Our company got ISO 27001 certified in 2019 and our ISMS was managed through Google docs, spreadsheets, and some of it in Atlassian products. This worked fine but was not much scalable nor did we have a single source of truth to refer to. In addition, we started to prepare for a SOC 2 certification in 2021 and now wanted to map our controls against multiple compliance frameworks. We reviewed several tools mentioned in the 2020 Gartner report for GRC products and narrowed down to ZenGRC for several reasons: It's nimble and faster to adopt than products, and yet strikes a good balance between simplicity and feature coverage. As a SaaS platform, we see ZenGRC growing with us as we progress our compliance programs.
This process was a very pleasant experience with a set of scheduled video calls and hands-on training on the product. There was plenty of time for open questions and in some sessions, a Reciprocity GRC expert joined to answer specific questions on frameworks and how to apply them in the tool. This added a lot of value.
In addition to the onboarding sessions, we got access to the Zen University, an e-learning platform with video courses covering all areas of the product. The course modules are easy to follow tutorials that encourage to use the product while watching to get the most out of it. These courses were a great way to prepare each onboarding video call and note questions.
We also have access to ZenGRC's online documentation which covered all our needs so far. There are tutorials on features and also tips and tricks on how to utilise the product most effectively.
Access to GRC experts:
As mentioned above in the onboarding experience, having access to GRC experts when we are stuck with a certain question adds a lot of value to the services provided. We not only have access to a platform to manage our compliance programs but can also resolve roadblocks through expert advice as.
As with all GRC products, data import is an important aspect and the CSV import functionality ZenGRC offers works really well. I was able to pick it up within a very short time and important most of our data already during our onboarding phase. The importer supports copy & paste from a spreadsheet, import of a spreadsheet directly and has useful validation to avoid importing incorrect data.
After onboarding, we have been pointed to an ideas portal where Reciprocity customers can vote on existing product ideas submitted by other customers or submit their own. It's really useful to see what features other customers requested and upvote what's of most value for our organization. Review collected by and hosted on G2.com.