISO 27018, Cyber Essentials, Microsoft SSPA, NIST 800-53, NIST CSF, NIST AI, FFIEC, NIST 800-171, and Custom Frameworks. Drata is backed by ICONIQ Growth, GGV Capital, SVCI (Silicon Valley CISO Investments), Okta Ventures, Salesforce Ventures, Cowboy Ventures, Leaders Fund, SV Angel, and many key industry leaders. **Average Rating:** 4.7/5.0 **Total Reviews:** 1,148 **User Satisfaction Scores:** - **Ease of Admin:** 9.2/10 (Category avg: 9.0/10) - **Risk Scoring:** 8.8/10 (Category avg: 8.8/10) - **Questionnaire Templates:** 8.6/10 (Category avg: 8.6/10) - **4th Party Assessments:** 8.1/10 (Category avg: 7.9/10) **Seller Details:** - **Seller:** [Drata](https://www.g2.com/sellers/drata) - **Company Website:** https://drata.com/ - **Year Founded:** 2020 - **HQ Location:** San Diego, US - **Twitter:** @DrataHQ (1,509 Twitter followers) - **LinkedIn® Page:** https://www.linkedin.com/company/drata/ (690 employees on LinkedIn®) **Reviewer Demographics:** - **Who Uses This:** CTO, CEO - **Top Industries:** Computer Software, Information Technology and Services - **Company Size:** 52% Small-Business, 43% Mid-Market #### Pros & Cons **Pros:** - Customer Support (161 reviews) - Ease of Use (148 reviews) - Compliance (130 reviews) - Time-saving (106 reviews) - Integrations (103 reviews) **Cons:** - Limited Integrations (47 reviews) - Improvements Needed (42 reviews) - Integration Issues (41 reviews) - Lack of Clarity (31 reviews) - Missing Features (24 reviews) ### 4. [Sprinto](https://www.g2.com/products/sprinto-inc/reviews) Sprinto is the world's first Autonomous Trust Platform, detecting change across your posture, determining what's at risk, and acting across compliance, vendor risk, AI governance, and more, so your organization stays trustworthy without the operational chaos. Sprinto is trusted by 3,000+ companies across 75 countries, including Emergent, CodeRabbit, Anaconda, and Whatfix. The platform supports 200+ global standards, including SOC 2, ISO 27001, GDPR, HIPAA, PCI-DSS, and ISO 42001, for AI governance across 300+ integrations. **Average Rating:** 4.8/5.0 **Total Reviews:** 1,618 **User Satisfaction Scores:** - **Ease of Admin:** 9.3/10 (Category avg: 9.0/10) - **Risk Scoring:** 9.6/10 (Category avg: 8.8/10) - **Questionnaire Templates:** 9.4/10 (Category avg: 8.6/10) - **4th Party Assessments:** 8.9/10 (Category avg: 7.9/10) **Seller Details:** - **Seller:** [Sprinto Technology Private Limited](https://www.g2.com/sellers/sprinto-technology-private-limited) - **Company Website:** https://sprinto.com/ - **Year Founded:** 2020 - **HQ Location:** San Francisco, US - **Twitter:** @sprintoHQ (13,303 Twitter followers) - **LinkedIn® Page:** https://www.linkedin.com/company/sprinto-com (460 employees on LinkedIn®) **Reviewer Demographics:** - **Who Uses This:** CTO, CEO - **Top Industries:** Computer Software, Information Technology and Services - **Company Size:** 56% Small-Business, 42% Mid-Market #### Pros & Cons **Pros:** - Ease of Use (418 reviews) - Customer Support (346 reviews) - Compliance (324 reviews) - Helpful (320 reviews) - Compliance Management (275 reviews) **Cons:** - Integration Issues (74 reviews) - Limited Integrations (42 reviews) - Limited Customization (41 reviews) - Unclear Guidance (41 reviews) - Software Bugs (40 reviews) ### 5. [Secureframe](https://www.g2.com/products/secureframe/reviews) Secureframe empowers businesses to build trust with customers by simplifying information security and compliance through AI and automation. Thousands of organizations such as AngelList, Nasdaq, Coda, and Remote trust Secureframe to help them obtain and maintain compliance with global information security standards. **Average Rating:** 4.7/5.0 **Total Reviews:** 794 **User Satisfaction Scores:** - **Ease of Admin:** 9.0/10 (Category avg: 9.0/10) - **Risk Scoring:** 9.1/10 (Category avg: 8.8/10) - **Questionnaire Templates:** 8.7/10 (Category avg: 8.6/10) - **4th Party Assessments:** 8.0/10 (Category avg: 7.9/10) **Seller Details:** - **Seller:** [Secureframe](https://www.g2.com/sellers/secureframe) - **Company Website:** https://secureframe.com/ - **Year Founded:** 2020 - **HQ Location:** San Francisco, US - **Twitter:** @secureframe (2,234 Twitter followers) - **LinkedIn® Page:** https://www.linkedin.com/company/secureframe/ (125 employees on LinkedIn®) **Reviewer Demographics:** - **Who Uses This:** CEO, CTO - **Top Industries:** Computer Software, Information Technology and Services - **Company Size:** 66% Small-Business, 30% Mid-Market #### Pros & Cons **Pros:** - Ease of Use (663 reviews) - Compliance (560 reviews) - Automation (422 reviews) - Security (406 reviews) - Integrations (390 reviews) **Cons:** - Integration Issues (188 reviews) - Limited Integrations (145 reviews) - Limited Customization (141 reviews) - Improvements Needed (110 reviews) - Missing Features (109 reviews) ### 6. [Scrut Automation](https://www.g2.com/products/scrut-automation/reviews) Scrut Automation is a leading compliance automation platform designed for fast-growing businesses looking to streamline security, risk, and compliance without disrupting operations. It centralizes compliance functions, automates evidence collection, and simplifies audits, helping security teams reduce compliance efforts by up to 80%. Scrut supports 60+ out-of-the-box frameworks, including SOC 2, ISO 27001, GDPR, HIPAA, and PCI-DSS, with the flexibility to add custom frameworks for unique regulatory needs. With 100+ integrations, Scrut seamlessly integrates into your security and IT ecosystem, automating compliance, eliminating manual work, and improving risk visibility. Join 1700+ industry leaders who trust Scrut for simplified compliance and risk management. Schedule a demo today. **Average Rating:** 4.9/5.0 **Total Reviews:** 1,298 **User Satisfaction Scores:** - **Ease of Admin:** 9.6/10 (Category avg: 9.0/10) - **Risk Scoring:** 9.2/10 (Category avg: 8.8/10) - **Questionnaire Templates:** 9.2/10 (Category avg: 8.6/10) - **4th Party Assessments:** 8.7/10 (Category avg: 7.9/10) **Seller Details:** - **Seller:** [Scrut Automation](https://www.g2.com/sellers/scrut-automation) - **Company Website:** https://www.scrut.io/ - **Year Founded:** 2022 - **HQ Location:** Palo Alto, US - **Twitter:** @scrutsocial (120 Twitter followers) - **LinkedIn® Page:** https://in.linkedin.com/company/scrut-automation (230 employees on LinkedIn®) **Reviewer Demographics:** - **Who Uses This:** CTO, CEO - **Top Industries:** Computer Software, Information Technology and Services - **Company Size:** 50% Small-Business, 48% Mid-Market #### Pros & Cons **Pros:** - Ease of Use (276 reviews) - Customer Support (249 reviews) - Compliance Management (225 reviews) - Helpful (216 reviews) - Compliance (190 reviews) **Cons:** - Improvement Needed (69 reviews) - Technical Issues (52 reviews) - Missing Features (44 reviews) - UX Improvement (44 reviews) - Learning Curve (41 reviews) ### 7. [IBM OpenPages](https://www.g2.com/products/ibm-openpages/reviews) OpenPages is an AI-powered, easy-to-use, and highly scalable GRC management solution that runs on any cloud and centralizes siloed risk management functions into a single environment. OpenPages lays emphasis upon ‘GRC is Everyone’s Business’ strategy by establishing a risk and compliance culture that promotes inclusiveness, consistency and transparency Easy-to-use, highly configurable and requires little/no training Saves time - Users are guided by an AI powered virtual assistant giving real-time answers to users. Improves data quality - AI suggested classifications help users reduce errors, mitigate risks and promote accuracy and efficiency in incident reporting and risk mitigation efforts. Reduces the knowledge gap - Users are guided by AI in the interface for areas like risk and compliance taxonomies. **Average Rating:** 4.2/5.0 **Total Reviews:** 66 **User Satisfaction Scores:** - **Ease of Admin:** 7.3/10 (Category avg: 9.0/10) - **Risk Scoring:** 9.8/10 (Category avg: 8.8/10) - **Questionnaire Templates:** 9.8/10 (Category avg: 8.6/10) - **4th Party Assessments:** 9.8/10 (Category avg: 7.9/10) **Seller Details:** - **Seller:** [IBM](https://www.g2.com/sellers/ibm) - **Year Founded:** 1911 - **HQ Location:** Armonk, NY - **Twitter:** @IBM (709,390 Twitter followers) - **LinkedIn® Page:** https://www.linkedin.com/company/1009/ (324,553 employees on LinkedIn®) - **Ownership:** SWX:IBM **Reviewer Demographics:** - **Top Industries:** Banking, Information Technology and Services - **Company Size:** 39% Mid-Market, 34% Enterprise #### Pros & Cons **Pros:** - Risk Management (12 reviews) - Time-saving (9 reviews) - Automation (7 reviews) - Ease of Use (7 reviews) - Security (7 reviews) **Cons:** - Complexity (3 reviews) - Expensive (3 reviews) - Improvement Needed (3 reviews) - Learning Curve (3 reviews) - Learning Difficulty (3 reviews) ### 8. [Thoropass](https://www.g2.com/products/thoropass/reviews) Thoropass is a modern compliance audit firm that helps organizations of all sizes build and prove trust with high-quality audits, expert guidance, and integrated security services. Combining deep auditor expertise with intuitive technology, Thoropass delivers a streamlined path to achieving and maintaining compliance with frameworks including SOC 1, SOC 2, ISO 27001, ISO 42001, HIPAA, HITRUST, GDPR, CMMC, Cyber Essentials, PCI DSS, and others. As a licensed CPA firm and CREST-accredited provider, Thoropass brings a level of credibility and rigor that scales from fast-growing startups to complex, regulated enterprises. Our auditors, security engineers, and compliance experts partner closely with customers to simplify evidence collection, reduce audit friction, and ensure results that stand up to regulator, partner, and customer scrutiny. Beyond audits, Thoropass supports the full trust-building lifecycle with penetration testing, risk assessment, access reviews, AI governance assessments, and questionnaire automation—helping teams unify compliance operations without relying on multiple vendors. Organizations choose Thoropass for our responsive expert support, consistent audit outcomes, and a service experience built for modern security and compliance teams. Thoropass is trusted by thousands of companies to prove compliance, strengthen security posture, and confidently meet the expectations of customers, auditors, and regulators. **Average Rating:** 4.7/5.0 **Total Reviews:** 574 **User Satisfaction Scores:** - **Ease of Admin:** 9.0/10 (Category avg: 9.0/10) - **Risk Scoring:** 8.8/10 (Category avg: 8.8/10) - **Questionnaire Templates:** 8.5/10 (Category avg: 8.6/10) - **4th Party Assessments:** 7.9/10 (Category avg: 7.9/10) **Seller Details:** - **Seller:** [Thoropass](https://www.g2.com/sellers/thoropass) - **Company Website:** https://thoropass.com/?utm_source=adwords&utm_medium=ppc&utm_campaign=Brand+NA&utm_term=b_thoropass - **Year Founded:** 2019 - **HQ Location:** New York - **Twitter:** @thoropass (380 Twitter followers) - **LinkedIn® Page:** https://www.linkedin.com/company/thoropass/ (232 employees on LinkedIn®) **Reviewer Demographics:** - **Who Uses This:** CEO, CTO - **Top Industries:** Computer Software, Information Technology and Services - **Company Size:** 70% Small-Business, 26% Mid-Market #### Pros & Cons **Pros:** - Ease of Use (115 reviews) - Helpful (108 reviews) - Customer Support (89 reviews) - Compliance (70 reviews) - Team Helpfulness (54 reviews) **Cons:** - Lack of Clarity (18 reviews) - Integration Issues (17 reviews) - Audit Issues (15 reviews) - Improvements Needed (14 reviews) - Limited Integrations (14 reviews) ### 9. [OneTrust Tech Risk & Compliance](https://www.g2.com/products/onetrust-tech-risk-compliance/reviews) OneTrust's Tech Risk & Compliance solution simplifies compliance and effectively manage risks. You can scale your resources and optimize your risk and compliance lifecycle by automating governance with business-ready content, guidance, and mapping. Simplify business collaboration by turning complex regulations into simple, actionable tasks that fit into your existing processes, and ensure continuous compliance. You can also mature your risk program and contextualize risk across the business to monitor over time, educate stakeholders, report to leadership, and prioritize action. Tech Risk and Compliance includes Compliance Automation and IT & Risk Management tools. Compliance Automation scales your resources while optimizing compliance processes to efficiently scope, manage, and communicate your compliance posture, empowering InfoSec and IT Compliance professionals to automate regulatory guidance, reinforce program governance, and maintain audit readiness. With Compliance Automation you can: -Simplify business collaboration to streamline compliance workflows -Deploy pre-built integrations to automate evidence collection -Collect once, comply many with 50+ ready-to-use frameworks IT Risk Management allows you to proactively identify and mitigate risk, streamline data collection, and map risk relationships to assess and quantify risk across your IT and business ecosystem. Identify risk across complex IT ecosystems by discovering information systems vulnerabilities and cybersecurity risks across an inventory of assets, processes, and vendors. Reflect the interconnected nature of how systems, data, and risk flow throughout your business to monitor changes over time. Standardize and quantify risk with context by balancing qualitative and quantitative metrics with a scalable risk methodology that can mature from a standard matrix to automated calculations to inform risk mitigation prioritization without losing critical business context. You can enhance risk ownership across the business through automation of key enterprise risk management activities such as assessments and control management to effectively engage the business, collect information, evaluate impact, and execute remediation strategies.  **Average Rating:** 4.6/5.0 **Total Reviews:** 107 **User Satisfaction Scores:** - **Ease of Admin:** 8.7/10 (Category avg: 9.0/10) - **Risk Scoring:** 8.5/10 (Category avg: 8.8/10) - **Questionnaire Templates:** 8.7/10 (Category avg: 8.6/10) - **4th Party Assessments:** 7.4/10 (Category avg: 7.9/10) **Seller Details:** - **Seller:** [OneTrust](https://www.g2.com/sellers/onetrust) - **Company Website:** https://www.onetrust.com/ - **Year Founded:** 2016 - **HQ Location:** Atlanta, Georgia - **Twitter:** @OneTrust (6,562 Twitter followers) - **LinkedIn® Page:** https://www.linkedin.com/company/10795459/ (2,489 employees on LinkedIn®) **Reviewer Demographics:** - **Top Industries:** Computer Software, Information Technology and Services - **Company Size:** 46% Mid-Market, 40% Small-Business #### Pros & Cons **Pros:** - Ease of Use (13 reviews) - Automation (10 reviews) - Compliance Management (9 reviews) - Risk Management (9 reviews) - Features (7 reviews) **Cons:** - Complex Implementation (6 reviews) - Difficult Setup (6 reviews) - Complex Setup (5 reviews) - Learning Curve (5 reviews) - Learning Difficulty (5 reviews) ### 10. [RiskProfiler - External Threat Exposure Management](https://www.g2.com/products/riskprofiler-external-threat-exposure-management/reviews) RiskProfiler is an advanced cybersecurity platform purpose-built for Continuous Threat Exposure Management (CTEM). It unifies external, cloud, vendor, and brand risk intelligence into a single ecosystem—providing organizations with real-time visibility, contextual threat insights, and actionable remediation guidance. Through its integrated suite, External Attack Surface Managemnet, Third\_party Risk Management, Cloud Attack Surface Management, and Brand Risk Protection; the platform continuously discovers, classifies, and evaluates external-facing assets and risks across the internet, multi-cloud environments, and third-party ecosystems. Powered by AI-enabled risk questionnaires, RiskProfiler automates the exchange, validation, and scoring of security assessments, dramatically accelerating third-party due diligence and compliance validation. The platform’s context-enriched graph engine correlates vulnerabilities, exposures, and configurations with real-world threat data, revealing how attackers might exploit an organization’s digital footprint. Its newly enhanced Cyber Threat Intelligence (CTI) module provides live insights into industry-specific attack trends, threat actor profiles, and evolving TTPs, directly embedded within the dashboard. By analyzing CVEs, IOCs, and exploit patterns, it maps these to relevant assets and potential attack paths, enabling focused, prioritized mitigation. From identifying exposed cloud resources across AWS, Azure, and Google Cloud to uncovering brand impersonation, phishing campaigns, or logo abuse, RiskProfiler delivers unified visibility and continuous monitoring that extends beyond the perimeter. It helps organizations anticipate, contextualize, and neutralize threats before they turn into breaches, transforming exposure management into a truly intelligent, predictive defense capability. **Average Rating:** 4.9/5.0 **Total Reviews:** 118 **User Satisfaction Scores:** - **Ease of Admin:** 9.7/10 (Category avg: 9.0/10) - **Risk Scoring:** 9.8/10 (Category avg: 8.8/10) - **Questionnaire Templates:** 9.8/10 (Category avg: 8.6/10) - **4th Party Assessments:** 9.7/10 (Category avg: 7.9/10) **Seller Details:** - **Seller:** [Riskprofiler](https://www.g2.com/sellers/riskprofiler) - **Company Website:** https://riskprofiler.io/ - **Year Founded:** 2019 - **HQ Location:** Rock Hill , US - **Twitter:** @riskprofilerio (211 Twitter followers) - **LinkedIn® Page:** https://www.linkedin.com/company/riskprofiler (28 employees on LinkedIn®) **Reviewer Demographics:** - **Who Uses This:** Software Engineer, Security Consultant - **Top Industries:** Information Technology and Services, Design - **Company Size:** 66% Mid-Market, 33% Small-Business #### Pros & Cons **Pros:** - Risk Management (70 reviews) - Features (32 reviews) - Customer Support (31 reviews) - Ease of Use (30 reviews) - Easy Setup (29 reviews) **Cons:** - Learning Curve (17 reviews) - Complexity (16 reviews) - Difficult Learning (16 reviews) - Learning Difficulty (10 reviews) - Complex Setup (8 reviews) ### 11. [Responsive, formerly RFPIO](https://www.g2.com/products/responsive-formerly-rfpio/reviews) Responsive is the global leader in strategic response management software, transforming how organizations share and exchange critical information. Our commitment to product innovation and customer success empowers companies to accelerate growth, mitigate risk and improve the employee experience by leveraging intelligent technologies to quickly and accurately manage RFPs, RFIs, security questionnaires (VSQs), due diligence questionnaires (DDQs), risk assessments and all other complex information requests (RFXs). With Responsive, frontline teams deliver superior responses by automating the completion of questionnaires, documents and spreadsheets while collaborating with stakeholders, improving processes with data insights, and quickly accessing approved content across popular business applications. **Average Rating:** 4.5/5.0 **Total Reviews:** 1,269 **User Satisfaction Scores:** - **Ease of Admin:** 8.7/10 (Category avg: 9.0/10) - **Risk Scoring:** 7.1/10 (Category avg: 8.8/10) - **Questionnaire Templates:** 7.7/10 (Category avg: 8.6/10) - **4th Party Assessments:** 6.6/10 (Category avg: 7.9/10) **Seller Details:** - **Seller:** [Responsive](https://www.g2.com/sellers/responsive) - **Company Website:** https://www.responsive.io/ - **Year Founded:** 2016 - **HQ Location:** Frisco, Texas - **Twitter:** @responsiveio (1,737 Twitter followers) - **LinkedIn® Page:** https://www.linkedin.com/company/responsiveio (708 employees on LinkedIn®) **Reviewer Demographics:** - **Who Uses This:** Proposal Manager, Proposal Writer - **Top Industries:** Computer Software, Information Technology and Services - **Company Size:** 48% Mid-Market, 39% Enterprise #### Pros & Cons **Pros:** - Ease of Use (150 reviews) - Features (117 reviews) - Time-saving (87 reviews) - Efficiency (86 reviews) - Team Collaboration (77 reviews) **Cons:** - Learning Curve (34 reviews) - Not Intuitive (33 reviews) - Inaccurate Responses (27 reviews) - Non-Intuitive Features (27 reviews) - Missing Features (23 reviews) ### 12. [OneTrust Privacy Automation](https://www.g2.com/products/onetrust-privacy-automation/reviews) OneTrust’s mission is to enable the responsible use of data and AI. Our platform simplifies the collection of data with consent and preferences, automates the governance of data with integrated risk management across privacy, security, IT/tech, third-party, and AI risk, and activates the responsible use of data by applying and enforcing data policies across the entire data estate and lifecycle. The Privacy Automation solution simplifies compliance, automates privacy operations and mitigates risk. Our tools include: -A real-time view of your compliance posture -Evergreen data and activity map -Data subject request automation -Privacy and AI risk workflows OneTrust supports seamless collaboration between data teams and risk teams to drive rapid and trusted innovation. Recognized as a market pioneer and leader, OneTrust boasts over 300 patents and serves more than 14,000 customers globally, ranging from industry giants to small businesses. For more information, visit www.onetrust.com. **Average Rating:** 4.3/5.0 **Total Reviews:** 143 **User Satisfaction Scores:** - **Ease of Admin:** 8.4/10 (Category avg: 9.0/10) - **Risk Scoring:** 8.4/10 (Category avg: 8.8/10) - **Questionnaire Templates:** 9.0/10 (Category avg: 8.6/10) - **4th Party Assessments:** 8.1/10 (Category avg: 7.9/10) **Seller Details:** - **Seller:** [OneTrust](https://www.g2.com/sellers/onetrust) - **Company Website:** https://www.onetrust.com/ - **Year Founded:** 2016 - **HQ Location:** Atlanta, Georgia - **Twitter:** @OneTrust (6,562 Twitter followers) - **LinkedIn® Page:** https://www.linkedin.com/company/10795459/ (2,489 employees on LinkedIn®) **Reviewer Demographics:** - **Who Uses This:** Data Protection Officer - **Top Industries:** Information Technology and Services, Financial Services - **Company Size:** 46% Enterprise, 40% Mid-Market #### Pros & Cons **Pros:** - Ease of Use (7 reviews) - Data Protection (5 reviews) - Problem Solving (5 reviews) - Compliance (4 reviews) - Regulatory Compliance (4 reviews) **Cons:** - Learning Difficulty (5 reviews) - Complexity (4 reviews) - Complexity Issues (4 reviews) - Learning Curve (4 reviews) - Complex Implementation (3 reviews) ### 13. [Loopio](https://www.g2.com/products/loopio/reviews) Loopio is the most highly-trusted response management software, helping enterprise businesses supercharge and scale their response process for RFPs, RFIs, Security Questionnaires, and more. Loopio streamlines manual and time-consuming processes through: Confident Answers: Our AI-powered library connects to preferred content sources, enabling teams to craft tailored responses, populate trustworthy answers, and ensure accuracy across every proposal. Effortless Projects: AI-driven automation helps teams seamlessly import and export complex document formats, track high-volume proposal pipelines, and respond to portal-based RFPs with ease. Seamless Collaboration: Our vast integrations break down departmental silos, allowing responders to engage with SMEs, centralize multi-stakeholder feedback, and deliver vetted content—all within an existing tech stack. Strategic Insights: Loopio transforms the response process into a data-driven operation by providing the visibility needed to monitor content health, identify winning trends, and measure business impact. At the heart of our enterprise RFP platform is Response Intelligence™, Loopio’s proprietary machine learning technology. It surfaces insights and makes recommendations in the response process to help responders work smarter and create winning proposals, making it the easiest RFP response solution to use on the market. The proof is in the numbers. Loopio customers experience: ■ 51% more RFP responses completed ■ 42% in time savings ■ And 85% win more business Loopio’s RFP software is trusted by 1,700+ leading companies to respond faster, improve response quality, and win more business. We’d love for you to be one of them. **Average Rating:** 4.6/5.0 **Total Reviews:** 802 **User Satisfaction Scores:** - **Ease of Admin:** 9.1/10 (Category avg: 9.0/10) - **Risk Scoring:** 7.7/10 (Category avg: 8.8/10) - **Questionnaire Templates:** 8.8/10 (Category avg: 8.6/10) - **4th Party Assessments:** 7.3/10 (Category avg: 7.9/10) **Seller Details:** - **Seller:** [Loopio Inc.](https://www.g2.com/sellers/loopio-inc) - **Company Website:** https://www.loopio.com - **Year Founded:** 2014 - **HQ Location:** Toronto - **Twitter:** @loopioinc (1,666 Twitter followers) - **LinkedIn® Page:** https://www.linkedin.com/company/5020707/ (300 employees on LinkedIn®) **Reviewer Demographics:** - **Who Uses This:** Proposal Manager, Bid Manager - **Top Industries:** Computer Software, Information Technology and Services - **Company Size:** 51% Mid-Market, 34% Enterprise #### Pros & Cons **Pros:** - Ease of Use (140 reviews) - Time-saving (94 reviews) - Efficiency (88 reviews) - Features (82 reviews) - Intuitive (68 reviews) **Cons:** - Missing Features (31 reviews) - Limitations (27 reviews) - Limited Features (26 reviews) - Inaccurate Responses (25 reviews) - Formatting Issues (24 reviews) ### 14. [Bitsight](https://www.g2.com/products/bitsight/reviews) Bitsight is the global leader in cyber risk intelligence, leveraging advanced AI to empower organizations with precise insights derived from the industry’s most extensive external cybersecurity dataset. With more than 3,500 customers and over 68,000 organizations active on its platform, Bitsight delivers real-time visibility into cyber risk and threat exposure, enabling teams to rapidly identify vulnerabilities, detect emerging threats, prioritize remediation, and mitigate risks across their extended attack surface. Bitsight proactively uncovers security gaps across infrastructure, cloud environments, digital identities, and third- and fourth-party ecosystems. From security operations and governance teams to executive boardrooms, Bitsight provides the unified intelligence backbone required to confidently manage cyber risk and address exposures before they impact performance. **Average Rating:** 4.5/5.0 **Total Reviews:** 76 **User Satisfaction Scores:** - **Ease of Admin:** 8.8/10 (Category avg: 9.0/10) - **Risk Scoring:** 8.7/10 (Category avg: 8.8/10) - **Questionnaire Templates:** 7.6/10 (Category avg: 8.6/10) - **4th Party Assessments:** 7.7/10 (Category avg: 7.9/10) **Seller Details:** - **Seller:** [Bitsight](https://www.g2.com/sellers/bitsight) - **Company Website:** https://www.bitsight.com/ - **Year Founded:** 2011 - **HQ Location:** Boston, MA - **Twitter:** @BitSight (4,497 Twitter followers) - **LinkedIn® Page:** https://www.linkedin.com/company/bitsight/ (740 employees on LinkedIn®) **Reviewer Demographics:** - **Top Industries:** Information Technology and Services, Hospital & Health Care - **Company Size:** 71% Enterprise, 24% Mid-Market #### Pros & Cons **Pros:** - Security (15 reviews) - Risk Management (14 reviews) - Ease of Use (13 reviews) - Features (11 reviews) - Customer Support (9 reviews) **Cons:** - Missing Features (6 reviews) - Lack of Clarity (5 reviews) - Poor Notifications (4 reviews) - Slow Performance (4 reviews) - Delay Issues (3 reviews) ### 15. [Securiti](https://www.g2.com/products/securiti/reviews) Securiti is the pioneer of the DataAI Command Center, a centralized platform that enables the safe use of data and GenAI. It provides unified data intelligence, controls and orchestration across hybrid multicloud environments. Large global enterprises rely on Securiti's Data Command Center for data security, privacy, governance, and compliance. Securiti has been recognized with numerous industry and analyst awards, including "Most Innovative Startup" by RSA, "Top 25 Machine Learning Startups" by Forbes, "Most Innovative AI Companies'' by CB Insights, "Cool Vendor in Data Security" by Gartner, and "Privacy Management Wave Leader'' by Forrester. For more information, please follow us on LinkedIn and visit Securiti.ai. **Average Rating:** 4.7/5.0 **Total Reviews:** 82 **User Satisfaction Scores:** - **Ease of Admin:** 8.9/10 (Category avg: 9.0/10) - **Risk Scoring:** 9.8/10 (Category avg: 8.8/10) - **Questionnaire Templates:** 9.2/10 (Category avg: 8.6/10) - **4th Party Assessments:** 9.8/10 (Category avg: 7.9/10) **Seller Details:** - **Seller:** [Veeam](https://www.g2.com/sellers/veeam) - **Company Website:** https://www.veeam.com - **Year Founded:** 2006 - **HQ Location:** Columbus, OH - **Twitter:** @veeam (51,576 Twitter followers) - **LinkedIn® Page:** https://www.linkedin.com/company/veeam-software/ (7,230 employees on LinkedIn®) **Reviewer Demographics:** - **Top Industries:** Computer Software, Retail - **Company Size:** 66% Enterprise, 14% Mid-Market #### Pros & Cons **Pros:** - Ease of Use (38 reviews) - Customer Support (26 reviews) - Features (21 reviews) - Helpful (20 reviews) - Problem Solving (20 reviews) **Cons:** - Complexity (11 reviews) - Learning Curve (10 reviews) - Implementation Issues (9 reviews) - Complexity Issues (8 reviews) - Learning Difficulty (8 reviews) ### 16. [SecurityScorecard](https://www.g2.com/products/securityscorecard/reviews) Stopping sophisticated cyberattacks requires visibility beyond your organization. Security teams need a complete understanding of their attack surface and business ecosystem risk—including partners, contractors, third- and fourth-party vendors, and supply chains. As the industry leader in security ratings, SecurityScorecard provides actionable insights for over 12 million organizations so you can quantify trustworthiness, quickly respond to cyber risks, and strengthen cyber defenses. SecurityScorecard is a security ratings, response, and resilience company. As the industry leader in security ratings, we provide actionable insights so you can make fast, informed decisions that improve your defenses. SecurityScorecard offers the world’s most comprehensive platform for quantifying and reducing risk, so you can instantly know whether an organization deserves your trust and show others that you deserve theirs. With SecurityScorecard, you can quantify trustworthiness and instantly know the cyber risk of any company worldwide, including your business, competitors, vendors, and downstream suppliers. You can strengthen cyber defenses by accessing a stream of risk intelligence that pinpoints vulnerabilities, prioritizes next steps, and clarifies remediation plans. And you can verify vendor readiness by identifying cyber-risks posed by vendors and sub-tier suppliers throughout your ecosystem– and take action to ensure their problems don’t become your problems. What we offer: Supply Chain Cyber Risk: Your supply chain consists of your third and fourth parties as well as Nth parties that are all connected to your business. Vulnerabilities and threats in your supply chain can pose risks to your business operations. With SecurityScorecard, you can significantly reduce or eliminate the risk of compromise from a vendor or business partner. Offerings include: Third-Party Cyber Risk Management, Automatic Vendor Detection, Supply Chain Risk Intelligence, and Security Questionnaires. Threat Landscape: Go outside the wire to identify threats facing your organization and your supply chain. Leverage terabytes of data and AI-driven analytics to identify the threats that put your business at risk. Offerings include: Attack Surface Intelligence, Intelligence Feeds, and Vulnerability Intelligence. Security and Risk Operations: SecurityScorecard enables companies to see what a hacker sees across their own external attack surface so they can identify threats and take action before the bad guys have a chance to exploit critical vulnerabilities. Offerings include: External Attack Surface Management and Cyber Risk Quantification. Services: A focus on expert-led continuous improvement, actionable insights, and tailored strategies positions SecurityScorecard as a trusted partner in achieving and maintaining a robust cybersecurity posture. Offerings include: Digital Forensics & Incident Response, Advisory Services, Penetration Testing, Red Team, and Tabletop Exercises. MAX: SecurityScorecard MAX is a technology-enabled supply chain cyber risk managed service. Organizations leverage SecurityScorecard's technology, expertise, and partner ecosystem to minimize supply chain risk and gain tangible business outcomes. **Average Rating:** 4.3/5.0 **Total Reviews:** 87 **User Satisfaction Scores:** - **Ease of Admin:** 8.7/10 (Category avg: 9.0/10) - **Risk Scoring:** 8.6/10 (Category avg: 8.8/10) - **Questionnaire Templates:** 7.7/10 (Category avg: 8.6/10) - **4th Party Assessments:** 7.7/10 (Category avg: 7.9/10) **Seller Details:** - **Seller:** [SecurityScorecard](https://www.g2.com/sellers/securityscorecard) - **Company Website:** https://securityscorecard.com - **Year Founded:** 2013 - **HQ Location:** New York, New York - **Twitter:** @security_score (8,166 Twitter followers) - **LinkedIn® Page:** https://www.linkedin.com/company/5054644/ (615 employees on LinkedIn®) **Reviewer Demographics:** - **Top Industries:** Information Technology and Services, Computer & Network Security - **Company Size:** 47% Enterprise, 36% Mid-Market #### Pros & Cons **Pros:** - Security (24 reviews) - Ease of Use (17 reviews) - Insights (10 reviews) - Customer Support (9 reviews) - Intuitive (8 reviews) **Cons:** - Lack of Clarity (4 reviews) - Limited Reporting (4 reviews) - Scoring Issues (4 reviews) - Improvement Needed (3 reviews) - Inefficient Risk Management (3 reviews) ### 17. [Copla](https://www.g2.com/products/copla/reviews) Copla offers an advanced cybersecurity compliance platform for financial institutions, focusing on DORA while also supporting a range of other industry frameworks. Our platform simplifies compliance with predefined and customizable workflows that eliminate manual tasks. Employees are engaged in real-time compliance checks and evidence gathering via our chatbot Copla Stream, reducing bottlenecks and streamlining the process. Compliance evidence is automatically stored in a central location, making audits faster and always regulator-ready. Features like data extraction, risk assessment, vulnerability scanning, penetration testing, and continuous monitoring ensure businesses stay secure and compliant. We also provide business continuity planning and awareness training to strengthen security posture. Copla includes fractional CISO services, offering expert guidance and strategic leadership to help organizations navigate complex compliance and risk management challenges. With fully guided DORA implementation, compliance analysis, and robust risk management workflows, our platform empowers financial institutions to reduce compliance workloads by up to 80% and save over 60K EUR, ensuring efficient and secure operations. **Average Rating:** 4.9/5.0 **Total Reviews:** 82 **User Satisfaction Scores:** - **Ease of Admin:** 9.3/10 (Category avg: 9.0/10) - **Risk Scoring:** 9.4/10 (Category avg: 8.8/10) - **Questionnaire Templates:** 9.4/10 (Category avg: 8.6/10) - **4th Party Assessments:** 9.6/10 (Category avg: 7.9/10) **Seller Details:** - **Seller:** [Copla](https://www.g2.com/sellers/copla) - **Company Website:** https://www.copla.com - **Year Founded:** 2023 - **HQ Location:** N/A - **LinkedIn® Page:** https://www.linkedin.com/company/cyber-upgrade/ (41 employees on LinkedIn®) **Reviewer Demographics:** - **Top Industries:** Financial Services, Accounting - **Company Size:** 78% Small-Business, 27% Mid-Market #### Pros & Cons **Pros:** - Compliance (42 reviews) - Ease of Use (42 reviews) - Time-saving (30 reviews) - Auditing (29 reviews) - Evidence Collection (27 reviews) **Cons:** - Difficult Setup (12 reviews) - Integration Issues (11 reviews) - Complex Setup (9 reviews) - UX Improvement (9 reviews) - Learning Curve (8 reviews) ### 18. [Apptega](https://www.g2.com/products/apptega/reviews) Tired of spreadsheets that don’t scale and require too much manual effort? Hampered by overly complex IT GRC systems that have you working for them? Apptega is the cybersecurity and compliance management platform that makes it easy to assess, build, manage, and report your cybersecurity and compliance program. Organizations in all industries and MSSPs rely on Apptega to meet the challenges of cybersecurity and compliance more efficiently and cost-effectively than with any other approach. Featuring 25+ frameworks, including SOC 2, NIST, CMMC, ISO, CIS, PCI, GDPR, HIPAA and more, and manage your program with: - Multi-Tenant - Assessments - Compliance Scoring - Risk Management - Vendor Risk Management - Audit Management - Reporting - Integrations **Average Rating:** 4.7/5.0 **Total Reviews:** 153 **User Satisfaction Scores:** - **Ease of Admin:** 9.3/10 (Category avg: 9.0/10) - **Risk Scoring:** 9.3/10 (Category avg: 8.8/10) - **Questionnaire Templates:** 9.1/10 (Category avg: 8.6/10) - **4th Party Assessments:** 7.6/10 (Category avg: 7.9/10) **Seller Details:** - **Seller:** [Apptega](https://www.g2.com/sellers/apptega) - **Company Website:** https://www.apptega.com - **HQ Location:** Atlanta Junction, Georgia, United States - **Twitter:** @apptega (290 Twitter followers) - **LinkedIn® Page:** https://www.linkedin.com/company/19418228/ (56 employees on LinkedIn®) **Reviewer Demographics:** - **Who Uses This:** Chief Information Security Officer - **Top Industries:** Information Technology and Services, Computer & Network Security - **Company Size:** 42% Mid-Market, 41% Small-Business #### Pros & Cons **Pros:** - Ease of Use (38 reviews) - Compliance Management (30 reviews) - Compliance (29 reviews) - Features (22 reviews) - Security (22 reviews) **Cons:** - Improvements Needed (12 reviews) - Limited Functionality (11 reviews) - Missing Features (8 reviews) - Limitations (7 reviews) - Limited Customization (7 reviews) ### 19. [Scytale](https://www.g2.com/products/scytale-g2/reviews) Scytale is the only AI GRC platform and human experts that drive real compliance outcomes - from getting compliant to staying compliant, and building trust across every framework. Trusted by 1,000+ companies worldwide, Scytale replaces fragmented testing with continuous control visibility, automating evidence, control cross-mapping, and risk management across 80+ security, privacy, and AI frameworks, including SOC 2, ISO 27001, GDPR, SOX ITGC, ISO 42001, and many more. Scytale is a full-scope trust and compliance platform with everything you need to run your GRC program in one central hub, including: an agentic GRC network, a Trust Center, AI-integrated offensive security and expert GRC services. **Average Rating:** 4.8/5.0 **Total Reviews:** 589 **User Satisfaction Scores:** - **Ease of Admin:** 9.2/10 (Category avg: 9.0/10) - **Risk Scoring:** 9.1/10 (Category avg: 8.8/10) - **Questionnaire Templates:** 8.9/10 (Category avg: 8.6/10) - **4th Party Assessments:** 8.0/10 (Category avg: 7.9/10) **Seller Details:** - **Seller:** [Scytale AI](https://www.g2.com/sellers/scytale-ai) - **Company Website:** https://scytale.ai/ - **Year Founded:** 2021 - **HQ Location:** New York, US - **Twitter:** @scytale_ai (76 Twitter followers) - **LinkedIn® Page:** https://www.linkedin.com/company/scytale-ai/ (145 employees on LinkedIn®) **Reviewer Demographics:** - **Who Uses This:** CTO, CEO - **Top Industries:** Computer Software, Information Technology and Services - **Company Size:** 72% Small-Business, 22% Mid-Market #### Pros & Cons **Pros:** - Helpful (162 reviews) - Ease of Use (148 reviews) - Compliance (102 reviews) - Customer Support (94 reviews) - Team Helpfulness (85 reviews) **Cons:** - Integration Issues (45 reviews) - Limited Integrations (35 reviews) - Evidence Collection (23 reviews) - Missing Features (22 reviews) - Software Bugs (19 reviews) ### 20. [Whistic](https://www.g2.com/products/whistic/reviews) Whistic is the fastest and most efficient way to exchange, evaluate, and manage security information — whether you’re assessing third-party vendors or responding to customer questionnaires. Designed for today’s fast-moving security and compliance teams, Whistic helps organizations build trust faster, reduce manual work, and move at the speed of business. Unlike other TPRM solutions that focus on just one side of the process, Whistic bridges both. Our platform combines AI-powered automation with the Trust Center Exchange™, a dynamic network where companies proactively publish and share their security posture. This eliminates repetitive back-and-forth communication, accelerates due diligence, and ensures transparency across the entire vendor ecosystem. With Whistic Assessment AI, teams can automate up to 90% of manual tasks, cut assessment time from weeks to minutes, and refocus valuable resources on high-impact security initiatives — all without increasing headcount. The result is a modern, scalable Third-Party Risk Management (TPRM) program that strengthens trust, enhances visibility, and transforms risk management from a roadblock into a competitive advantage. **Average Rating:** 4.6/5.0 **Total Reviews:** 52 **User Satisfaction Scores:** - **Ease of Admin:** 9.1/10 (Category avg: 9.0/10) - **Risk Scoring:** 8.6/10 (Category avg: 8.8/10) - **Questionnaire Templates:** 8.9/10 (Category avg: 8.6/10) - **4th Party Assessments:** 7.6/10 (Category avg: 7.9/10) **Seller Details:** - **Seller:** [Whistic](https://www.g2.com/sellers/whistic) - **Company Website:** https://www.whistic.com - **Year Founded:** 2015 - **HQ Location:** Pleasant Grove, Utah - **Twitter:** @Whistic_Inc (1,216 Twitter followers) - **LinkedIn® Page:** https://www.linkedin.com/company/6611250/ (52 employees on LinkedIn®) **Reviewer Demographics:** - **Top Industries:** Computer Software, Information Technology and Services - **Company Size:** 48% Mid-Market, 35% Enterprise #### Pros & Cons **Pros:** - Ease of Use (6 reviews) - Vendor Management (6 reviews) - Customer Support (4 reviews) - Documentation (4 reviews) - Efficiency (4 reviews) **Cons:** - Non-Intuitive Features (4 reviews) - Improvement Needed (3 reviews) - Not Intuitive (3 reviews) - UX Improvement (3 reviews) - Inefficient Risk Management (2 reviews) ### 21. [Conveyor](https://www.g2.com/products/conveyor-conveyor/reviews) Conveyor is the market-leading AI security review automation platform that helps infosec & presales teams automate the entire security review -- from security questionnaire completion and sharing security documentation like a SOC 2 in one-click. With AI so accurate, you can even pass most of your security review workflows to our new AI Agent for Customer Trust. Why teams love Conveyor: 1. The only trust center to offer an upload questionnaire for instant answers experience along with all the bells & whistles to share security documentation at scale 2. Plus, AI-questionnaire response to auto-generate 95%+ accurate answers to entire questionnaires so you can speed through review. **Average Rating:** 4.6/5.0 **Total Reviews:** 150 **User Satisfaction Scores:** - **Ease of Admin:** 9.2/10 (Category avg: 9.0/10) - **Risk Scoring:** 7.5/10 (Category avg: 8.8/10) - **Questionnaire Templates:** 8.0/10 (Category avg: 8.6/10) - **4th Party Assessments:** 7.5/10 (Category avg: 7.9/10) **Seller Details:** - **Seller:** [Conveyor](https://www.g2.com/sellers/conveyor-5e432251-cc59-40a2-a9dd-cff110558d40) - **Company Website:** https://www.conveyor.com - **Year Founded:** 2021 - **HQ Location:** San Francisco, US - **Twitter:** @conveyor (380 Twitter followers) - **LinkedIn® Page:** https://www.linkedin.com/company/conveyorhq (61 employees on LinkedIn®) **Reviewer Demographics:** - **Who Uses This:** Account Executive - **Top Industries:** Computer Software, Information Technology and Services - **Company Size:** 59% Mid-Market, 27% Enterprise #### Pros & Cons **Pros:** - Ease of Use (46 reviews) - Efficiency (34 reviews) - Time-saving (30 reviews) - Intuitive (23 reviews) - Artificial Intelligence (17 reviews) **Cons:** - Missing Features (9 reviews) - Inaccurate Responses (6 reviews) - Poor Interface Design (6 reviews) - Lack of Clarity (5 reviews) - Limited Customization (5 reviews) ### 22. [SafeBase](https://www.g2.com/products/safebase/reviews) SafeBase is a comprehensive Trust Center Platform designed specifically for enterprises to facilitate seamless security reviews. This platform addresses the challenges organizations face when responding to security questionnaires by significantly reducing the volume of inbound inquiries. By providing self-serve, secure access to essential information, SafeBase empowers customers to find the answers they need without the friction typically associated with traditional security review processes. Trusted by high growth companies and enterprise organizations like OpenAI, Asana, T-Mobile, and Zoom, SafeBase helps eliminate friction in the inbound security review process and helps build customer trust. The target audience for SafeBase includes security teams, sales professionals, and compliance officers within medium to large enterprises that require efficient management of security documentation and inquiries. The platform is particularly beneficial for organizations that frequently engage with clients who have rigorous security requirements. Use cases for SafeBase range from automating responses to security questionnaires to streamlining internal workflows, thus enabling teams to focus on more strategic initiatives rather than administrative tasks. Key features of SafeBase include: • Advanced Trust Center access and governance capabilities, which offer robust permissioning and access controls. Users can manage access through functionalities such as auto bulk invites, SCIM integration, and expiration dates, ensuring that sensitive information is shared securely and efficiently. • Automated NDA workflows further enhance the user experience by allowing buyers to securely access necessary documentation through integrated NDA signing, simplifying the process for all parties involved. • Chrome extension - enables users to provide questionnaire responses directly within their buyers' Third-Party Risk Management (TPRM) portals. This integration not only saves time but also enhances the accuracy of information shared. • Advanced analytics dashboards helping organizations communicate the return on investment (ROI) of their security programs. By leveraging CRM data, these dashboards highlight key focus areas and demonstrate how security initiatives contribute to overall revenue growth. • Multi-product Trust Center profiles, allowing organizations to showcase their trust posture across various product offerings. This feature makes it easy for buyers to self-serve security documentation tailored to their specific needs. By streamlining the security review process and positioning security as a strategic driver of revenue, SafeBase enables fast-growing companies to reclaim valuable time and resources, ultimately enhancing the buying experience for their clients. In 2025, SafeBase was acquired by Drata. Together, they also offer the leading Trust Management Platform enabling organizations to: ~ Proactively build trust with customers through dynamic, real-time Trust Centers. Accelerate security questionnaire responses and close deals faster with AI-powered automation. ~ Simplify and scale compliance efforts with advanced automation and robust integrations. ~ Enhance vendor and third-party risk management with improved efficiency and continuous visibility. ~ Scale and modernize enterprise GRC programs to address evolving market needs. **Average Rating:** 4.7/5.0 **Total Reviews:** 143 **User Satisfaction Scores:** - **Ease of Admin:** 9.5/10 (Category avg: 9.0/10) - **Risk Scoring:** 8.3/10 (Category avg: 8.8/10) - **Questionnaire Templates:** 8.2/10 (Category avg: 8.6/10) - **4th Party Assessments:** 7.6/10 (Category avg: 7.9/10) **Seller Details:** - **Seller:** [SafeBase](https://www.g2.com/sellers/safebase) - **Company Website:** https://safebase.io/ - **Year Founded:** 2020 - **HQ Location:** San Francisco, California - **LinkedIn® Page:** https://www.linkedin.com/company/safebase/ (57 employees on LinkedIn®) **Reviewer Demographics:** - **Who Uses This:** Account Executive - **Top Industries:** Computer Software, Information Technology and Services - **Company Size:** 73% Mid-Market, 20% Enterprise #### Pros & Cons **Pros:** - Ease of Use (9 reviews) - Communication (4 reviews) - Customer Success (4 reviews) - Helpful (4 reviews) - Integrations (4 reviews) **Cons:** - Missing Features (4 reviews) - Lack of Customization (2 reviews) - Limited Customization (2 reviews) - Feature Complexity (1 reviews) - Improvements Needed (1 reviews) ### 23. [LAMP](https://www.g2.com/products/lamp/reviews) LAMP is our industry-leading cloud-based platform and your point of convergence for all activities surrounding technology information management. **Average Rating:** 4.7/5.0 **Total Reviews:** 13 **User Satisfaction Scores:** - **Ease of Admin:** 8.1/10 (Category avg: 9.0/10) - **Risk Scoring:** 7.9/10 (Category avg: 8.8/10) - **Questionnaire Templates:** 7.2/10 (Category avg: 8.6/10) - **4th Party Assessments:** 7.2/10 (Category avg: 7.9/10) **Seller Details:** - **Seller:** [LaSalle Solutions,](https://www.g2.com/sellers/lasalle-solutions) - **Year Founded:** 1980 - **HQ Location:** Rosemont, IL - **Twitter:** @ManageSMARTnet (333 Twitter followers) - **LinkedIn® Page:** https://www.linkedin.com/company/lasalle-solutions/ (31 employees on LinkedIn®) **Reviewer Demographics:** - **Top Industries:** Information Technology and Services - **Company Size:** 67% Small-Business, 33% Mid-Market ### 24. [Ncontracts](https://www.g2.com/products/ncontracts-ncontracts/reviews) Ncontracts is a leading provider of SaaS-based risk management and compliance solutions for financial services companies. Our GRC solutions help more than 5,000 banks, credit unions, mortgage companies, fintechs, and trusts achieve their risk management and compliance goals with a powerful combination of user-friendly, cloud-based software and expert services. **Average Rating:** 4.7/5.0 **Total Reviews:** 178 **User Satisfaction Scores:** - **Ease of Admin:** 8.5/10 (Category avg: 9.0/10) - **Risk Scoring:** 9.8/10 (Category avg: 8.8/10) - **Questionnaire Templates:** 8.8/10 (Category avg: 8.6/10) - **4th Party Assessments:** 7.9/10 (Category avg: 7.9/10) **Seller Details:** - **Seller:** [Ncontracts](https://www.g2.com/sellers/ncontracts) - **Company Website:** https://www.ncontracts.com/ - **Year Founded:** 2009 - **HQ Location:** Brentwood, TN - **Twitter:** @Ncontracts (1,804 Twitter followers) - **LinkedIn® Page:** https://www.linkedin.com/company/ncontracts/ (471 employees on LinkedIn®) **Reviewer Demographics:** - **Top Industries:** Banking, Financial Services - **Company Size:** 80% Mid-Market, 12% Small-Business #### Pros & Cons **Pros:** - Customer Support (18 reviews) - Ease of Use (18 reviews) - Compliance Management (13 reviews) - Useful (13 reviews) - Features (11 reviews) **Cons:** - Data Management Issues (5 reviews) - Integration Issues (5 reviews) - Import Issues (4 reviews) - Inadequate Reporting (4 reviews) - Limited Integration (4 reviews) ### 25. [CTM360](https://www.g2.com/products/ctm360-ctm360/reviews) CTM360 is a consolidated external security platform that integrates External Attack Surface Management, Digital Risk Protection, Cyber Threat Intelligence, Brand Protection & Anti-phishing, Surface, Deep, & Dark Web Monitoring, Security Ratings, Third-party risk Management, and fully managed unlimited Takedowns. As a pioneer and innovator in preemptive security, CTM360 operates as an external CTEM technology platform outside an organization’s perimeter. Seamless and turn-key, CTM360 requires no configurations, installations or inputs from the end-user, with all data pre-populated and specific to your organization. All aspects are managed by CTM360. **Average Rating:** 4.7/5.0 **Total Reviews:** 114 **User Satisfaction Scores:** - **Ease of Admin:** 9.6/10 (Category avg: 9.0/10) - **Risk Scoring:** 9.4/10 (Category avg: 8.8/10) - **Questionnaire Templates:** 8.6/10 (Category avg: 8.6/10) - **4th Party Assessments:** 8.8/10 (Category avg: 7.9/10) **Seller Details:** - **Seller:** [CTM360](https://www.g2.com/sellers/ctm360) - **Company Website:** https://www.ctm360.com/ - **Year Founded:** 2014 - **HQ Location:** Manama, BH - **Twitter:** @teamCTM360 (1,000 Twitter followers) - **LinkedIn® Page:** https://www.linkedin.com/company/ctm360/ (125 employees on LinkedIn®) **Reviewer Demographics:** - **Top Industries:** Banking, Financial Services - **Company Size:** 42% Mid-Market, 31% Enterprise #### Pros & Cons **Pros:** - Customer Support (48 reviews) - Ease of Use (45 reviews) - Features (31 reviews) - Monitoring (28 reviews) - Detection Efficiency (24 reviews) **Cons:** - Limited Features (9 reviews) - Integration Issues (8 reviews) - Lack of Features (5 reviews) - Lack of Integration (5 reviews) - Lack of Integrations (5 reviews) ## Parent Category [Risk Assessment Software](https://www.g2.com/categories/risk-assessment) ## Related Categories - [Audit Management Software](https://www.g2.com/categories/audit-management) - [Regulatory Change Management Software](https://www.g2.com/categories/regulatory-change-management) - [IT Risk Management Software](https://www.g2.com/categories/it-risk-management) - [Third Party & Supplier Risk Management Software](https://www.g2.com/categories/third-party-supplier-risk-management) - [Policy Management Software](https://www.g2.com/categories/policy-management) - [Cloud Compliance Software](https://www.g2.com/categories/cloud-compliance) - [Security Compliance Software](https://www.g2.com/categories/security-compliance)