---
title: ZenGRC Reviews
meta_title: 'ZenGRC Reviews 2026: Details, Pricing, & Features | G2'
meta_description: Filter 102 reviews by the users' company size, role or industry
  to find out how ZenGRC works for a business like yours.
aggregate_rating:
  rating_value: 4.4
  review_count: 102
  scale: '5'
date_modified: '2026-07-13'
parent_category:
  name: Governance, Risk & Compliance
  url: https://www.g2.com/categories/governance-risk-compliance
---

# ZenGRC Reviews
**Vendor:** Zengrc  
**Category:** [Enterprise Risk Management (ERM) Software](https://www.g2.com/categories/enterprise-risk-management-erm)  
**Average Rating:** 4.4/5.0  
**Total Reviews:** 102
## About ZenGRC
ZenGRC offers an established solution to elevate your company&#39;s risk and compliance program to the highest infosec standards. The cloud-based SaaS solution fits your existing GRC program and also evolves to guide you throughout your maturity roadmap. With ZenGRC as the central platform for your organization&#39;s entire infosec ecosystem, you can achieve continuous monitoring and efficient audit management capabilities, as well as customizable, end-to-end risk management that&#39;s built-in — not bolted on. Companies from SMB all the way to Enterprise use ZenGRC for... — Minimized manual effort through automation — Shortened, simplified audit cycles — Risk management that’s built-in—not bolted on — Increased visibility and reporting with dashboards — Direct integrations with ServiceNow, AWS, Qualys, Slack, JIRA, and more.



## ZenGRC Pros & Cons
**What users like:**

- Users value the **seamless automation** in ZenGRC, simplifying audits and workflows through easy integration and management. (3 reviews)
- Users appreciate ZenGRC for its **centralized compliance management** , greatly simplifying audits and workflow automation. (3 reviews)
- Users appreciate the **ease of use** of ZenGRC, simplifying compliance management and enhancing audit processes significantly. (3 reviews)
- Users commend the **efficient evidence management** of ZenGRC, simplifying audits and improving compliance programs significantly. (3 reviews)
- Users value ZenGRC&#39;s **efficient audit management** , simplifying coordination and enhancing compliance program effectiveness significantly. (2 reviews)
- Users appreciate the **easy certification process** of ZenGRC, benefiting from automated workflows and excellent customer support. (2 reviews)
- Customer Support (2 reviews)
- Easy Integrations (2 reviews)
- Users value the **functionality and manageability** of ZenGRC, appreciating its easy implementation and automation capabilities. (2 reviews)
- Flexibility (2 reviews)

**What users dislike:**

- Users find ZenGRC&#39;s **inadequate reporting** capabilities limit their ability to generate specialized reports efficiently. (3 reviews)
- Users find the **limited reporting capabilities** of ZenGRC frustrating, often resorting to external tools for better analytics. (3 reviews)
- Users find the **reporting capabilities lacking** in ZenGRC, prompting the need for external solutions like PowerBI. (3 reviews)
- Users find the **reporting issues** in ZenGRC limiting, often resorting to external tools like PowerBI for better functionality. (3 reviews)
- Users find ZenGRC&#39;s **complex implementation** challenging, especially for workflows requiring specialized reports. (1 reviews)
- Users find ZenGRC&#39;s **complex navigation** unsuitable for intricate workflows requiring specialized reporting features. (1 reviews)
- Complex Permissions (1 reviews)
- Dashboard Issues (1 reviews)
- Interface Issues (1 reviews)
- Lack of Guidance (1 reviews)

## ZenGRC Reviews
  ### 1. 2 Time Implementer- 2 Times Happy

**Rating:** 5.0/5.0 stars

**Reviewed by:** Meghan M. | Manager- Risk and Field Security, Enterprise (> 1000 emp.)

**Reviewed Date:** November 19, 2020

**What do you like best about ZenGRC?**

What I love best about ZenGRC is that there are multiple modules but at one fair price. The value for the software is huge since we are able to use it across multiple departments and integrate multiple processes. I selected and purchase this product twice (at two different companies). The seeded content was a life saver when implementing. And the data import functionality allowed us to rapidly bring in historical data to immediately see the value.

**What do you dislike about ZenGRC?**

One area they can improve on is dashboards. I know they have made improvements but there is still some work needed. In general, I think the ability to get reports or data out of Zen is lacking. I would love to be able to export an audit report, rather than just the audit data in a spreadsheet. But I think they are making a lot of improvements.

**What problems is ZenGRC solving and how is that benefiting you?**

The biggest issue was automation. Everything we had was on spreadsheets. But we were able to utilize the import process, automated risk scoring and questionnaires to streamline third party risk assessments, business impact analysis, risk management and tracking and auditing.

  ### 2. Practical and straightforward approach to GRC Management.

**Rating:** 4.5/5.0 stars

**Reviewed by:** Paul M. | Network Security Engineer - GRC, Enterprise (> 1000 emp.)

**Reviewed Date:** March 18, 2020

**What do you like best about ZenGRC?**

The ease of use and administration is well balanced with the functionality needed in a GRC tool.  ZenGRC gets the job done without being overly complicated.

**What do you dislike about ZenGRC?**

To meet our requirements, we initially deployed on-premises.  However, soon after that, we found that software upgrades required too much IT involvement. Also, the technical specifications to continue to host on-premises did not align with our internal standards.  We had to re-assessing our risk in storing sensitive information off-site. After performing more stringent due diligence of ZenGRC as a vendor, we migrated to ZenGRC cloud-hosted. Our preference would have been to remain on-premises with better upgrade automation that ZenGRC Administrators could perform within the user interface.

**Recommendations to others considering ZenGRC:**

Have a sound understanding of your minimum requirements. Across all the vendors you are evaluating, be sure to consider the total cost of ownership compared to the amount of complexity in thier software to meet your needs.

**What problems is ZenGRC solving and how is that benefiting you?**

PCI Assessments became more efficient with Objects, Controls, Requests, and Evidence migrated from spreadsheets and disparate file repositories to one system with relational mapping. Mapping Risks to our Vendors and Vulnerability management programs provides a holistic view of our security posture.

  ### 3. Lightweight GRC Tool

**Rating:** 3.5/5.0 stars

**Reviewed by:** Verified User in Information Technology and Services | Enterprise (> 1000 emp.)

**Reviewed Date:** March 15, 2021

**What do you like best about ZenGRC?**

My company has been using ZenGRC for Audits, Risk management and Vendor management for the past three years. The vendor management section of ZenGRC has made it easy for us to track High risk vendors and the documents received from each vendor.

**What do you dislike about ZenGRC?**

The Audits and Risk management programs were not completely built out and it has been much more challenging to operationalize those programs. It would be helpful if we could build out the internal assessments for SOC 2 and ISO within ZenGRC and provide access to stakeholders to directly upload all documentation required for audits within the tool. The tool should then help us send automated notifications to stakeholders when documents are incomplete.

**What problems is ZenGRC solving and how is that benefiting you?**

Tracking Internal and external compliance assessments for SOC 2 and ISO, Vendor Management and Risk Management

  ### 4. The platform is user friendly and usable, but in some cases more functionality wanted regarding docs

**Rating:** 4.0/5.0 stars

**Reviewed by:** Verified User in Computer & Network Security | Mid-Market (51-1000 emp.)

**Reviewed Date:** August 27, 2021

**What do you like best about ZenGRC?**

Mapping and managing vendors, Export data

**What do you dislike about ZenGRC?**

In some cases, cross-mapping could be meshed automatically and policy management.
Also, we continue the use of sheets in mass mappings and importing them to the platform.

**What problems is ZenGRC solving and how is that benefiting you?**

all our GRC needs except documentation/policy management

  ### 5. Great tool for risk professionals

**Rating:** 5.0/5.0 stars

**Reviewed by:** Verified User in Financial Services | Mid-Market (51-1000 emp.)

**Reviewed Date:** November 09, 2021

**What do you like best about ZenGRC?**

The ability to manage vendors and the ability to track risks

**What do you dislike about ZenGRC?**

The programs are difficult to structure. Connecting controls and risks with policies are procedures and cross-referencing controls from other programs.

**What problems is ZenGRC solving and how is that benefiting you?**

Reporting is a benefit.  Tracking risks and managing vendors.

  ### 6. ZenGrc review

**Rating:** 3.0/5.0 stars

**Reviewed by:** Verified User in E-Learning | Enterprise (> 1000 emp.)

**Reviewed Date:** August 04, 2021

**What do you like best about ZenGRC?**

Collecting evidences and tracking Audits

**What do you dislike about ZenGRC?**

UI - too many tools bars, filters are not unique through out tool, No ability to assign more than one auditor to review the audit requests

**What problems is ZenGRC solving and how is that benefiting you?**

Auto assigning evidence requests - Saves lot of time and easy for tracking

  ### 7. Efficient, simple, and intuitive compliance management

**Rating:** 4.5/5.0 stars

**Reviewed by:** Verified User in Information Technology and Services | Mid-Market (51-1000 emp.)

**Reviewed Date:** March 15, 2021

**What do you like best about ZenGRC?**

ZenGRC allows us to create and track compliance tasks and their scope to completion with visibility for both the users as well as the auditors/reviewers from start to completion. This allows efficient discussion and back-and-forth communication to ensure all compliance needs are met.

**What do you dislike about ZenGRC?**

Searching and filtering functions can be obscure at times, and there is no general search across the database (must be confined to a specific filter or area).

**What problems is ZenGRC solving and how is that benefiting you?**

We submit all evidence through requests and track them to completion using ZenGRC for our ISO, SOC, and PCI compliance initiatives. This allows us the main benefit of bringing 3rd party reviewers onboard in a safe and efficient manner.

  ### 8. Powerful tool when used right

**Rating:** 4.0/5.0 stars

**Reviewed by:** Verified User in Financial Services | Small-Business (50 or fewer emp.)

**Reviewed Date:** August 04, 2021

**What do you like best about ZenGRC?**

Power to map controls across assessments

**What do you dislike about ZenGRC?**

Least helpful is the knowledge base and set up

**What problems is ZenGRC solving and how is that benefiting you?**

Building a uniformed control framework, benefits include a one stop shop for all compliance efforts

  ### 9. A GRC Tool to meet your growing needs

**Rating:** 4.5/5.0 stars

**Reviewed by:** Chris H. | Enterprise (> 1000 emp.)

**Reviewed Date:** September 17, 2020

**What do you like best about ZenGRC?**

Flexibility.  ZenGRC, while powerful out of the box,  allows an organization to make extensive adjustments in how it builds out and maintains compliance programs.  Extensive cross-mapping options, custom attributes, integration with a number of prominent ticketing systems are all present with more options on the product roadmap.  This flexibility has allowed us to provide better insight into our risk program to senior management while also meeting the expectations of our auditors.

**What do you dislike about ZenGRC?**

A number of integrations are not fully fleshed out yet and provide a minimum amount of functionality.  Seeing these integrations develop into more functional tools is on the product roadmap, but it is a source of some frustration.  Ideally, more of the integrations would be added to the ZenConnect suite.

**Recommendations to others considering ZenGRC:**

Take the time to work with the onboarding team regarding your processes rather than performing a "lift and shift".  In many cases, their GRC experts can offer suggestions on how to make adjustments that will make the implementation and management of the tool go more smoothly.  Have a good idea of your own roadmap when going through this process so that you can avoid building for the moment and not for the future.

**What problems is ZenGRC solving and how is that benefiting you?**

Initially we had purchased ZenGRC to support our auditing process as we took on additional certifications.  In our first external audit with ZenGRC, we were able to leverage existing data in the tool to lower the number of requests to control owners by 40%.  With the success on the audit side, we are now working on expanding our use of the risk and vendor components of the tool.

  ### 10. No-nonsense GRC platform fast to adopt and effective

**Rating:** 4.0/5.0 stars

**Reviewed by:** Verified User in Marketing and Advertising | Mid-Market (51-1000 emp.)

**Reviewed Date:** December 01, 2020

**What do you like best about ZenGRC?**

Overview:
Our company got ISO 27001 certified in 2019 and our ISMS was managed through Google docs, spreadsheets, and some of it in Atlassian products. This worked fine but was not much scalable nor did we have a single source of truth to refer to. In addition, we started to prepare for a SOC 2 certification in 2021 and now wanted to map our controls against multiple compliance frameworks. We reviewed several tools mentioned in the 2020 Gartner report for GRC products and narrowed down to ZenGRC for several reasons: It's nimble and faster to adopt than products, and yet strikes a good balance between simplicity and feature coverage. As a SaaS platform, we see ZenGRC growing with us as we progress our compliance programs.

Onboarding experience:
This process was a very pleasant experience with a set of scheduled video calls and hands-on training on the product. There was plenty of time for open questions and in some sessions, a Reciprocity GRC expert joined to answer specific questions on frameworks and how to apply them in the tool. This added a lot of value.
In addition to the onboarding sessions, we got access to the Zen University, an e-learning platform with video courses covering all areas of the product. The course modules are easy to follow tutorials that encourage to use the product while watching to get the most out of it. These courses were a great way to prepare each onboarding video call and note questions.
We also have access to ZenGRC's online documentation which covered all our needs so far. There are tutorials on features and also tips and tricks on how to utilise the product most effectively.

Access to GRC experts:
As mentioned above in the onboarding experience, having access to GRC experts when we are stuck with a certain question adds a lot of value to the services provided. We not only have access to a platform to manage our compliance programs but can also resolve roadblocks through expert advice as.

Data import:
As with all GRC products, data import is an important aspect and the CSV import functionality ZenGRC offers works really well. I was able to pick it up within a very short time and important most of our data already during our onboarding phase. The importer supports copy & paste from a spreadsheet, import of a spreadsheet directly and has useful validation to avoid importing incorrect data.

Ideas portal:
After onboarding, we have been pointed to an ideas portal where Reciprocity customers can vote on existing product ideas submitted by other customers or submit their own. It's really useful to see what features other customers requested and upvote what's of most value for our organization.

**What do you dislike about ZenGRC?**

If you come from a very mature Google world, then ZenGRC's interfaces look a little basic in some areas. However, this doesn't really affect functionality or effectivity of the product.

The dashboard functionality served us well for now but could add a little more customizability. That being said, there have been improvements since we have adopted ZenGRC and there are more improvements on the roadmap. Also, we use Tableau and the native integration would solve all our needs for reporting should we ever need more.

The list view navigation and search sometimes require more clicks than necessary depending on what you are looking for. This has been raised in the ideas portal already and improvements are in the works.

**What problems is ZenGRC solving and how is that benefiting you?**

We solved the challenge of adopting multiple compliance frameworks in one product (ISO 27001, SOC 2, as well as privacy frameworks like GDPR, CCPA). The benefits realised is a single source of truth approach where all compliance monitoring sits in ZenGRC.

  ### 11. BEST GRC SOFTWARE FOR OUR NEEDS

**Rating:** 5.0/5.0 stars

**Reviewed by:** Justin G. | Mid-Market (51-1000 emp.)

**Reviewed Date:** September 15, 2020

**What do you like best about ZenGRC?**

ZenGRC is very adaptable to fit our specific needs for managing our large contract. The fact that we can customize the program to work for us is the best feature in my opinion.

**What do you dislike about ZenGRC?**

The only change I would recommend would be the ability to change the standard naming convention. We use the term requirements or outcomes instead of objectives. Although this is a very minor dislike. We have been able to adapt without too many complaints from our business users.

**Recommendations to others considering ZenGRC:**

I would recommend taking a look at ZenGRC. You might be surprised how they have made this product work for a variety of needs. They are also constantly making updates and making the product better.

**What problems is ZenGRC solving and how is that benefiting you?**

ZenGRC allows our users to save documents to one central location rather than saving in their email or in the ShareDrive. It also is a great repository when an employee leaves the company. It is easy to reassign objectives and tasks to other employee so that employee can pick up where the previous employee left off.

  ### 12. Effective Risk and Compliance Solution

**Rating:** 4.5/5.0 stars

**Reviewed by:** Verified User in Information Technology and Services | Enterprise (> 1000 emp.)

**Reviewed Date:** March 15, 2021

**What do you like best about ZenGRC?**

ZenGRC provides a solid risk management solution that is easy to use and integrates well with other tools such as JIRA and Splunk. Assessments such as PCI and NIST are easier to manage and the dash board reporting provides an excellent holistic view of our overall security posture.

**What do you dislike about ZenGRC?**

At times it feels like there are too many options when building a program, mapping etc.  Having such flexibility is great but sometimes, it would be nice to have existing  builds for established industry standards.

**What problems is ZenGRC solving and how is that benefiting you?**

We had been utilizing numerous cumbersome spread sheets, issued constant email requests and at times duplicated efforts for evidence requests for our audits and compliance requirements.  ZenGRC combines everything we need to run a successful GRC program, that includes, but is not limited to, auditing, gap assessments and automated continuous monitoring.

  ### 13. Keep all of your compliance information connected

**Rating:** 4.0/5.0 stars

**Reviewed by:** Verified User in Hospital & Health Care | Mid-Market (51-1000 emp.)

**Reviewed Date:** November 19, 2020

**What do you like best about ZenGRC?**

I love that all of the information I need for an audit is connected (mapped) to each other.  By opening one control, I can see the objectives it covers, the test plans, the owner, the related policies, any associated risks, etc.  It's SO MUCH better than trying to keep it all straight in a spreadsheet.  I can take care of vendors, risks, audits.... all in the same pane of glass.

**What do you dislike about ZenGRC?**

I would like to see some improvements in queries/filters.  Especially for the dashboards.  I would love an option for "not assigned."  For example, I want to create a dashboard for how many controls don't have any associated tasks.  That can help me demonstrate how far along we are on a project.   The dashboard section could use some more in depth documentation.  Perhaps some more examples on how to get the most out of it.

**Recommendations to others considering ZenGRC:**

Definitely take the plunge.  You'll thank yourself later.

**What problems is ZenGRC solving and how is that benefiting you?**

We're just getting started building our program.  Making sure we have controls to cover all of the requirements (across multiple frameworks) has been amazing.  We're utilizing the SCF to take advantage of overlaps.  We're also starting to load in our policies, vendors, etc so we can associate everything together, in one place.  Previously (without the tool), I've had to manually keep track of that across several documents.  This has reduced the time it takes for me to do my job.

  ### 14. Intuitive API

**Rating:** 4.5/5.0 stars

**Reviewed by:** Verified User in Information Technology and Services | Enterprise (> 1000 emp.)

**Reviewed Date:** March 30, 2021

**What do you like best about ZenGRC?**

Ease of operations, metrics displaying level of program maturity

**What do you dislike about ZenGRC?**

Perhaps the reporting could be made easier

**Recommendations to others considering ZenGRC:**

Don't hesitate, ZenGRC will be very helpful in structuring your INFOSEC / PRIVACY Programs

**What problems is ZenGRC solving and how is that benefiting you?**

Processing information security frameworks, establishing specific programs, ZenGRC allows a structured and efficient approach.

  ### 15. Great tool

**Rating:** 4.5/5.0 stars

**Reviewed by:** Verified User in Information Technology and Services | Mid-Market (51-1000 emp.)

**Reviewed Date:** August 22, 2019

**What do you like best about ZenGRC?**

ZenGRC is a great tool for my company as we do a lot of compliance frameworks so it's easier to track and map to. I like that I can cross-map to all the other frameworks and see what isn't mapped and need to improve on. Great to use to notified process owners about what evidence is needed and what previous evidence was submitted before. 

**What do you dislike about ZenGRC?**

It can have some improvement be done on it to be more user friendly.  We have some process owners that are not experience in Compliance framework and trying to navigate the tool. But once they understand where to go and what to look for it, is convenient for them.

**Recommendations to others considering ZenGRC:**

Great tool to use to see all the control you have in the system and control mapping to all other security framworks (i.e. SOC, ISO 27001, 27017, 27018, PCI, FedRAMP, CSA Star, etc). 

**What problems is ZenGRC solving and how is that benefiting you?**

Control mapping and easier to gather appropriate evidence from correct process owners. It's a centralized place to see all our controls and the evidence we provided. I like that we are able to integrate it with JIRA as our Engineers are more comfortable with JIRA.

  ### 16. Best Agile GRC Management Software

**Rating:** 4.0/5.0 stars

**Reviewed by:** Alessio F. | Information Security and Privacy Engineer, Mid-Market (51-1000 emp.)

**Reviewed Date:** September 16, 2020

**What do you like best about ZenGRC?**

1. Versatility; it can meet a ton of use cases, and is extremely intuitive.
2. Integrations; ZenGRC easily plugs into common productivity tools like JIRA and Slack, which makes it easy to use across a distrusted organization. 
3. Customer support; Zen has dedciated support and customer success managers that make it easy to deploy and get started.

**What do you dislike about ZenGRC?**

If you are hard pressed to find a GRC solution that meet some very specific or niche requirements (ex. Article 30 reporting for GDPR), Zen may not hit all of your bases, but this is easily made up for by its low price, and general versatility for any framework.

**What problems is ZenGRC solving and how is that benefiting you?**

Large scale compliance management, audit management, risk and control management, vendor risk management, and (soon) asset management.

  ### 17. ZenGRC for vendor reviews as well!

**Rating:** 4.0/5.0 stars

**Reviewed by:** Verified User in Computer Software | Enterprise (> 1000 emp.)

**Reviewed Date:** September 25, 2020

**What do you like best about ZenGRC?**

ZenGRC is able to help us manage all of our compliance activities from audits to vendor reviews. It is wonderful to be able to use the same tool for multiple use cases.  The tool is easy to configure and fairly intuitive. It does not take long to understand how to set it up for your specific needs.

**What do you dislike about ZenGRC?**

It would be nice if ZenGRC could help automate the vendor reviews by allowing us to configure the answers we want to see and having the tool flag those questions that don't meet our criteria, which are the ones we need to focus on. I would also like to see the export of the questionnaires in a little more readable format.

**Recommendations to others considering ZenGRC:**

ZenGRC is able to manager our audits and our vendor security reviews seamlessly!

**What problems is ZenGRC solving and how is that benefiting you?**

We have streamlined our vendor reviews allowing us to manage twice as many questionnaires as we could when it was in a Word document.

  ### 18. It's great because it allows you to customize

**Rating:** 4.5/5.0 stars

**Reviewed by:** Verified User in Hospital & Health Care | Mid-Market (51-1000 emp.)

**Reviewed Date:** March 15, 2021

**What do you like best about ZenGRC?**

PROS:
- Continuous updates and feature upgrades.
- Staff are easy going and friendly to work with.
- Customizable

**What do you dislike about ZenGRC?**

- Since it is so customizable, the things you can't customize sometimes get in the way. However, Reciprocity is very receptive to feedback and often update the product when it makes sense to do so.

**What problems is ZenGRC solving and how is that benefiting you?**

- Complex compliance objectives.
- Complex mapping
- Vendor management/third-party risk.

  ### 19. Intuitive and easy to use product that simplified our SOX compliance process

**Rating:** 4.5/5.0 stars

**Reviewed by:** Verified User in Computer Software | Small-Business (50 or fewer emp.)

**Reviewed Date:** June 24, 2021

**What do you like best about ZenGRC?**

Very accomodating onboarding and support functions

**What do you dislike about ZenGRC?**

There was nothing that we disliked about the product at this time.

**Recommendations to others considering ZenGRC:**

The product makes the risk management and compliance process more manageable, and they ensure you know how to use the product with detailed onboarding and great support.

**What problems is ZenGRC solving and how is that benefiting you?**

Simplified our SOX compliance process

  ### 20. A Growing Versatile Solution

**Rating:** 3.5/5.0 stars

**Reviewed by:** Verified User in Mining & Metals | Enterprise (> 1000 emp.)

**Reviewed Date:** November 19, 2020

**What do you like best about ZenGRC?**

Right now for us, ZenGRC is a responsive vendor that is working very hard to provide a product that the customer wants.  There is a great feedback loop that feeds constant innovation within the platform.

**What do you dislike about ZenGRC?**

Some areas are less mature than others.  While there are many areas /foci within the tool, they are not all equally mature.  It seems as though the audit preparedness / audit function side of the product is getting the most attention these days.  Great for audit teams, less so for our use (VRM).

**What problems is ZenGRC solving and how is that benefiting you?**

Vendor Cyber Risk Assessments, and tracking of those assessments and vendors.  We have streamlined the process and have much better Vendor Risk Management capabilities.

  ### 21. ZenGRC works very well for what we choose to use it for.

**Rating:** 3.5/5.0 stars

**Reviewed by:** Verified User in Marketing and Advertising | Mid-Market (51-1000 emp.)

**Reviewed Date:** March 18, 2021

**What do you like best about ZenGRC?**

Interface to use the system is fairly intuitive. All the classic options are there

**What do you dislike about ZenGRC?**

The scoping seems to not align with the Audit creation needs. The lack of an "Archive" or "Snapshot" of historical Audits.

**What problems is ZenGRC solving and how is that benefiting you?**

Single point of storage for SOC 2 compliance Audits. Ease of distributing requests both internally and externally

  ### 22. Great bones, needs more support in setting up

**Rating:** 3.0/5.0 stars

**Reviewed by:** Verified User in Education Management | Mid-Market (51-1000 emp.)

**Reviewed Date:** March 15, 2021

**What do you like best about ZenGRC?**

Came with controls that align with policies

**What do you dislike about ZenGRC?**

Help database is hard to find the right answer in, and if I don't set things up perfectly it doesn't work.

**Recommendations to others considering ZenGRC:**

Be ready to implement when you sign up, and get moving while you still have strong support.

**What problems is ZenGRC solving and how is that benefiting you?**

Simplifies auditing and policy compliance

  ### 23. A robust GRC tool that's also easy to use

**Rating:** 5.0/5.0 stars

**Reviewed by:** Erik P. | Mid-Market (51-1000 emp.)

**Reviewed Date:** June 05, 2020

**What do you like best about ZenGRC?**

ZenGRC allowed us to get our Compliance program up and running in relatively no time. The tool provides a centralized area for our compliance team to work and collaborate with others. It also integrates with Jira which allowed us to implement the work into our project management workflows. 

ZenGRC is a powerful tool which can make your compliance team work more effectively which having a centralized place for audits, vendors, and risks.

**What do you dislike about ZenGRC?**

The permissions recently changed. This means some of our folks lost access, and we had to redefine roles within the platform.  I think the new roles may be slightly misleading.

**What problems is ZenGRC solving and how is that benefiting you?**

ZenGRC has allowed us to formally define our initial compliance program. The tool provided a great framework for us to get started, and has continued to benefit us through the establishment of the program. I'm not sure we would have been able to achieve the same level of success without it.

  ### 24. Very detailed product that creates insightful, actionable results

**Rating:** 4.5/5.0 stars

**Reviewed by:** Verified User in E-Learning | Mid-Market (51-1000 emp.)

**Reviewed Date:** March 15, 2021

**What do you like best about ZenGRC?**

Comprehensive as well as very detailed modules. I also really love the level of support we receive.

**What do you dislike about ZenGRC?**

Can be overly complicated at times but support was magnificent

**What problems is ZenGRC solving and how is that benefiting you?**

security compliance and security request reviews. also the product greatly helps with managing vendors and overall vendor risk

  ### 25. ZenGRC helps organize and track complex projects with lots of deliverables.

**Rating:** 4.5/5.0 stars

**Reviewed by:** Verified User in Information Technology and Services | Mid-Market (51-1000 emp.)

**Reviewed Date:** March 29, 2021

**What do you like best about ZenGRC?**

ZenGRC has good tools to help summarize and remind users of outstanding items.  And it is very easy to access.

**What do you dislike about ZenGRC?**

The tool needs good data to be helpful.  It is important for the administrative users running the tool to populate the tool with sufficient detailed descriptions so the other users can best understand what they need to do.

**What problems is ZenGRC solving and how is that benefiting you?**

It is helpful for solving complex projects with lots of data submission requirements, such as compliance audits.

  ### 26. ZenGRC- Great Tool and Ease of Use

**Rating:** 5.0/5.0 stars

**Reviewed by:** Funmi A. | Enterprise (> 1000 emp.)

**Reviewed Date:** September 28, 2020

**What do you like best about ZenGRC?**

We had a couple of demos before going with ZenGRC. Particularly like the good user interface, making it simple to use yet a powerful tool! ZenGRC has helped us easily scale from managing 2 frameworks to 4 and counting. I was

**What do you dislike about ZenGRC?**

We were super excited for the Jira integration that came out of the box. However, this functionality is not fully developed and we still have to manually sync attachments from Jira to Zen.  Having this fully functional will be a time saver for my team.

**What problems is ZenGRC solving and how is that benefiting you?**

ZenGRC has afforded visibility and monitoring/ governance of our control environment across multiple frameworks. We have also being able to build a risk management framework and currently exploring transitioning our vendor management in ZenGRC

  ### 27. Lightweight, Easy-to-Use GRC Application

**Rating:** 4.5/5.0 stars

**Reviewed by:** Verified User in Information Technology and Services | Enterprise (> 1000 emp.)

**Reviewed Date:** September 25, 2020

**What do you like best about ZenGRC?**

As a SaaS application, It's easy to set up and use.  Customer Support and Professional Services teams have been fantastic to work with.

**What do you dislike about ZenGRC?**

No major complaints, our experience has been very good.

**Recommendations to others considering ZenGRC:**

Definitely put ZenGRC on your short list.

**What problems is ZenGRC solving and how is that benefiting you?**

We needed an application to run compliance audits, as a step up from a heavily manual email and spreadsheet-based process.  ZenGRC was an ideal solution because as a SaaS product it is easy to get up and running.  ZenGRC's professional services organization has helped us expand the compliance frameworks we can audit against.  We started with SOC audits and will soon be testing against ISO 27001 and NIST 800-53.

  ### 28. Amazing

**Rating:** 4.5/5.0 stars

**Reviewed by:** Verified User in Financial Services | Small-Business (50 or fewer emp.)

**Reviewed Date:** January 22, 2021

**What do you like best about ZenGRC?**

1/ Customer on-boarding and experience
2/ Ability to link and map all we need from risks, controls, programs, ...

**What do you dislike about ZenGRC?**

UI could be improved
Add more integration

**What problems is ZenGRC solving and how is that benefiting you?**

Audit
Internal controls
Configuration management

  ### 29. ZenGRC never disappoints

**Rating:** 5.0/5.0 stars

**Reviewed by:** Verified User in Information Technology and Services | Mid-Market (51-1000 emp.)

**Reviewed Date:** August 22, 2019

**What do you like best about ZenGRC?**

ZenGRC consultants are very responsive and helpful. I like that they have a consultant that work closely with each account and give very detailed feedback. They have countless service and pricing is very reasonable. They have a lot of frameworks available so we don’t have to look elsewhere.

**What do you dislike about ZenGRC?**

I think the interface could be more user friendly. When there’s more than 3 frameworks, the interface could get a little bit confusing to find the reverse mapping.

**What problems is ZenGRC solving and how is that benefiting you?**

It helps significantly. Since our company has a lot of framework (SOC, ISO 27001/27017/27018, PCI, FedRamp, HITRUST, etc.). It helps us mapped everything together.

  ### 30. Zen GRC - Very happy with tool and service!

**Rating:** 5.0/5.0 stars

**Reviewed by:** Verified User in Computer Software | Mid-Market (51-1000 emp.)

**Reviewed Date:** September 16, 2020

**What do you like best about ZenGRC?**

Zen is very user friendly and the support staff is superb.

**What do you dislike about ZenGRC?**

The only area I wish was easier was creating an audit. Also, it would be helpful to clone an already created audit.

**Recommendations to others considering ZenGRC:**

Our audit firm says it is the best tool they have used during an audit. The ease of use makes the audit process run smoothly.

**What problems is ZenGRC solving and how is that benefiting you?**

We are managing all audits with ZenGRC. We are also tracking incidents, managing vendors, and monitoring risks.

  ### 31. Easy setup and very friendly reporting for non-technical users

**Rating:** 5.0/5.0 stars

**Reviewed by:** Rohit D. | Manager, Small-Business (50 or fewer emp.)

**Reviewed Date:** August 26, 2020

**What do you like best about ZenGRC?**

Easy initial set up with already setup frameworks and mapping of controls. I can use it with very little configuration and workflow changes

**What do you dislike about ZenGRC?**

Reports could be more detailed and technical user friendly. 
From user administration, there could be more options to restrict or grant access

**What problems is ZenGRC solving and how is that benefiting you?**

My customer was in process of establishing common control frameworks. ZenGRC made it really easy  out of the box to set up frameworks and conduct audits

  ### 32. Streamlines our Compliance Program with minimal effort!

**Rating:** 5.0/5.0 stars

**Reviewed by:** Verified User in Financial Services | Mid-Market (51-1000 emp.)

**Reviewed Date:** December 13, 2019

**What do you like best about ZenGRC?**

ZenGRC has been a great tool for our organization. Onboarding was simple as there was great guidance by the Reciprocity team, Importing SOC 2 and ISO 27001 standards was seamless, creating requests (and repeating requests) has helped keep our team on track, and managing risks are vital parts of our compliance sector. ZenGRC has made these formally tricky but integral parts of our organization seamless.

**What do you dislike about ZenGRC?**

The use of dashboards is something our organization utilizes across a multitude of applications and I don't find the compliance dashboard particularly useful for our purposes. That being said it does show what it needs to.

**Recommendations to others considering ZenGRC:**

ZenGRC is a powerful tool which can make your compliance team work more effectively which having a centralized place for audits, vendors, and risks.

**What problems is ZenGRC solving and how is that benefiting you?**

ZenGRC has offered us the ability to simply track audit requests and tasks, store and manage our risks while offering visual representations of where we stand, manage vendors by sending standard questionnaires, and have a tool to store our audits for previous years where evidence lives indefinitely.

  ### 33. Very functional and flexible GRC platform

**Rating:** 4.5/5.0 stars

**Reviewed by:** Roman B. | Mid-Market (51-1000 emp.)

**Reviewed Date:** March 08, 2020

**What do you like best about ZenGRC?**

The flexibility to manage multiple compliance programs,  audits and risk management needs

**What do you dislike about ZenGRC?**

The multiple mapping options can confuse the links between objects, controls, risks, and programs.

**What problems is ZenGRC solving and how is that benefiting you?**

The ability to direct and analyze audit and compliance needs, including the ability to connect business and operational factors within a single correspondent management interface, addresses the difficulties inherent in the ongoing risk and audit management process.

  ### 34. A great encompassing GRC software that has made my life much easier!

**Rating:** 4.5/5.0 stars

**Reviewed by:** Lance K. | MIS CRM, Mid-Market (51-1000 emp.)

**Reviewed Date:** July 30, 2019

**What do you like best about ZenGRC?**

I love the fact that most things are automated and having a means to track when tasks get done, when vendor questionnaires or due diligence is done, and that I don't have to use spreadsheets nearly as often or at all! Between tasks on schedules that send emails when things are due, full history tracking of changes to our policies and processes, vendor questionnaires, having a functioning and easier to manage risk and vulnerability register, it just makes things much easier than having to track everything in files and directories and Office365 emails and tasks. I love that the staff imported our compliance programs with every section and objective, and then uploaded a Secure Controls Framework that we customized to match our company, and fulfill our compliance needs so seamlessly. Auditing functionality is amazing too  as we can actually see where we stand in our programs and what needs to be done.

**What do you dislike about ZenGRC?**

The only downside I can think of is being the cost, for what we do, it cost about 4-5k a month. Though we do get excellent support and it's necessary being the only GRC employee at our company.

**Recommendations to others considering ZenGRC:**

It's the best (albeit most expensive) software we tried. But for me the performance was worth the cost. At the very least just demo the product and ask any question you have, they had an answer for everything I could throw at them and sold me on it. Don't regret it.

**What problems is ZenGRC solving and how is that benefiting you?**

Solving problems of things getting lost in the fog. Such as maintaining email strings and following up with people personally or double checking everyone's spreadsheets within a ton of different directories. ZenGRC helps actually organize and raise efficiency to where I am no longer spending most of my time trying to find things or fill out a spreadsheet to say I did a Firewall review. The vendor questionnaires are awesome for following up with vendors for risk assessments. Having a risk, vulnerability, problem and a ton of different registers help keep track of everything. Being able to assign tasks to literally anything, and map objects to literally anything is amazing. Such as having a control that says that we have an access control policy, well just map the access control directly to the control and there's the proof for the audit. 
Do a demo with them, it was the best we demo'd out of 5 different providers. Ease of use is outstanding.

  ### 35. Risk & Compliance Management made easy

**Rating:** 4.5/5.0 stars

**Reviewed by:** Verified User in Information Technology and Services | Mid-Market (51-1000 emp.)

**Reviewed Date:** October 22, 2019

**What do you like best about ZenGRC?**

The ZenGRC portal not only comes with a well-made application but great customer service as well. Our risk & compliance program is much more streamlined now that everything is accessible in one tool, and onboarding the team to the program is made simple through their online education system.

**What do you dislike about ZenGRC?**

It would be nice to have more customizability in the application. Not everyone wants to use the wording provided in the dropdowns in certain tabs. Having the ability to change dropdown text would be a great addition.

**What problems is ZenGRC solving and how is that benefiting you?**

Our Risk & Compliance program was scattered through multiple locations and involved a lot of heavy searching. Onboarding new personnel would not have been easy. ZenGRC allowed us to centralize the program and provides the user training for us. The controls that were uploaded by the ZenGRC team are a great help too when mapping controls and preparing for audits.

  ### 36. Streamlined the requests in our audit process

**Rating:** 5.0/5.0 stars

**Reviewed by:** Margaret B. | Sharepoint, Mid-Market (51-1000 emp.)

**Reviewed Date:** August 09, 2019

**What do you like best about ZenGRC?**

I can keep track of the requests for the audit in my To Do list, auditors can ask questions, get my response and have a conversation trail on the request utilizing comments.  The commenting record creates a history and I do not need to hunt through my email.

**What do you dislike about ZenGRC?**

I would like the ability to rearrange the columns in my display.  When the verifier stage is reached, we often have more than one person assigned.  It would be nice to have the function to turn on letting each verifier select evidence acceptance before changing to Completed status.

**What problems is ZenGRC solving and how is that benefiting you?**

Tying the evidence to the request, in the past we used a file repository to store the evidence and it was not always easy to tie it back to the request for the auditors.  Better transparency on the status of audit requests in all stages.

  ### 37. ZenGRC helped us solve some immediate challenges, but also has the potential to do much more.

**Rating:** 4.5/5.0 stars

**Reviewed by:** Verified User in Retail | Enterprise (> 1000 emp.)

**Reviewed Date:** June 26, 2019

**What do you like best about ZenGRC?**

ZenGRC empowers us to effectively manage audits across our entire organization. 

**What do you dislike about ZenGRC?**

It would be helpful to be able to navigate to and view info from mapped objects without having to load a new page. I am often looking for something as reference to complete or comment on a request or assessment, and once I find it I have navigated away from that page. The workaround is multiple tabs, but that can be a bit cumbersome. 

**What problems is ZenGRC solving and how is that benefiting you?**

The initial problem we were trying to solve with ZenGRC was to complete our annual PCI self-assessment, but as we got the platform up and running, we immediately recognized that it can do a lot more and have already begun taking advantage of that potential. 

  ### 38. A beneficial addition to our risk and compliance programs

**Rating:** 4.0/5.0 stars

**Reviewed by:** Verified User in Computer Software | Enterprise (> 1000 emp.)

**Reviewed Date:** June 25, 2019

**What do you like best about ZenGRC?**

We like the ease of use & the simplicity of the platform. Compared to its competitors, ZenGRC is much easier to use and better suited for more agile compliance programs.

**What do you dislike about ZenGRC?**

Some basic featuring continues to be ignored within ZenGRC despite a robust and fast-moving roadmap into the future. We’d like to see simple changes like customization of dashboards, reordering & grouping of attributes in an object record, and a more detailed API.

**What problems is ZenGRC solving and how is that benefiting you?**

With ZenGRC we’re realizing the biggest benefit in centralizing our listing of systems & vendors, and relating those objects to each other to understand where data is stored and flows in our organization.

  ### 39. Great system, easy to use

**Rating:** 4.0/5.0 stars

**Reviewed by:** Verified User in Information Services | Mid-Market (51-1000 emp.)

**Reviewed Date:** July 19, 2019

**What do you like best about ZenGRC?**

ZenGRC is a great tool for the mid-size business that's on it's way up. The system itself is easy to use and provides room to grow. Reciprocity has moved to a new continuous release schedule, which provides new features on a regular basis. They are looking to improve their system as quickly as possible. The system allows for great flexibility to follow industry best practices or creating your own program.

**What do you dislike about ZenGRC?**

The reporting functionality is limited, however, there is a revamp coming soon to address this issue.

**What problems is ZenGRC solving and how is that benefiting you?**

Continuous monitoring, security compliance, risk register, one source of truth for all things GRC

  ### 40. ZenGRC

**Rating:** 4.0/5.0 stars

**Reviewed by:** Verified User in Computer Software | Enterprise (> 1000 emp.)

**Reviewed Date:** June 27, 2019

**What do you like best about ZenGRC?**

ZenGRC is a great place to start GRC program in your company as it centralizes management of core requirements to meet the requirements of your desired certification and/or audit requirements.

**What do you dislike about ZenGRC?**

ZenGRC lacks advanced workflows and the ability to self-service complex, custom modules. API integrations are also currently a bit limited.

**What problems is ZenGRC solving and how is that benefiting you?**

SOC 2, ISO audits as well as Vendor Risk Management.

  ### 41. ZenGRC - Putty "the easy" into risk & compliance management

**Rating:** 5.0/5.0 stars

**Reviewed by:** Jo-Ann s. | Mid-Market (51-1000 emp.)

**Reviewed Date:** September 24, 2018

**What do you like best about ZenGRC?**

Ease of use of the ZenGRC portal combined with the ability to run the audit and give your audit direct access to controls & related evidence makes the entire process friction-less.

**What do you dislike about ZenGRC?**

The ability to take a full image backup, locally, is a small but manageable risk. 

**Recommendations to others considering ZenGRC:**

Setting up your initial controls can be a little time consuming, but the ability to use common controls across multiple compliance frameworks & to mitigate risks is extremely valuable.  Time is saved with the cross mapping capability and the value is realized very quickly.  

**What problems is ZenGRC solving and how is that benefiting you?**

The main benefit is the way we can share audit evidence from within the secure portal, by directly provisioning the auditor, is a valuable benefit.  The time to audit was reduced by at least 30%.

  ### 42. Very Good ZenGRC Training for our Information Security Team 

**Rating:** 5.0/5.0 stars

**Reviewed by:** Verified User in Computer Software | Mid-Market (51-1000 emp.)

**Reviewed Date:** September 26, 2018

**What do you like best about ZenGRC?**

The product is very user friendly. The ZenGRC training was well organized and very informative.  We are preparing for our annual ISO audit and wished we had this product last year!  Alejandro, our Customer Success Manger, has insured that all our questions and requests have been met thus far. The ZenGRC subject matter experts are very helpful and knowledgeable. Follow-up has been very good!  We are looking forward to using the product!!

**What do you dislike about ZenGRC?**

Additional demo scenarios would be good.  No dislikes to speak of.

**Recommendations to others considering ZenGRC:**

Identify your requirement, # of required admins and audit types. This will assist in building your site and identify training.

**What problems is ZenGRC solving and how is that benefiting you?**

Streamline our internal and external security audits.  Compliance with industry requirement and standards. We have realized other ways that we can use this ZenGRC to track audit findings and resolve issues.

  ### 43. Solid Tool

**Rating:** 4.0/5.0 stars

**Reviewed by:** Verified User in Government Administration | Enterprise (> 1000 emp.)

**Reviewed Date:** April 26, 2019

**What do you like best about ZenGRC?**

Having used a few different GRC tools and I do like this one quite a bit due to the ability to customize things.

**What do you dislike about ZenGRC?**

Although the customizeable features are great, there's also a mini drawback that I can customize EVERYTHING. Also, being able to do batch adding and removing of things (e.g., objectives, controls, etc.) would be fantastic.

**What problems is ZenGRC solving and how is that benefiting you?**

Just having a centralized program and this definitely helps.

  ### 44. Light and capable GRC tool wrapped into a minimal package

**Rating:** 5.0/5.0 stars

**Reviewed by:** Andrew W. | Enterprise (> 1000 emp.)

**Reviewed Date:** May 21, 2018

**What do you like best about ZenGRC?**

ZenGRC brings all the tools you need to run a successful GRC program to the table in a clear, concise and minimalist package that's nimble and efficient.  Our company had been utilizing the old method of email/spreadsheets and was getting lost in the weeds even on the smallest of audits and struggling to keep up each year to stay ahead.  Our evaluations with other tools fell flat, didn't meet our requirements or introduced complexity.  Our evaluation of ZenGRC started with skepticism, but quickly turned positive once we realized how logically organized the system was on the back-end.  During our testing period, we were able to quickly create a Sarbanes-Oxley program, using both their template import and the GUI, in a matter of days.  Since that time only a few short weeks ago we have now almost completed a full internal audit of our SOX program, complete with evidence collection and control evaluations.  Our rough estimate has us gaining back a full week of time from previous audits last year and year prior using the old email/spreadsheet method.  We are now rolling out an ISO27001, SOC2 and internal security control framework on the heels of the SOX success.

**What do you dislike about ZenGRC?**

As with any SaaS from a small company that is new to market (less than 5 years), there are aspects of the tool that require some creative thinking and clever workarounds.  This is not necessarily a dislike in my opinion, however less technical individuals may find this aspect difficult or troublesome.  ZenGRC staff do redeem themselves on this front as they're quick to respond to feature requests and have already implemented several suggestions our team has submitted.  Since starting to use the product, they have continually updated the product with new features, fixes and updates to existing functionality.

**Recommendations to others considering ZenGRC:**

This is a light, minimal and logical GRC tool that has a lot to offer a company that has never used a GRC tool in the past.  Definitely worth a demo and serious consideration.

**What problems is ZenGRC solving and how is that benefiting you?**

Traditionally our audit cycles were difficult in that we rarely hit our target evidence collection windows.  Adding to that difficulty we typically have sample requests that introduce complexity and cross-collection on requests with similar subjects and titles making it easy to get lost in email weeds.  With ZenGRC, we removed all that complexity by making each and every evidence request unique.  Sample requests were entered as new requests in the system so as not to get confused with the original request.  Accountability was easily visible with the Request status on the Audit dashboard and escalations were efficient.  On our first run, after a small 30 minute training session, we achieved 98.5% completion ahead of our submission deadline.  That would have been impossible without ZenGRC.

  ### 45. Team are working on ZenGRC already and loving it

**Rating:** 4.5/5.0 stars

**Reviewed by:** Aaron O. | Enterprise (> 1000 emp.)

**Reviewed Date:** August 11, 2018

**What do you like best about ZenGRC?**

The general consensus from the team is that this tool is really great. We are really happy to use it, and I do believe it is going to make our compliance efforts really streamlined. Our organization tends to be a little bit resistant to rigor and control, so tools like ZenGRC are helping to make it easy and less intrusive.

**What do you dislike about ZenGRC?**

Looking forward to the custom survey feature!

**What problems is ZenGRC solving and how is that benefiting you?**

Internal and External audit, ISO 27001 certification, SOC 2 reporting, Risk Assessment and vendor security

  ### 46. Best GRC on the market

**Rating:** 5.0/5.0 stars

**Reviewed by:** Verified User in Hospital & Health Care | Mid-Market (51-1000 emp.)

**Reviewed Date:** March 02, 2018

**What do you like best about ZenGRC?**

We've been using zGRC for 18 months. It is the best tool I've found for mapping compliance obligations, controls, risks, vendors, and the myriad of other objects that need to be modeled for a solid risk and compliance program. It's ability to cross-link objects to each other, especially linking controls to multiple frameworks (SOC 2, HITRUST, PCI, etc) is invaluable. I could not do my job without it.

**What do you dislike about ZenGRC?**

The ability to model risks could be improved. We've extended it with custom fields to fit our needs.

**Recommendations to others considering ZenGRC:**

It's a great product. The Reciprocity team is easy to work with, and they listen to customer product suggestions. We looked at a lot of other software. Nothing came close to zGRC for the money.

**What problems is ZenGRC solving and how is that benefiting you?**

Our company is subject to multiple compliance frameworks. We needed a system to map all our controls to those frameworks to simplify audit and compliance. Also, we needed a way to track risks, especially as related to our vendors. zGRC has greatly enhanced our ability to get and stay compliant. It cuts our audit times in half.

  ### 47. A dynamic tool for tracking compliance issues in a tech environment

**Rating:** 5.0/5.0 stars

**Reviewed by:** Gemma B. | Compliance Program Lead, Quality Assurance, Internet, Enterprise (> 1000 emp.)

**Reviewed Date:** February 23, 2018

**What do you like best about ZenGRC?**

Using ZenGRC, we've automated tracking of compliance issues that pose potential risks. It has allowed us to remediate these issues swiftly.

**What do you dislike about ZenGRC?**

Exporting reports to CSV then takes a decent amount of reformatting to ready them for Executive review, but the new dashboard functionalities are providing new options in reporting key results which is great. 

Overall the team has been quick to respond to requests for changes or additional functionality.

**What problems is ZenGRC solving and how is that benefiting you?**

Centralized and systematic issue tracking across review types, programs and teams.

  ### 48. ZenGRC Delivers, Great Alternative to "Traditional" GRC Toolsets

**Rating:** 5.0/5.0 stars

**Reviewed by:** Travis R. | CISO, Computer Software, Enterprise (> 1000 emp.)

**Reviewed Date:** November 09, 2017

**What do you like best about ZenGRC?**

ZenGrC provided use with a single platform under which we could manage multiple, complex audits.  The evidence collection and workflows replaced what was an otherwise tedious and duplicative process with JIRA tickets.  The ability to present evidence from previous years as an example is immensely helpful when dealing with turnover in engineering and operations teams.  Simple implementation, very lightweight, but not lacking for features.

**What do you dislike about ZenGRC?**

The JIRA integration is rapidly improving but isn't quite as richly features as we would like.  That being said, our use of JIRA is probably on the extreme side off complex so the current integration is likely acceptable for the majority of customers.

**Recommendations to others considering ZenGRC:**

Take the time to do a POC and you will not be disappointed.  Their support and go-live is exceptional.

**What problems is ZenGRC solving and how is that benefiting you?**

GRC, multiple concurrent audits, understanding audit readiness, coordination between multiple teams and auditors.

  ### 49. ZenGRC has been a critical tool in our compliance management

**Rating:** 5.0/5.0 stars

**Reviewed by:** Verified User in Computer Software | Mid-Market (51-1000 emp.)

**Reviewed Date:** September 22, 2017

**What do you like best about ZenGRC?**

I have been using ZenGRC for over two years now and it has been an essential tool helping us get and stay organized when we embarked on gaining a SOC 2 attestation. We have since been through two SOC 2 audits and are using ZenGRC to help us assess and remediate our gaps against ISO 27001. 

**What do you dislike about ZenGRC?**

There's a fair amount of things you have to edit by exporting to CSV, editing in your favorite spreadsheet app, then re-importing, so it would be nice if some of that functionality was built into the UI. That being said, that workflow is actually ideal for some tasks.

Our last audit firm wasn't able to use the app directly for requesting and managing audit evidence so there was a bit of duplication of effort. The ZenGRC team is making some changes to make that better though.

**What problems is ZenGRC solving and how is that benefiting you?**

GRC program management, controls gap analysis, compliance reporting. Because it's so well organized we've managed to keep the required staff to manage compliance at a minimum. 

  ### 50. Easy,Flexible, Always Improving GRC Tool

**Rating:** 4.5/5.0 stars

**Reviewed by:** Verified User in Information Technology and Services | Mid-Market (51-1000 emp.)

**Reviewed Date:** February 19, 2018

**What do you like best about ZenGRC?**

ZenGRC is very flexible and easy to use even with complex compliance programs leveraging multiple standards. Reciprocity Labs listens to our feedback and is constantly improving the product.

**What do you dislike about ZenGRC?**

Evidence storage solutions could be more fully integrated. I understand this is on the roadmap for future development.

**What problems is ZenGRC solving and how is that benefiting you?**

Third-party assessment and certification management is easier for a small GRC team to manage with ZenGRC. 


## ZenGRC Discussions
  - [Where is ZenGRC hosted?](https://www.g2.com/discussions/hosted-vs-on-premise-solution) - 2 comments, 1 upvote
  - [What does ZenGRC integrate with?](https://www.g2.com/discussions/integrations-910cde07-4528-42e0-b382-14d31e05e024) - 2 comments, 1 upvote
  - [Can I run an audit in ZenGRC?](https://www.g2.com/discussions/running-audits) - 2 comments, 1 upvote
  - [Is it possible to import or export data from ZenGRC?](https://www.g2.com/discussions/importing-exporting-data) - 2 comments, 1 upvote
  - [What compliance frameworks does ZenGRC support?](https://www.g2.com/discussions/compliance-frameworks) - 1 comment, 1 upvote

- [View ZenGRC pricing details and edition comparison](https://www.g2.com/products/zengrc/reviews?page=2&section=pricing&secure%5Bexpires_at%5D=2026-07-15+12%3A01%3A17+-0500&secure%5Bsession_id%5D=0e00b19b-75a6-4aa9-95a1-5df8c1050d25&secure%5Btoken%5D=02ab86563cfca5f091101ce8597bf8af1b4237870294a0a45b2c644016a063a1&format=llm_user)

## ZenGRC Features
**Generative AI**
- AI Text Generation

**Generative AI**
- AI Text Summarization
- AI Text Generation

**Workflows - Audit Management**
- Audit Trail
- Recommendations
- Collaboration Tools
- Integrations
- Planning & Scheduling

**Generative AI - Security Compliance**
- Predictive Risk
- Automated Documentation

**Monitoring - IT Risk Management**
- AI Monitoring

**Risk Management**
- Risk Identification
- Risk Classification
- Risk Methodology
- Goals Monitoring

**Documentation - Audit Management**
- Templates & Forms
- Checklists

**Agentic AI - IT Risk Management**
- Autonomous Task Execution
- Multi-step Planning

**Reporting & Analytics - Audit Management**
- Dashboard
- Audit Performance
- Industry Compliance

**Business Continuity Management**
- Recovery Plans
- Procedure Templates
- Crisis Management

**Generative AI**
- AI Text Generation
- AI Text Summarization

**Platform**
- Integration
- Security & Privacy
- Mobile Access
- Flexibility

**Services**
- Implementation
- Training & Learning
- Customer Support
- Professional Services

## Top ZenGRC Alternatives
  - [Optro](https://www.g2.com/products/optro/reviews) - 4.6/5.0 (1,586 reviews)
  - [LogicGate Risk Cloud](https://www.g2.com/products/logicgate-risk-cloud/reviews) - 4.6/5.0 (189 reviews)
  - [Archer](https://www.g2.com/products/archer-technologies-archer/reviews) - 3.6/5.0 (17 reviews)

