Anecdotes Reviews & Product Details

My team and I reviewed various cybersecurity risk tools and hoped to find one that was suitable for our environment at the right pricepoint. After assessing over ten tools, we found Anecdotes to be user-friendly, aesthetically appeasing, and a robust tool. The team was knowledgeable, helpful, responsive, and implemented a majority our requests, expeditiously. Overall, Anecdotes provided a great onboarding experience. We are also excited to leverage Anecdotes for external audits such as SOC2. Review collected by and hosted on G2.com.

Currently Anecdotes is unable to hide cyber risks that do not belong to the risk owner. Review collected by and hosted on G2.com.

Easy to use, valuable plug-ins that look at controls more than just on the surface, has beta of unreleased frameworks such as NIST CSF 2.0 before launch, gives detailed control insights that competitors do not have. They arent in a race to send your way to get a SOC 2 audit. They care about the controls behind the evidence where others do not. Review collected by and hosted on G2.com.

nothing, this is a great tool for the continuous monitoring compliance space. Review collected by and hosted on G2.com.

Anecdotes allows me to ingest our tools to show continuous compliance monitoring. It integrates with 90% of our systems like AWS, HR systems, and even most of our security tooling. These integrations serve as the building blocks for control requirements that can then be easily mapped to applicable frameworks (for us SOC 2, HIPAA, PCI, ISO27001, CSA CoC GDPR). They support 26 frameworks in total ATM which is more coverage then many other compliance tools I've looked at.

Favorite feature is called Evidence Pool:

Evidence from integrated tools comes in via API calls and Anecdotes automatically maps the relevant data fields from that system into very accesible table-based views. You can then filter this data for things like exceptions (some that anecdotes has pre-defined for each integration or custom rules if you want to get fancy). Another great use case is using this table to spot check what's actually happening in your systems. All of the connections are read-only. The tool actually gives me visibility to systems I don't neccessarily need direct access to, giving me only the relevent info for compliance.

This tool also does the basic stuff well. Policy management works perfect, you can create custom controls or requirements, you can always resort to uploading screenshots or other document-based evidence to support a control and that's all very intuitive in the system.

Going back to the frameworks --> they are going to map your evidence on the requirement level, NOT, the control level. So for example, you'll have a requirement like "User Access Reviews" and evidence of your choosing will sit in that requirement. From there Anecdotes will do it's best job to map that requirement to controls in ALL the frameworks you have. But what if you have a different scope from framework to framework? You still have the flexibiltity to change the evidence for that control on a framework to framework basis because it doesn't try and tie the actual controls to each other.

The anecdotes team is amazing. The onboarding process is delightful and CSM presence is unmatched from any vendor I've ever used.

I recommend this tool highly if you are running compliance for a SaaS company. Review collected by and hosted on G2.com.

I use the JIRA/Confluence integration in this tool a lot because a ton of audit evidence lives in those systems. Sometimes making a connection to those it can time out when trying to link to a requirement. I notice that it works everytime if I try again immediately. Review collected by and hosted on G2.com.

The flexibility of the tool, ease of use and ability to integrate with multiple solutions. The customer support team is very responsive and supportive. The implementation was also seamless. Review collected by and hosted on G2.com.

Nothing readily comes to mind. The team has been very supportive. Review collected by and hosted on G2.com.

Anecdotes provide an end-to-end solution to a large variety of accreditations and certifications that can serve every organisation in every industry. Easy to implement, easy and straightforward to use, comprehensive approach. Review collected by and hosted on G2.com.

Connecting plugins is a one-time effort, but Anecdotes support is always available; they offer white-glove service during on-boarding phase. Review collected by and hosted on G2.com.

Reduces time in year-over-year audit processes for SOC 2 and other frameworks. Review collected by and hosted on G2.com.

The UI is missing some key functionality. I would like it to incorporate best parctices. Review collected by and hosted on G2.com.

The team is extremely helpful and always ready to help. Feature requests are dealt with very quickly. Review collected by and hosted on G2.com.

Missing a few integrations that would be helpful. Review collected by and hosted on G2.com.

The best thing about Anecdotes is:

- The number of frameworks and features you can get out-of-the-box with their pricing structure.

- A very clean and navigable UI.

- Integrations with tons of popular SaaS apps that a majority of organizations use.

- Great Policy templates for users to build on if they're not familiar with writing Information Security Policies.

- The support to upload your own common control framework for a more savvy compliance program.

- Pre-built dashboards and metrics to show the effectiveness of your compliance program to Executive leadership. Review collected by and hosted on G2.com.

Anecdotes does not have security awareness training built into its platform, but rather, it provides customers with access to a partner security awareness training platform. The partner security awareness training platform that customers get access to is very limited – no SSO integration for user enrollment/deactivation and only three training scenes/topics for a given new hire or annual security awareness training. Review collected by and hosted on G2.com.

We looked at a few GRC tools, and we chose anecdotes because of their high number of relevant plugins. Since we connected them, we have automated most of our evidence collection and saved a lot of time. Review collected by and hosted on G2.com.

They were missing a few features that I wanted, but they added my requests to their roadmap. For example, specific fields were not available yet from one of the plugins. But the support and integrations teams acted fast and managed to pull the data and add it to the evidence. Review collected by and hosted on G2.com.

I like that evidence for SOC2 audit can be gathered automatically via integration for many commonly used applications.

Getting real-time status on the project for the auditors and clients.

Clients can customize their controls according to the description that the auditors and client decided. Review collected by and hosted on G2.com.

Sometimes files extracted by the automation cannot be opened, which delays our audit process, and we need to ask the client for manual upload.

In addition, there is latency in logging in, which also delays our audit process.

Other than that, as an auditor, I can't think of any more dislikes :) Review collected by and hosted on G2.com.