SecurityStudio Reviews & Product Details

I have reviewed over the past few years several NIST type assessment tools and just renewed Security Studio again. There are so many things that the S2 org tool does and does well. I love the deliverables! The deliverables are easy to create and are easy to present to other non-technical shareholders to get that “buy in” when we prioritize our goals for infosec. The industry comparison FISA score is genius and I base one of my departments KPI’s off of improving that score month over month. I can easily measure our remediation investments against our improvement or risk. When I did security consulting over the years, I would present a report and the following year would find the same high priority issues with nothing accomplished. This tool seems to drive action. S2 continues to refine the tool and open to suggestions. The support are responsive and rock stars! Review collected by and hosted on G2.com.

When i have found something in the software that could save me time over the years - i would email S2 the idea and either they were already planning it or would add in the next version. So with that being said, i don't have any dislikes. Review collected by and hosted on G2.com.

Tech Reformers, LLC uses S2org to provide evidence of compliance across 4 areas of risk. We like how clients upload policies and procedures to be reviewed by our certified experts. It helps us create a roadmap to improve security. Security Studio lets us partner with our clients in a productive and efficient manner. The tool allows us to build long term relationships with our clients as, together, we work to improve security and lower risk across the 4 domains: Administrative Controls, Physical Controls, Internal Technical Controls, and External Technical Controls. Review collected by and hosted on G2.com.

The surveys can be time consuming. But I like how Security Studio allows for 3 levels with the first, L1, being a shorter survey to get a handle on your security posture. By starting clients on the right level survey it alleviates the problem of starting with a survey that is just too cumbersome for an organization starting its security and risk compliance journey. With the Security Studio team, we even created a free assessment that allows for any of our target customers in Education Management to get a quick snapshot of how they stand. Review collected by and hosted on G2.com.

The SecurityStudio products are very easy to understand and navigate with the latest update. We have been using S2 org and I have used and recommended S2 me personally. These tools give the users a S2 score. S2 scores are easy for people from any background to understand. We have been able to use the S2 org results to work on focusing our security efforts in schools. The information given out of the S2 org assessments is very valuable! Review collected by and hosted on G2.com.

I have been overall happy. My only hurdle has been some of the constant changes and updates. For a while it felt like as soon as I got a grasp on the platform an update would happen and shift things a little. That has settled down now as the tools have matures more. I get that this was just growing pains so it's completely understandable to be a part of it. I'm looking forward to using the S2 org for quite some time to see growth and progress for our security adventures. Review collected by and hosted on G2.com.

Automation of a very tedious process

Customer Service is 10+ stars!

Vendor receives feedback well, and builds customer feedback into roadmap Review collected by and hosted on G2.com.

Re-branding not possible

Export/import of questions and answers not possible unless you contact the devs

Cannot send email as a custom domain

Lots of N/A's and false answers from vendors - scope of security questionnaire is undefined or understood to only be what is facing or holding customer data

Comments are not consistent and it doesn't seem abundantly clear that vendors can add comments

Cannot require a commented explanation if N/A is chosen to explain why you are choosing N/A

Some questions do not necessitate an n/a answer

Provide opportunity to remediate N/A answers, not only false answer Review collected by and hosted on G2.com.

One tool, multiple compliance standards. CMMC, HIPAA, ISO 27k, Soc 2 all map back to this tool. It provides a true measurement of risk, not just a gap analysis to the requirements/standards. Its quantifiable so it is easy to track risk remediation efforts. Review collected by and hosted on G2.com.

Not really anything. The price is reasonable and security studio is easy to work with. Review collected by and hosted on G2.com.

All the tools on the platform are very easy to use and make information security understandable to all personnel. We use S2Org for our company's information security risk management, S2Vendor for third-party information security risk management, S2Team for personnel information security risk management and S2Me. All the tools on the platform are simple and straightforward.

There are no unnecessary steps or complexity, but there are no shortcuts either. The tools have stood up to serious scrutiny too! Review collected by and hosted on G2.com.

The user interface (UI) could be a little more polished. The UI is easy to navigate, but it be more colorful and appealing. SecurityStudio has made great strides in their UI, and they just have a little further to go in my opinion. Review collected by and hosted on G2.com.

Vendefense provides an easy to use interface. The dashboard is well laid out. You can easily review the status of your vendors and where they are in their risk assessment. The risk assessment questions vary by the vendors rated impact. A medium impact vendor will not receive as detailed questionnaire as a high impact vendor. Risk Assessment questions are well worded with helpful pop-ups for additional clarification of the question. Review collected by and hosted on G2.com.

There have been a couple outages of the application, though the vendor has been quick to respond and provide remediation. It would be nice to have access to the email notification templates for customization. Review collected by and hosted on G2.com.

I really appreciate that VENDEFENSE gave me the tools to be successful with a more robust vendor risk management program without needing more specialized knowledge of this topic. Once we uploaded our vendors and answered some basic demographic questions on each one, the tool took over and now we're benefiting from an even stronger information security program. They also have great customer support to help with any questions that arise along the way. Review collected by and hosted on G2.com.

I'm satisfied with the product so far. There's nothing I dislike. Review collected by and hosted on G2.com.

The customer service has been amazing! Whenever I have a question or issue they are quick to respond. They also are very open to suggestions for changes and responsive to things that aren't working.

This tool helps our dispersed team come together in one tool to manage our vendors. Having the tool manage the status of each vendor and the workflow has been a huge time saver. The tool is straight forward and very easy to use. Review collected by and hosted on G2.com.

There are still a few workflow items when working within the tool I would like to see changed. When working with the list of vendors that have classifications to be reviewed, after each vendor it returns to the list of vendors instead of the list of classifications. Or after approving the classification if it would just continue to the next vendor, that would be a huge time saver.

There also could be a few more definitions of terminology right in the tool instead of having to go to the Help area to know the definition of Confidential and Physical/Logical Access, etc. Review collected by and hosted on G2.com.

It is very easy and intuitive to use. Very minimal training is required. Vendors like it as well. I like how it follows-up to ensure the vendor actually responds for you. Review collected by and hosted on G2.com.

Cannot re-brand as our own which prevents some external vendors from realizing it is actually our portal. Cannot bulk import question answers from a spreadsheet. Could use a comments section for added context on some questions. Review collected by and hosted on G2.com.