ZenGRC Bewertungen & Produktdetails

Overview:

Our company got ISO 27001 certified in 2019 and our ISMS was managed through Google docs, spreadsheets, and some of it in Atlassian products. This worked fine but was not much scalable nor did we have a single source of truth to refer to. In addition, we started to prepare for a SOC 2 certification in 2021 and now wanted to map our controls against multiple compliance frameworks. We reviewed several tools mentioned in the 2020 Gartner report for GRC products and narrowed down to ZenGRC for several reasons: It's nimble and faster to adopt than products, and yet strikes a good balance between simplicity and feature coverage. As a SaaS platform, we see ZenGRC growing with us as we progress our compliance programs.

Onboarding experience:

This process was a very pleasant experience with a set of scheduled video calls and hands-on training on the product. There was plenty of time for open questions and in some sessions, a Reciprocity GRC expert joined to answer specific questions on frameworks and how to apply them in the tool. This added a lot of value.

In addition to the onboarding sessions, we got access to the Zen University, an e-learning platform with video courses covering all areas of the product. The course modules are easy to follow tutorials that encourage to use the product while watching to get the most out of it. These courses were a great way to prepare each onboarding video call and note questions.

We also have access to ZenGRC's online documentation which covered all our needs so far. There are tutorials on features and also tips and tricks on how to utilise the product most effectively.

Access to GRC experts:

As mentioned above in the onboarding experience, having access to GRC experts when we are stuck with a certain question adds a lot of value to the services provided. We not only have access to a platform to manage our compliance programs but can also resolve roadblocks through expert advice as.

Data import:

As with all GRC products, data import is an important aspect and the CSV import functionality ZenGRC offers works really well. I was able to pick it up within a very short time and important most of our data already during our onboarding phase. The importer supports copy & paste from a spreadsheet, import of a spreadsheet directly and has useful validation to avoid importing incorrect data.

Ideas portal:

After onboarding, we have been pointed to an ideas portal where Reciprocity customers can vote on existing product ideas submitted by other customers or submit their own. It's really useful to see what features other customers requested and upvote what's of most value for our organization. Bewertung gesammelt von und auf G2.com gehostet.

If you come from a very mature Google world, then ZenGRC's interfaces look a little basic in some areas. However, this doesn't really affect functionality or effectivity of the product.

The dashboard functionality served us well for now but could add a little more customizability. That being said, there have been improvements since we have adopted ZenGRC and there are more improvements on the roadmap. Also, we use Tableau and the native integration would solve all our needs for reporting should we ever need more.

The list view navigation and search sometimes require more clicks than necessary depending on what you are looking for. This has been raised in the ideas portal already and improvements are in the works. Bewertung gesammelt von und auf G2.com gehostet.

ZenGRC ist sehr anpassungsfähig, um unseren spezifischen Anforderungen für die Verwaltung unseres großen Vertrags gerecht zu werden. Die Tatsache, dass wir das Programm anpassen können, um für uns zu arbeiten, ist meiner Meinung nach das beste Merkmal. Bewertung gesammelt von und auf G2.com gehostet.

Die einzige Änderung, die ich empfehlen würde, wäre die Möglichkeit, die standardmäßige Namenskonvention zu ändern. Wir verwenden den Begriff Anforderungen oder Ergebnisse anstelle von Zielen. Obwohl dies eine sehr geringe Abneigung ist. Wir konnten uns anpassen, ohne zu viele Beschwerden von unseren Geschäftsanwendern zu erhalten. Bewertung gesammelt von und auf G2.com gehostet.

ZenGRC provides a solid risk management solution that is easy to use and integrates well with other tools such as JIRA and Splunk. Assessments such as PCI and NIST are easier to manage and the dash board reporting provides an excellent holistic view of our overall security posture. Bewertung gesammelt von und auf G2.com gehostet.

At times it feels like there are too many options when building a program, mapping etc. Having such flexibility is great but sometimes, it would be nice to have existing builds for established industry standards. Bewertung gesammelt von und auf G2.com gehostet.

I love that all of the information I need for an audit is connected (mapped) to each other. By opening one control, I can see the objectives it covers, the test plans, the owner, the related policies, any associated risks, etc. It's SO MUCH better than trying to keep it all straight in a spreadsheet. I can take care of vendors, risks, audits.... all in the same pane of glass. Bewertung gesammelt von und auf G2.com gehostet.

I would like to see some improvements in queries/filters. Especially for the dashboards. I would love an option for "not assigned." For example, I want to create a dashboard for how many controls don't have any associated tasks. That can help me demonstrate how far along we are on a project. The dashboard section could use some more in depth documentation. Perhaps some more examples on how to get the most out of it. Bewertung gesammelt von und auf G2.com gehostet.

Ease of operations, metrics displaying level of program maturity Bewertung gesammelt von und auf G2.com gehostet.

Perhaps the reporting could be made easier Bewertung gesammelt von und auf G2.com gehostet.

ZenGRC is a great tool for my company as we do a lot of compliance frameworks so it's easier to track and map to. I like that I can cross-map to all the other frameworks and see what isn't mapped and need to improve on. Great to use to notified process owners about what evidence is needed and what previous evidence was submitted before. Bewertung gesammelt von und auf G2.com gehostet.

It can have some improvement be done on it to be more user friendly. We have some process owners that are not experience in Compliance framework and trying to navigate the tool. But once they understand where to go and what to look for it, is convenient for them. Bewertung gesammelt von und auf G2.com gehostet.

1. Vielseitigkeit; es kann eine Vielzahl von Anwendungsfällen abdecken und ist äußerst intuitiv.

2. Integrationen; ZenGRC lässt sich problemlos in gängige Produktivitätstools wie JIRA und Slack integrieren, was die Nutzung in einer dezentralen Organisation erleichtert.

3. Kundensupport; Zen hat engagierte Support- und Kundenerfolgsmanager, die den Einsatz und den Einstieg erleichtern. Bewertung gesammelt von und auf G2.com gehostet.

Wenn Sie Schwierigkeiten haben, eine GRC-Lösung zu finden, die sehr spezifische oder Nischenanforderungen erfüllt (z. B. Artikel 30-Berichterstattung für die DSGVO), deckt Zen möglicherweise nicht alle Ihre Anforderungen ab, aber dies wird leicht durch den niedrigen Preis und die allgemeine Vielseitigkeit für jedes Framework ausgeglichen. Bewertung gesammelt von und auf G2.com gehostet.

ZenGRC is able to help us manage all of our compliance activities from audits to vendor reviews. It is wonderful to be able to use the same tool for multiple use cases. The tool is easy to configure and fairly intuitive. It does not take long to understand how to set it up for your specific needs. Bewertung gesammelt von und auf G2.com gehostet.

It would be nice if ZenGRC could help automate the vendor reviews by allowing us to configure the answers we want to see and having the tool flag those questions that don't meet our criteria, which are the ones we need to focus on. I would also like to see the export of the questionnaires in a little more readable format. Bewertung gesammelt von und auf G2.com gehostet.

PROS:

- Continuous updates and feature upgrades.

- Staff are easy going and friendly to work with.

- Customizable Bewertung gesammelt von und auf G2.com gehostet.

- Since it is so customizable, the things you can't customize sometimes get in the way. However, Reciprocity is very receptive to feedback and often update the product when it makes sense to do so. Bewertung gesammelt von und auf G2.com gehostet.

Very accomodating onboarding and support functions Bewertung gesammelt von und auf G2.com gehostet.

There was nothing that we disliked about the product at this time. Bewertung gesammelt von und auf G2.com gehostet.