ZenGRC Reviews & Product Details - Page 9

ZenGRC is a great place to start GRC program in your company as it centralizes management of core requirements to meet the requirements of your desired certification and/or audit requirements. Review collected by and hosted on G2.com.

ZenGRC lacks advanced workflows and the ability to self-service complex, custom modules. API integrations are also currently a bit limited. Review collected by and hosted on G2.com.

Ease of use of the ZenGRC portal combined with the ability to run the audit and give your audit direct access to controls & related evidence makes the entire process friction-less. Review collected by and hosted on G2.com.

The ability to take a full image backup, locally, is a small but manageable risk. Review collected by and hosted on G2.com.

The product is very user friendly. The ZenGRC training was well organized and very informative. We are preparing for our annual ISO audit and wished we had this product last year! Alejandro, our Customer Success Manger, has insured that all our questions and requests have been met thus far. The ZenGRC subject matter experts are very helpful and knowledgeable. Follow-up has been very good! We are looking forward to using the product!! Review collected by and hosted on G2.com.

Additional demo scenarios would be good. No dislikes to speak of. Review collected by and hosted on G2.com.

Having used a few different GRC tools and I do like this one quite a bit due to the ability to customize things. Review collected by and hosted on G2.com.

Although the customizeable features are great, there's also a mini drawback that I can customize EVERYTHING. Also, being able to do batch adding and removing of things (e.g., objectives, controls, etc.) would be fantastic. Review collected by and hosted on G2.com.

ZenGRC brings all the tools you need to run a successful GRC program to the table in a clear, concise and minimalist package that's nimble and efficient. Our company had been utilizing the old method of email/spreadsheets and was getting lost in the weeds even on the smallest of audits and struggling to keep up each year to stay ahead. Our evaluations with other tools fell flat, didn't meet our requirements or introduced complexity. Our evaluation of ZenGRC started with skepticism, but quickly turned positive once we realized how logically organized the system was on the back-end. During our testing period, we were able to quickly create a Sarbanes-Oxley program, using both their template import and the GUI, in a matter of days. Since that time only a few short weeks ago we have now almost completed a full internal audit of our SOX program, complete with evidence collection and control evaluations. Our rough estimate has us gaining back a full week of time from previous audits last year and year prior using the old email/spreadsheet method. We are now rolling out an ISO27001, SOC2 and internal security control framework on the heels of the SOX success. Review collected by and hosted on G2.com.

As with any SaaS from a small company that is new to market (less than 5 years), there are aspects of the tool that require some creative thinking and clever workarounds. This is not necessarily a dislike in my opinion, however less technical individuals may find this aspect difficult or troublesome. ZenGRC staff do redeem themselves on this front as they're quick to respond to feature requests and have already implemented several suggestions our team has submitted. Since starting to use the product, they have continually updated the product with new features, fixes and updates to existing functionality. Review collected by and hosted on G2.com.

The general consensus from the team is that this tool is really great. We are really happy to use it, and I do believe it is going to make our compliance efforts really streamlined. Our organization tends to be a little bit resistant to rigor and control, so tools like ZenGRC are helping to make it easy and less intrusive. Review collected by and hosted on G2.com.

Looking forward to the custom survey feature! Review collected by and hosted on G2.com.

We've been using zGRC for 18 months. It is the best tool I've found for mapping compliance obligations, controls, risks, vendors, and the myriad of other objects that need to be modeled for a solid risk and compliance program. It's ability to cross-link objects to each other, especially linking controls to multiple frameworks (SOC 2, HITRUST, PCI, etc) is invaluable. I could not do my job without it. Review collected by and hosted on G2.com.

The ability to model risks could be improved. We've extended it with custom fields to fit our needs. Review collected by and hosted on G2.com.

Using ZenGRC, we've automated tracking of compliance issues that pose potential risks. It has allowed us to remediate these issues swiftly. Review collected by and hosted on G2.com.

Exporting reports to CSV then takes a decent amount of reformatting to ready them for Executive review, but the new dashboard functionalities are providing new options in reporting key results which is great.

Overall the team has been quick to respond to requests for changes or additional functionality. Review collected by and hosted on G2.com.

ZenGrC provided use with a single platform under which we could manage multiple, complex audits. The evidence collection and workflows replaced what was an otherwise tedious and duplicative process with JIRA tickets. The ability to present evidence from previous years as an example is immensely helpful when dealing with turnover in engineering and operations teams. Simple implementation, very lightweight, but not lacking for features. Review collected by and hosted on G2.com.

The JIRA integration is rapidly improving but isn't quite as richly features as we would like. That being said, our use of JIRA is probably on the extreme side off complex so the current integration is likely acceptable for the majority of customers. Review collected by and hosted on G2.com.

I have been using ZenGRC for over two years now and it has been an essential tool helping us get and stay organized when we embarked on gaining a SOC 2 attestation. We have since been through two SOC 2 audits and are using ZenGRC to help us assess and remediate our gaps against ISO 27001. Review collected by and hosted on G2.com.

There's a fair amount of things you have to edit by exporting to CSV, editing in your favorite spreadsheet app, then re-importing, so it would be nice if some of that functionality was built into the UI. That being said, that workflow is actually ideal for some tasks.

Our last audit firm wasn't able to use the app directly for requesting and managing audit evidence so there was a bit of duplication of effort. The ZenGRC team is making some changes to make that better though. Review collected by and hosted on G2.com.