G2 Crowd builds the world's largest business commerce platform fueled by $100M in funding 🚀
ZenGRC

ZenGRC

4.9
(11)

ZenGRC is a user-friendly GRC software designed to make compliance easy for nimble enterprises.

Work for ZenGRC?

Learning about ZenGRC?

We can help you find the solution that fits you best.

ZenGRC Reviews

Ask ZenGRC a Question
Write a Review
Filter Reviews
Filter Reviews
  • Ratings
  • Company Size
  • User Role
  • Industry
Ratings
Company Size
User Role
Industry
Showing 11 ZenGRC reviews
LinkedIn Connections
ZenGRC review by Andrew W.
Andrew W.
Validated Reviewer
Verified Current User
Review Source

"Light and capable GRC tool wrapped into a minimal package"

What do you like best?

ZenGRC brings all the tools you need to run a successful GRC program to the table in a clear, concise and minimalist package that's nimble and efficient. Our company had been utilizing the old method of email/spreadsheets and was getting lost in the weeds even on the smallest of audits and struggling to keep up each year to stay ahead. Our evaluations with other tools fell flat, didn't meet our requirements or introduced complexity. Our evaluation of ZenGRC started with skepticism, but quickly turned positive once we realized how logically organized the system was on the back-end. During our testing period, we were able to quickly create a Sarbanes-Oxley program, using both their template import and the GUI, in a matter of days. Since that time only a few short weeks ago we have now almost completed a full internal audit of our SOX program, complete with evidence collection and control evaluations. Our rough estimate has us gaining back a full week of time from previous audits last year and year prior using the old email/spreadsheet method. We are now rolling out an ISO27001, SOC2 and internal security control framework on the heels of the SOX success.

What do you dislike?

As with any SaaS from a small company that is new to market (less than 5 years), there are aspects of the tool that require some creative thinking and clever workarounds. This is not necessarily a dislike in my opinion, however less technical individuals may find this aspect difficult or troublesome. ZenGRC staff do redeem themselves on this front as they're quick to respond to feature requests and have already implemented several suggestions our team has submitted. Since starting to use the product, they have continually updated the product with new features, fixes and updates to existing functionality.

Recommendations to others considering the product

This is a light, minimal and logical GRC tool that has a lot to offer a company that has never used a GRC tool in the past. Definitely worth a demo and serious consideration.

What business problems are you solving with the product? What benefits have you realized?

Traditionally our audit cycles were difficult in that we rarely hit our target evidence collection windows. Adding to that difficulty we typically have sample requests that introduce complexity and cross-collection on requests with similar subjects and titles making it easy to get lost in email weeds. With ZenGRC, we removed all that complexity by making each and every evidence request unique. Sample requests were entered as new requests in the system so as not to get confused with the original request. Accountability was easily visible with the Request status on the Audit dashboard and escalations were efficient. On our first run, after a small 30 minute training session, we achieved 98.5% completion ahead of our submission deadline. That would have been impossible without ZenGRC.

Sign in to G2 Crowd to see what your connections have to say about ZenGRC
ZenGRC review by Jo-Ann s.
Jo-Ann s.
Validated Reviewer
Verified Current User
Review Source

"ZenGRC - Putty "the easy" into risk & compliance management"

What do you like best?

Ease of use of the ZenGRC portal combined with the ability to run the audit and give your audit direct access to controls & related evidence makes the entire process friction-less.

What do you dislike?

The ability to take a full image backup, locally, is a small but manageable risk.

Recommendations to others considering the product

Setting up your initial controls can be a little time consuming, but the ability to use common controls across multiple compliance frameworks & to mitigate risks is extremely valuable. Time is saved with the cross mapping capability and the value is realized very quickly.

What business problems are you solving with the product? What benefits have you realized?

The main benefit is the way we can share audit evidence from within the secure portal, by directly provisioning the auditor, is a valuable benefit. The time to audit was reduced by at least 30%.

What GRC Platforms solution do you use?

Thanks for letting us know!
ZenGRC review by Executive Sponsor in Hospital & Health Care
Executive Sponsor in Hospital & Health Care
Validated Reviewer
Verified Current User
Review Source

"Best GRC on the market"

What do you like best?

We've been using zGRC for 18 months. It is the best tool I've found for mapping compliance obligations, controls, risks, vendors, and the myriad of other objects that need to be modeled for a solid risk and compliance program. It's ability to cross-link objects to each other, especially linking controls to multiple frameworks (SOC 2, HITRUST, PCI, etc) is invaluable. I could not do my job without it.

What do you dislike?

The ability to model risks could be improved. We've extended it with custom fields to fit our needs.

Recommendations to others considering the product

It's a great product. The Reciprocity team is easy to work with, and they listen to customer product suggestions. We looked at a lot of other software. Nothing came close to zGRC for the money.

What business problems are you solving with the product? What benefits have you realized?

Our company is subject to multiple compliance frameworks. We needed a system to map all our controls to those frameworks to simplify audit and compliance. Also, we needed a way to track risks, especially as related to our vendors. zGRC has greatly enhanced our ability to get and stay compliant. It cuts our audit times in half.

ZenGRC review by Administrator
Administrator
Validated Reviewer
Verified Current User
Review Source

"Very Good ZenGRC Training for our Information Security Team "

What do you like best?

The product is very user friendly. The ZenGRC training was well organized and very informative. We are preparing for our annual ISO audit and wished we had this product last year! Alejandro, our Customer Success Manger, has insured that all our questions and requests have been met thus far. The ZenGRC subject matter experts are very helpful and knowledgeable. Follow-up has been very good! We are looking forward to using the product!!

What do you dislike?

Additional demo scenarios would be good. No dislikes to speak of.

Recommendations to others considering the product

Identify your requirement, # of required admins and audit types. This will assist in building your site and identify training.

What business problems are you solving with the product? What benefits have you realized?

Streamline our internal and external security audits. Compliance with industry requirement and standards. We have realized other ways that we can use this ZenGRC to track audit findings and resolve issues.

ZenGRC review by User in Computer Software
User in Computer Software
Validated Reviewer
Verified Current User
Review Source

"ZenGRC has been a critical tool in our compliance management"

What do you like best?

I have been using ZenGRC for over two years now and it has been an essential tool helping us get and stay organized when we embarked on gaining a SOC 2 attestation. We have since been through two SOC 2 audits and are using ZenGRC to help us assess and remediate our gaps against ISO 27001.

What do you dislike?

There's a fair amount of things you have to edit by exporting to CSV, editing in your favorite spreadsheet app, then re-importing, so it would be nice if some of that functionality was built into the UI. That being said, that workflow is actually ideal for some tasks.

Our last audit firm wasn't able to use the app directly for requesting and managing audit evidence so there was a bit of duplication of effort. The ZenGRC team is making some changes to make that better though.

What business problems are you solving with the product? What benefits have you realized?

GRC program management, controls gap analysis, compliance reporting. Because it's so well organized we've managed to keep the required staff to manage compliance at a minimum.

ZenGRC review by Leo C.
Leo C.
Validated Reviewer
Verified Current User
Review Source

"Best GRC tool on the market!"

What do you like best?

The tool is so simple to use and navigate around. It gives me everything I need in regards to dashboards, heatmaps and condensing all of my risks and regulations. I can get what I need through a couple of clicks. Hands down the best tool I've used for risk reporting and compliance requirements.

All the people at Reciprocity are amazing to work with. Always responsive and on hand to go above and beyond whenever needed.

What do you dislike?

Needs more reporting functions and different dashboard types. Most Execs like visuals and straight to the point reporting in my experience.

What business problems are you solving with the product? What benefits have you realized?

We needed to move away from spreadsheets, better our reporting requirements and get what we need on demand.

ZenGRC review by Aaron O.
Aaron O.
Validated Reviewer
Verified Current User
Review Source

"Team are working on ZenGRC already and loving it"

What do you like best?

The general consensus from the team is that this tool is really great. We are really happy to use it, and I do believe it is going to make our compliance efforts really streamlined. Our organization tends to be a little bit resistant to rigor and control, so tools like ZenGRC are helping to make it easy and less intrusive.

What do you dislike?

Looking forward to the custom survey feature!

What business problems are you solving with the product? What benefits have you realized?

Internal and External audit, ISO 27001 certification, SOC 2 reporting, Risk Assessment and vendor security

ZenGRC review by Travis R.
Travis R.
Validated Reviewer
Review Source

"ZenGRC Delivers, Great Alternative to "Traditional" GRC Toolsets"

What do you like best?

ZenGrC provided use with a single platform under which we could manage multiple, complex audits. The evidence collection and workflows replaced what was an otherwise tedious and duplicative process with JIRA tickets. The ability to present evidence from previous years as an example is immensely helpful when dealing with turnover in engineering and operations teams. Simple implementation, very lightweight, but not lacking for features.

What do you dislike?

The JIRA integration is rapidly improving but isn't quite as richly features as we would like. That being said, our use of JIRA is probably on the extreme side off complex so the current integration is likely acceptable for the majority of customers.

Recommendations to others considering the product

Take the time to do a POC and you will not be disappointed. Their support and go-live is exceptional.

What business problems are you solving with the product? What benefits have you realized?

GRC, multiple concurrent audits, understanding audit readiness, coordination between multiple teams and auditors.

ZenGRC review by Gemma B.
Gemma B.
Validated Reviewer
Verified Current User
Review Source

"A dynamic tool for tracking compliance issues in a tech environment"

What do you like best?

Using ZenGRC, we've automated tracking of compliance issues that pose potential risks. It has allowed us to remediate these issues swiftly.

What do you dislike?

Exporting reports to CSV then takes a decent amount of reformatting to ready them for Executive review, but the new dashboard functionalities are providing new options in reporting key results which is great.

Overall the team has been quick to respond to requests for changes or additional functionality.

What business problems are you solving with the product? What benefits have you realized?

Centralized and systematic issue tracking across review types, programs and teams.

ZenGRC review by Dana L.
Dana L.
Validated Reviewer
Verified Current User
Review Source

"ZenGRC is a great for our tech company compliance and audit functions"

What do you like best?

ZenGRC has a nice user interface and is fairly intuitive to use. It is a refreshing change from some of the larger industry standard GRC tools I've used over the years.

What do you dislike?

I would love to see a way to ZenGRC as a tool to manage all aspects of our audit function- audit work programs, work papers, testing spreadsheets, supporting documentation and reporting.

Recommendations to others considering the product

They have excellent customer support. I would definitely try a demo to see if this tool would meet your GRC needs.

What business problems are you solving with the product? What benefits have you realized?

GRC, audit tracking

ZenGRC review by Executive Sponsor
Executive Sponsor
Validated Reviewer
Verified Current User
Review Source

"Easy,Flexible, Always Improving GRC Tool"

What do you like best?

ZenGRC is very flexible and easy to use even with complex compliance programs leveraging multiple standards. Reciprocity Labs listens to our feedback and is constantly improving the product.

What do you dislike?

Evidence storage solutions could be more fully integrated. I understand this is on the roadmap for future development.

What business problems are you solving with the product? What benefits have you realized?

Third-party assessment and certification management is easier for a small GRC team to manage with ZenGRC.

Learn more about ZenGRC

ZenGRC Videos

Kate from G2 Crowd

Learning about ZenGRC?

I can help.
* We monitor all ZenGRC reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. Validated reviews require the user to submit a screenshot of the product containing their user ID, in order to verify a user is an actual user of the product.