ZenGRC
Optimized for quick response

ZenGRC Reviews & Product Details

ZenGRC Overview

What is ZenGRC?

ZenGRC offers an established solution to elevate your company's risk and compliance program to the highest infosec standards. The cloud-based SaaS solution fits your existing GRC program and also evolves to guide you throughout your maturity roadmap. With ZenGRC as the central platform for your organization's entire infosec ecosystem, you can achieve continuous monitoring and efficient audit management capabilities, as well as customizable, end-to-end risk management that's built-in — not bolted on. Companies from SMB all the way to Enterprise use ZenGRC for... — Minimized manual effort through automation — Shortened, simplified audit cycles — Risk management that’s built-in—not bolted on — Increased visibility and reporting with dashboards — Direct integrations with ServiceNow, AWS, Qualys, Slack, JIRA, and more.

ZenGRC Details
Website
Languages Supported
English
Product Description

ZenGRC is a user-friendly GRC software designed to make compliance easy for nimble enterprises.

How do you position yourself against your competitors?

Our intuitive dashboards, pre-built templates, and built-in risk management features easily solve critical problems at scale. ZenGRC + ZenConnect provide a holistic view of your applications containing critical data within a centralized, cloud-based solution, allowing you to continuously monitor your data and mitigate risk in real-time. With dedicated onboarding specialists, customer success managers, and GRC experts you’ll be up and running in weeks—not months.


Seller Details
Seller
Reciprocity
Company Website
Year Founded
2009
HQ Location
San Francisco, CA
Twitter
@reciprocitylabs
505 Twitter followers
LinkedIn® Page
www.linkedin.com
130 employees on LinkedIn®

Overview Provided by:
Show More

ZenGRC Videos

ZenGRC Screenshots

Answer a few questions to help the ZenGRC community
Have you used ZenGRC before?
Yes

ZenGRC Reviews

Write a Review
Filter reviews
LinkedIn®
Connections
Popular Mentions
Showing 41 ZenGRC reviews
Popular Mentions
Showing 41 reviews
Filter Reviews
Filter Reviews
Sort by
Ratings
Company Size
User Role
All Industries
Region
Already have ZenGRC?
Write a Review
Internal Auditor II
Small-Business(50 or fewer emp.)
Validated Reviewer
Verified Current User
Review source: Invitation from G2 on behalf of the seller
What do you like best?

ZenGRC has provided my contract compliance team with its first ever compliance tool, which has been huge in collecting and retaining documentation for our quarterly compliance audits. With over 500 requirements our account team must comply with, Zen has allowed easier and more direct access to useful information for our business owners. As compliance is not always top of mind for them with their day to day work, the tasks feature has become very helpful in reminding them of our requirements without my team having to pester them with emails or follow up on every major requirement to ensure it is completed. Both sides have appreciated this!

The Reciprocity team has been helpful and easy to work with. Since our compliance audits are not any of the standard ones, we had to add multiple new categories of information when setting up our account. Reciprocity worked closely with us so the tool could work for our purposes, and this customization ability for a reasonable price was a major reason why our team chose to use ZenGRC. Review collected by and hosted on G2.com.

What do you dislike?

Overall, the tool is not as flexible as I would prefer, but Reciprocity seems to be constantly working on updates. It is important to note that my team mostly works with the Audit Management section of ZenGRC; therefore, I do not care about Reciprocity's updates to the risk and threat sections (which currently seems to be going through the most changes).

Our compliance audit is not one of the standards--SOC, SOX, etc--so how the Compliance Objects (programs, standards, sections, objectives, controls) are set up in the tool creates a lot of redundancy. In order for us to complete an assessment of a requirement after it being tested, we need to have a control and cannot tie it directly to an objective. Additionally, we were able to create custom attributes relevant to our needs, but are unable to hide or remove the standard attributes that do not apply to us.

Regardless of the sections used, the tool has multiple ways of viewing information, which is good, but not all of them allow for column widths or the order of the columns to be changed for optimal viewing by the user. Additionally, the ability to filter and sort is not consistent between the audit view, objects list, and the to-do list, which can be frustrating. These features seem to be standard in most applications these days so I was disappointed with the limited flexibility. Review collected by and hosted on G2.com.

Recommendations to others considering the product:

I can only really speak to the compliance audit management aspect of the tool so if that is what you are looking for, I would suggest looking more closely at ZenGRC. The way the Audit section is set up with the requests, assessments, issues and mapping to objectives/controls has been a huge plus to our team's efficiency. Additionally I expect the large amount of information able to be stored at our users' fingertips will be even more helpful with future audits as we have only exclusively used Zen for two quarterly audits thus far.

When deciding if ZenGRC is the right tool for you, look into how much customization your team might need to implement for the tool to match the information you are wanting to collect and track. Review collected by and hosted on G2.com.

What problems are you solving with the product? What benefits have you realized?

ZenGRC has provided my contract compliance team with its first ever compliance tool, which has been huge in collecting and retaining documentation for our quarterly compliance audits. Additionally, the tasks feature has become popular with our business owners for reminding them of requirements we must meet, which can be difficult to keep track of as there are over 500 contract requirements my team must comply with.

Overall the benefits outweigh the negatives I have provided so our team is happy with our choice. The Reciprocity team is very responsive to users' needs so I would not be surprised if all of my current dislikes are resolved in the future. Review collected by and hosted on G2.com.

Show More
Show Less
Enterprise(> 1000 emp.)
Validated Reviewer
Verified Current User
Review source: Invitation from G2 on behalf of the seller
What do you like best?

The layout of ZenGRC is easy to navigate and to see where you stand status wise with tasks and requests. You can easily pinpoint areas that need more focus. Review collected by and hosted on G2.com.

What do you dislike?

Trying to explain to our team the difference between the Tasks and the Audit Requests is a tiny bit confusing. But once I explain the difference, they are able to navigate their To Do items better. Review collected by and hosted on G2.com.

Recommendations to others considering the product:

If you want a program to help you organize your controls environment and allow more visibility into the status of the controls, I recommend ZenGRC. It has helped us make our processes more streamlined and the evidence gathering process much faster and efficient. Review collected by and hosted on G2.com.

What problems are you solving with the product? What benefits have you realized?

We are seeing areas or controls that users may be struggling with completing. We are also able to see how our controls are mapped to ISO easily and mapped to each other and our internal policies. Review collected by and hosted on G2.com.

Show More
Show Less
Manager- Risk and Field Security
Enterprise(> 1000 emp.)
Validated Reviewer
Verified Current User
Review source: Invitation from G2 on behalf of the seller
What do you like best?

What I love best about ZenGRC is that there are multiple modules but at one fair price. The value for the software is huge since we are able to use it across multiple departments and integrate multiple processes. I selected and purchase this product twice (at two different companies). The seeded content was a life saver when implementing. And the data import functionality allowed us to rapidly bring in historical data to immediately see the value. Review collected by and hosted on G2.com.

What do you dislike?

One area they can improve on is dashboards. I know they have made improvements but there is still some work needed. In general, I think the ability to get reports or data out of Zen is lacking. I would love to be able to export an audit report, rather than just the audit data in a spreadsheet. But I think they are making a lot of improvements. Review collected by and hosted on G2.com.

What problems are you solving with the product? What benefits have you realized?

The biggest issue was automation. Everything we had was on spreadsheets. But we were able to utilize the import process, automated risk scoring and questionnaires to streamline third party risk assessments, business impact analysis, risk management and tracking and auditing. Review collected by and hosted on G2.com.

Show More
Show Less
Network Security Engineer - GRC
Enterprise(> 1000 emp.)
Validated Reviewer
Verified Current User
Review source: Invitation from G2 on behalf of the seller
What do you like best?

The ease of use and administration is well balanced with the functionality needed in a GRC tool. ZenGRC gets the job done without being overly complicated. Review collected by and hosted on G2.com.

What do you dislike?

To meet our requirements, we initially deployed on-premises. However, soon after that, we found that software upgrades required too much IT involvement. Also, the technical specifications to continue to host on-premises did not align with our internal standards. We had to re-assessing our risk in storing sensitive information off-site. After performing more stringent due diligence of ZenGRC as a vendor, we migrated to ZenGRC cloud-hosted. Our preference would have been to remain on-premises with better upgrade automation that ZenGRC Administrators could perform within the user interface. Review collected by and hosted on G2.com.

Recommendations to others considering the product:

Have a sound understanding of your minimum requirements. Across all the vendors you are evaluating, be sure to consider the total cost of ownership compared to the amount of complexity in thier software to meet your needs. Review collected by and hosted on G2.com.

What problems are you solving with the product? What benefits have you realized?

PCI Assessments became more efficient with Objects, Controls, Requests, and Evidence migrated from spreadsheets and disparate file repositories to one system with relational mapping. Mapping Risks to our Vendors and Vulnerability management programs provides a holistic view of our security posture. Review collected by and hosted on G2.com.

Show More
Show Less
Enterprise(> 1000 emp.)
Validated Reviewer
Verified Current User
Review source: Organic
What do you like best?

Flexibility. ZenGRC, while powerful out of the box, allows an organization to make extensive adjustments in how it builds out and maintains compliance programs. Extensive cross-mapping options, custom attributes, integration with a number of prominent ticketing systems are all present with more options on the product roadmap. This flexibility has allowed us to provide better insight into our risk program to senior management while also meeting the expectations of our auditors. Review collected by and hosted on G2.com.

What do you dislike?

A number of integrations are not fully fleshed out yet and provide a minimum amount of functionality. Seeing these integrations develop into more functional tools is on the product roadmap, but it is a source of some frustration. Ideally, more of the integrations would be added to the ZenConnect suite. Review collected by and hosted on G2.com.

Recommendations to others considering the product:

Take the time to work with the onboarding team regarding your processes rather than performing a "lift and shift". In many cases, their GRC experts can offer suggestions on how to make adjustments that will make the implementation and management of the tool go more smoothly. Have a good idea of your own roadmap when going through this process so that you can avoid building for the moment and not for the future. Review collected by and hosted on G2.com.

What problems are you solving with the product? What benefits have you realized?

Initially we had purchased ZenGRC to support our auditing process as we took on additional certifications. In our first external audit with ZenGRC, we were able to leverage existing data in the tool to lower the number of requests to control owners by 40%. With the success on the audit side, we are now working on expanding our use of the risk and vendor components of the tool. Review collected by and hosted on G2.com.

Show More
Show Less
AM
Mid-Market(51-1000 emp.)
Validated Reviewer
Verified Current User
Review source: Invitation from G2 on behalf of the seller
What do you like best?

Overview:

Our company got ISO 27001 certified in 2019 and our ISMS was managed through Google docs, spreadsheets, and some of it in Atlassian products. This worked fine but was not much scalable nor did we have a single source of truth to refer to. In addition, we started to prepare for a SOC 2 certification in 2021 and now wanted to map our controls against multiple compliance frameworks. We reviewed several tools mentioned in the 2020 Gartner report for GRC products and narrowed down to ZenGRC for several reasons: It's nimble and faster to adopt than products, and yet strikes a good balance between simplicity and feature coverage. As a SaaS platform, we see ZenGRC growing with us as we progress our compliance programs.

Onboarding experience:

This process was a very pleasant experience with a set of scheduled video calls and hands-on training on the product. There was plenty of time for open questions and in some sessions, a Reciprocity GRC expert joined to answer specific questions on frameworks and how to apply them in the tool. This added a lot of value.

In addition to the onboarding sessions, we got access to the Zen University, an e-learning platform with video courses covering all areas of the product. The course modules are easy to follow tutorials that encourage to use the product while watching to get the most out of it. These courses were a great way to prepare each onboarding video call and note questions.

We also have access to ZenGRC's online documentation which covered all our needs so far. There are tutorials on features and also tips and tricks on how to utilise the product most effectively.

Access to GRC experts:

As mentioned above in the onboarding experience, having access to GRC experts when we are stuck with a certain question adds a lot of value to the services provided. We not only have access to a platform to manage our compliance programs but can also resolve roadblocks through expert advice as.

Data import:

As with all GRC products, data import is an important aspect and the CSV import functionality ZenGRC offers works really well. I was able to pick it up within a very short time and important most of our data already during our onboarding phase. The importer supports copy & paste from a spreadsheet, import of a spreadsheet directly and has useful validation to avoid importing incorrect data.

Ideas portal:

After onboarding, we have been pointed to an ideas portal where Reciprocity customers can vote on existing product ideas submitted by other customers or submit their own. It's really useful to see what features other customers requested and upvote what's of most value for our organization. Review collected by and hosted on G2.com.

What do you dislike?

If you come from a very mature Google world, then ZenGRC's interfaces look a little basic in some areas. However, this doesn't really affect functionality or effectivity of the product.

The dashboard functionality served us well for now but could add a little more customizability. That being said, there have been improvements since we have adopted ZenGRC and there are more improvements on the roadmap. Also, we use Tableau and the native integration would solve all our needs for reporting should we ever need more.

The list view navigation and search sometimes require more clicks than necessary depending on what you are looking for. This has been raised in the ideas portal already and improvements are in the works. Review collected by and hosted on G2.com.

What problems are you solving with the product? What benefits have you realized?

We solved the challenge of adopting multiple compliance frameworks in one product (ISO 27001, SOC 2, as well as privacy frameworks like GDPR, CCPA). The benefits realised is a single source of truth approach where all compliance monitoring sits in ZenGRC. Review collected by and hosted on G2.com.

Show More
Show Less
Mid-Market(51-1000 emp.)
Validated Reviewer
Verified Current User
Review source: Invitation from G2 on behalf of the seller
What do you like best?

ZenGRC is very adaptable to fit our specific needs for managing our large contract. The fact that we can customize the program to work for us is the best feature in my opinion. Review collected by and hosted on G2.com.

What do you dislike?

The only change I would recommend would be the ability to change the standard naming convention. We use the term requirements or outcomes instead of objectives. Although this is a very minor dislike. We have been able to adapt without too many complaints from our business users. Review collected by and hosted on G2.com.

Recommendations to others considering the product:

I would recommend taking a look at ZenGRC. You might be surprised how they have made this product work for a variety of needs. They are also constantly making updates and making the product better. Review collected by and hosted on G2.com.

What problems are you solving with the product? What benefits have you realized?

ZenGRC allows our users to save documents to one central location rather than saving in their email or in the ShareDrive. It also is a great repository when an employee leaves the company. It is easy to reassign objectives and tasks to other employee so that employee can pick up where the previous employee left off. Review collected by and hosted on G2.com.

Show More
Show Less
AH
Mid-Market(51-1000 emp.)
Validated Reviewer
Verified Current User
Review source: Invitation from G2 on behalf of the seller
What do you like best?

I love that all of the information I need for an audit is connected (mapped) to each other. By opening one control, I can see the objectives it covers, the test plans, the owner, the related policies, any associated risks, etc. It's SO MUCH better than trying to keep it all straight in a spreadsheet. I can take care of vendors, risks, audits.... all in the same pane of glass. Review collected by and hosted on G2.com.

What do you dislike?

I would like to see some improvements in queries/filters. Especially for the dashboards. I would love an option for "not assigned." For example, I want to create a dashboard for how many controls don't have any associated tasks. That can help me demonstrate how far along we are on a project. The dashboard section could use some more in depth documentation. Perhaps some more examples on how to get the most out of it. Review collected by and hosted on G2.com.

Recommendations to others considering the product:

Definitely take the plunge. You'll thank yourself later. Review collected by and hosted on G2.com.

What problems are you solving with the product? What benefits have you realized?

We're just getting started building our program. Making sure we have controls to cover all of the requirements (across multiple frameworks) has been amazing. We're utilizing the SCF to take advantage of overlaps. We're also starting to load in our policies, vendors, etc so we can associate everything together, in one place. Previously (without the tool), I've had to manually keep track of that across several documents. This has reduced the time it takes for me to do my job. Review collected by and hosted on G2.com.

Show More
Show Less
AI
Mid-Market(51-1000 emp.)
Validated Reviewer
Verified Current User
Review source: Invitation from G2 on behalf of the seller
What do you like best?

ZenGRC is a great tool for my company as we do a lot of compliance frameworks so it's easier to track and map to. I like that I can cross-map to all the other frameworks and see what isn't mapped and need to improve on. Great to use to notified process owners about what evidence is needed and what previous evidence was submitted before. Review collected by and hosted on G2.com.

What do you dislike?

It can have some improvement be done on it to be more user friendly. We have some process owners that are not experience in Compliance framework and trying to navigate the tool. But once they understand where to go and what to look for it, is convenient for them. Review collected by and hosted on G2.com.

Recommendations to others considering the product:

Great tool to use to see all the control you have in the system and control mapping to all other security framworks (i.e. SOC, ISO 27001, 27017, 27018, PCI, FedRAMP, CSA Star, etc). Review collected by and hosted on G2.com.

What problems are you solving with the product? What benefits have you realized?

Control mapping and easier to gather appropriate evidence from correct process owners. It's a centralized place to see all our controls and the evidence we provided. I like that we are able to integrate it with JIRA as our Engineers are more comfortable with JIRA. Review collected by and hosted on G2.com.

Show More
Show Less
Information Security and Privacy Engineer
Mid-Market(51-1000 emp.)
Validated Reviewer
Verified Current User
Review source: Organic
What do you like best?

1. Versatility; it can meet a ton of use cases, and is extremely intuitive.

2. Integrations; ZenGRC easily plugs into common productivity tools like JIRA and Slack, which makes it easy to use across a distrusted organization.

3. Customer support; Zen has dedciated support and customer success managers that make it easy to deploy and get started. Review collected by and hosted on G2.com.

What do you dislike?

If you are hard pressed to find a GRC solution that meet some very specific or niche requirements (ex. Article 30 reporting for GDPR), Zen may not hit all of your bases, but this is easily made up for by its low price, and general versatility for any framework. Review collected by and hosted on G2.com.

What problems are you solving with the product? What benefits have you realized?

Large scale compliance management, audit management, risk and control management, vendor risk management, and (soon) asset management. Review collected by and hosted on G2.com.

Show More
Show Less
AC
Enterprise(> 1000 emp.)
Validated Reviewer
Verified Current User
Review source: Organic
What do you like best?

ZenGRC is able to help us manage all of our compliance activities from audits to vendor reviews. It is wonderful to be able to use the same tool for multiple use cases. The tool is easy to configure and fairly intuitive. It does not take long to understand how to set it up for your specific needs. Review collected by and hosted on G2.com.

What do you dislike?

It would be nice if ZenGRC could help automate the vendor reviews by allowing us to configure the answers we want to see and having the tool flag those questions that don't meet our criteria, which are the ones we need to focus on. I would also like to see the export of the questionnaires in a little more readable format. Review collected by and hosted on G2.com.

Recommendations to others considering the product:

ZenGRC is able to manager our audits and our vendor security reviews seamlessly! Review collected by and hosted on G2.com.

What problems are you solving with the product? What benefits have you realized?

We have streamlined our vendor reviews allowing us to manage twice as many questionnaires as we could when it was in a Word document. Review collected by and hosted on G2.com.

Show More
Show Less
IM
Enterprise(> 1000 emp.)
Validated Reviewer
Verified Current User
Review source: Invitation from G2 on behalf of the seller
What do you like best?

Right now for us, ZenGRC is a responsive vendor that is working very hard to provide a product that the customer wants. There is a great feedback loop that feeds constant innovation within the platform. Review collected by and hosted on G2.com.

What do you dislike?

Some areas are less mature than others. While there are many areas /foci within the tool, they are not all equally mature. It seems as though the audit preparedness / audit function side of the product is getting the most attention these days. Great for audit teams, less so for our use (VRM). Review collected by and hosted on G2.com.

What problems are you solving with the product? What benefits have you realized?

Vendor Cyber Risk Assessments, and tracking of those assessments and vendors. We have streamlined the process and have much better Vendor Risk Management capabilities. Review collected by and hosted on G2.com.

Show More
Show Less
Mid-Market(51-1000 emp.)
Validated Reviewer
Verified Current User
Review source: Organic
What do you like best?

ZenGRC allowed us to get our Compliance program up and running in relatively no time. The tool provides a centralized area for our compliance team to work and collaborate with others. It also integrates with Jira which allowed us to implement the work into our project management workflows.

ZenGRC is a powerful tool which can make your compliance team work more effectively which having a centralized place for audits, vendors, and risks. Review collected by and hosted on G2.com.

What do you dislike?

The permissions recently changed. This means some of our folks lost access, and we had to redefine roles within the platform. I think the new roles may be slightly misleading. Review collected by and hosted on G2.com.

What problems are you solving with the product? What benefits have you realized?

ZenGRC has allowed us to formally define our initial compliance program. The tool provided a great framework for us to get started, and has continued to benefit us through the establishment of the program. I'm not sure we would have been able to achieve the same level of success without it. Review collected by and hosted on G2.com.

Show More
Show Less
Enterprise(> 1000 emp.)
Validated Reviewer
Review source: Organic
What do you like best?

We had a couple of demos before going with ZenGRC. Particularly like the good user interface, making it simple to use yet a powerful tool! ZenGRC has helped us easily scale from managing 2 frameworks to 4 and counting. I was Review collected by and hosted on G2.com.

What do you dislike?

We were super excited for the Jira integration that came out of the box. However, this functionality is not fully developed and we still have to manually sync attachments from Jira to Zen. Having this fully functional will be a time saver for my team. Review collected by and hosted on G2.com.

What problems are you solving with the product? What benefits have you realized?

ZenGRC has afforded visibility and monitoring/ governance of our control environment across multiple frameworks. We have also being able to build a risk management framework and currently exploring transitioning our vendor management in ZenGRC Review collected by and hosted on G2.com.

Show More
Show Less
AI
Enterprise(> 1000 emp.)
Validated Reviewer
Verified Current User
Review source: Organic
What do you like best?

As a SaaS application, It's easy to set up and use. Customer Support and Professional Services teams have been fantastic to work with. Review collected by and hosted on G2.com.

What do you dislike?

No major complaints, our experience has been very good. Review collected by and hosted on G2.com.

Recommendations to others considering the product:

Definitely put ZenGRC on your short list. Review collected by and hosted on G2.com.

What problems are you solving with the product? What benefits have you realized?

We needed an application to run compliance audits, as a step up from a heavily manual email and spreadsheet-based process. ZenGRC was an ideal solution because as a SaaS product it is easy to get up and running. ZenGRC's professional services organization has helped us expand the compliance frameworks we can audit against. We started with SOC audits and will soon be testing against ISO 27001 and NIST 800-53. Review collected by and hosted on G2.com.

Show More
Show Less
AF
Small-Business(50 or fewer emp.)
Validated Reviewer
Verified Current User
Review source: Invitation from G2 on behalf of the seller
What do you like best?

1/ Customer on-boarding and experience

2/ Ability to link and map all we need from risks, controls, programs, ... Review collected by and hosted on G2.com.

What do you dislike?

UI could be improved

Add more integration Review collected by and hosted on G2.com.

What problems are you solving with the product? What benefits have you realized?

Audit

Internal controls

Configuration management Review collected by and hosted on G2.com.

Show More
Show Less
AI
Mid-Market(51-1000 emp.)
Validated Reviewer
Review source: Invitation from G2 on behalf of the seller
What do you like best?

ZenGRC consultants are very responsive and helpful. I like that they have a consultant that work closely with each account and give very detailed feedback. They have countless service and pricing is very reasonable. They have a lot of frameworks available so we don’t have to look elsewhere. Review collected by and hosted on G2.com.

What do you dislike?

I think the interface could be more user friendly. When there’s more than 3 frameworks, the interface could get a little bit confusing to find the reverse mapping. Review collected by and hosted on G2.com.

What problems are you solving with the product? What benefits have you realized?

It helps significantly. Since our company has a lot of framework (SOC, ISO 27001/27017/27018, PCI, FedRamp, HITRUST, etc.). It helps us mapped everything together. Review collected by and hosted on G2.com.

Show More
Show Less
AC
Mid-Market(51-1000 emp.)
Validated Reviewer
Verified Current User
Review source: Organic
What do you like best?

Zen is very user friendly and the support staff is superb. Review collected by and hosted on G2.com.

What do you dislike?

The only area I wish was easier was creating an audit. Also, it would be helpful to clone an already created audit. Review collected by and hosted on G2.com.

Recommendations to others considering the product:

Our audit firm says it is the best tool they have used during an audit. The ease of use makes the audit process run smoothly. Review collected by and hosted on G2.com.

What problems are you solving with the product? What benefits have you realized?

We are managing all audits with ZenGRC. We are also tracking incidents, managing vendors, and monitoring risks. Review collected by and hosted on G2.com.

Show More
Show Less
Manager
Small-Business(50 or fewer emp.)
Validated Reviewer
Review source: Organic
What do you like best?

Easy initial set up with already setup frameworks and mapping of controls. I can use it with very little configuration and workflow changes Review collected by and hosted on G2.com.

What do you dislike?

Reports could be more detailed and technical user friendly.

From user administration, there could be more options to restrict or grant access Review collected by and hosted on G2.com.

What problems are you solving with the product? What benefits have you realized?

My customer was in process of establishing common control frameworks. ZenGRC made it really easy out of the box to set up frameworks and conduct audits Review collected by and hosted on G2.com.

Show More
Show Less
AR
Enterprise(> 1000 emp.)
Validated Reviewer
Verified Current User
Review source: Invitation from G2 on behalf of the seller
What do you like best?

The tool is easy to navigate in and has a lot of flexibility to add custom attributes to each of the data types, particularly when using it as a system of record for compliance-related activities. The company is also really receptive to feedback as far as its features - they've incorporated a lot of the feedback provided. Review collected by and hosted on G2.com.

What do you dislike?

There are some features that aren't super robust - like role-based access controls, uploading multiple files to a record in bulk, and the general setup of the Jira integration. Review collected by and hosted on G2.com.

Recommendations to others considering the product:

Make sure you understand what you need from your GRC tool. If you're looking to tie into piles and piles of other tools, have complex workflows, and do specialized reporting, you'll want something more robust, heavier, and expensive. Zen was a good balance of functionality and cost for my company. Also, it really helps in implementation if you controls defined in advance. Review collected by and hosted on G2.com.

What problems are you solving with the product? What benefits have you realized?

ZenGRC is the system of record for a slew of activities at my company, including the risk register, vendors and vendor risks, critical changes, and security controls. The audit functionality will be the next thing we hope to use exclusively. ZenGRC is effectively a "force multiplier" for a one-person GRC team - it would take 2-3 more people to keep track of all the data we keep in Zen, so the cost savings is easily there. Review collected by and hosted on G2.com.

Show More
Show Less
AF
Mid-Market(51-1000 emp.)
Validated Reviewer
Verified Current User
Review source: Invitation from G2 on behalf of the seller
What do you like best?

ZenGRC has been a great tool for our organization. Onboarding was simple as there was great guidance by the Reciprocity team, Importing SOC 2 and ISO 27001 standards was seamless, creating requests (and repeating requests) has helped keep our team on track, and managing risks are vital parts of our compliance sector. ZenGRC has made these formally tricky but integral parts of our organization seamless. Review collected by and hosted on G2.com.

What do you dislike?

The use of dashboards is something our organization utilizes across a multitude of applications and I don't find the compliance dashboard particularly useful for our purposes. That being said it does show what it needs to. Review collected by and hosted on G2.com.

Recommendations to others considering the product:

ZenGRC is a powerful tool which can make your compliance team work more effectively which having a centralized place for audits, vendors, and risks. Review collected by and hosted on G2.com.

What problems are you solving with the product? What benefits have you realized?

ZenGRC has offered us the ability to simply track audit requests and tasks, store and manage our risks while offering visual representations of where we stand, manage vendors by sending standard questionnaires, and have a tool to store our audits for previous years where evidence lives indefinitely. Review collected by and hosted on G2.com.

Show More
Show Less
Mid-Market(51-1000 emp.)
Validated Reviewer
Verified Current User
Review source: Invitation from G2 on behalf of the seller
What do you like best?

The flexibility to manage multiple compliance programs, audits and risk management needs Review collected by and hosted on G2.com.

What do you dislike?

The multiple mapping options can confuse the links between objects, controls, risks, and programs. Review collected by and hosted on G2.com.

What problems are you solving with the product? What benefits have you realized?

The ability to direct and analyze audit and compliance needs, including the ability to connect business and operational factors within a single correspondent management interface, addresses the difficulties inherent in the ongoing risk and audit management process. Review collected by and hosted on G2.com.

Show More
Show Less
MIS CRM
Mid-Market(51-1000 emp.)
Validated Reviewer
Verified Current User
Review source: Invitation from G2 on behalf of the seller
What do you like best?

I love the fact that most things are automated and having a means to track when tasks get done, when vendor questionnaires or due diligence is done, and that I don't have to use spreadsheets nearly as often or at all! Between tasks on schedules that send emails when things are due, full history tracking of changes to our policies and processes, vendor questionnaires, having a functioning and easier to manage risk and vulnerability register, it just makes things much easier than having to track everything in files and directories and Office365 emails and tasks. I love that the staff imported our compliance programs with every section and objective, and then uploaded a Secure Controls Framework that we customized to match our company, and fulfill our compliance needs so seamlessly. Auditing functionality is amazing too as we can actually see where we stand in our programs and what needs to be done. Review collected by and hosted on G2.com.

What do you dislike?

The only downside I can think of is being the cost, for what we do, it cost about 4-5k a month. Though we do get excellent support and it's necessary being the only GRC employee at our company. Review collected by and hosted on G2.com.

Recommendations to others considering the product:

It's the best (albeit most expensive) software we tried. But for me the performance was worth the cost. At the very least just demo the product and ask any question you have, they had an answer for everything I could throw at them and sold me on it. Don't regret it. Review collected by and hosted on G2.com.

What problems are you solving with the product? What benefits have you realized?

Solving problems of things getting lost in the fog. Such as maintaining email strings and following up with people personally or double checking everyone's spreadsheets within a ton of different directories. ZenGRC helps actually organize and raise efficiency to where I am no longer spending most of my time trying to find things or fill out a spreadsheet to say I did a Firewall review. The vendor questionnaires are awesome for following up with vendors for risk assessments. Having a risk, vulnerability, problem and a ton of different registers help keep track of everything. Being able to assign tasks to literally anything, and map objects to literally anything is amazing. Such as having a control that says that we have an access control policy, well just map the access control directly to the control and there's the proof for the audit.

Do a demo with them, it was the best we demo'd out of 5 different providers. Ease of use is outstanding. Review collected by and hosted on G2.com.

Show More
Show Less
AI
Mid-Market(51-1000 emp.)
Validated Reviewer
Verified Current User
Review source: Invitation from G2 on behalf of the seller
What do you like best?

The ZenGRC portal not only comes with a well-made application but great customer service as well. Our risk & compliance program is much more streamlined now that everything is accessible in one tool, and onboarding the team to the program is made simple through their online education system. Review collected by and hosted on G2.com.

What do you dislike?

It would be nice to have more customizability in the application. Not everyone wants to use the wording provided in the dropdowns in certain tabs. Having the ability to change dropdown text would be a great addition. Review collected by and hosted on G2.com.

What problems are you solving with the product? What benefits have you realized?

Our Risk & Compliance program was scattered through multiple locations and involved a lot of heavy searching. Onboarding new personnel would not have been easy. ZenGRC allowed us to centralize the program and provides the user training for us. The controls that were uploaded by the ZenGRC team are a great help too when mapping controls and preparing for audits. Review collected by and hosted on G2.com.

Show More
Show Less
Sharepoint
Mid-Market(51-1000 emp.)
Validated Reviewer
Verified Current User
Review source: Invitation from G2 on behalf of the seller
What do you like best?

I can keep track of the requests for the audit in my To Do list, auditors can ask questions, get my response and have a conversation trail on the request utilizing comments. The commenting record creates a history and I do not need to hunt through my email. Review collected by and hosted on G2.com.

What do you dislike?

I would like the ability to rearrange the columns in my display. When the verifier stage is reached, we often have more than one person assigned. It would be nice to have the function to turn on letting each verifier select evidence acceptance before changing to Completed status. Review collected by and hosted on G2.com.

What problems are you solving with the product? What benefits have you realized?

Tying the evidence to the request, in the past we used a file repository to store the evidence and it was not always easy to tie it back to the request for the auditors. Better transparency on the status of audit requests in all stages. Review collected by and hosted on G2.com.

Show More
Show Less