ZenGRC

ZenGRC

(8)
4.9 out of 5 stars

ZenGRC is a user-friendly GRC software designed to make compliance easy for nimble enterprises.

Work for ZenGRC?

Learning about ZenGRC?

We can help you find the solution that fits you best.

ZenGRC Reviews

Ask ZenGRC a Question
Write a Review
Filter Reviews
Filter Reviews
  • Ratings
  • Company Size
  • User Role
  • User Industry
Ratings
Company Size
User Role
User Industry
Showing 8 ZenGRC reviews
LinkedIn Connections
ZenGRC review by <span>Andrew W.</span>
Andrew W.
Validated Reviewer
Verified Current User
Organic
Reviewed On

Light and capable GRC tool wrapped into a minimal package

What do you like best?

ZenGRC brings all the tools you need to run a successful GRC program to the table in a clear, concise and minimalist package that's nimble and efficient. Our company had been utilizing the old method of email/spreadsheets and was getting lost in the weeds even on the smallest of audits and struggling to keep up each year to stay ahead. Our evaluations with other tools fell flat, didn't meet our requirements or introduced complexity. Our evaluation of ZenGRC started with skepticism, but quickly turned positive once we realized how logically organized the system was on the back-end. During our testing period, we were able to quickly create a Sarbanes-Oxley program, using both their template import and the GUI, in a matter of days. Since that time only a few short weeks ago we have now almost completed a full internal audit of our SOX program, complete with evidence collection and control evaluations. Our rough estimate has us gaining back a full week of time from previous audits last year and year prior using the old email/spreadsheet method. We are now rolling out an ISO27001, SOC2 and internal security control framework on the heels of the SOX success.

What do you dislike?

As with any SaaS from a small company that is new to market (less than 5 years), there are aspects of the tool that require some creative thinking and clever workarounds. This is not necessarily a dislike in my opinion, however less technical individuals may find this aspect difficult or troublesome. ZenGRC staff do redeem themselves on this front as they're quick to respond to feature requests and have already implemented several suggestions our team has submitted. Since starting to use the product, they have continually updated the product with new features, fixes and updates to existing functionality.

Recommendations to others considering the product

This is a light, minimal and logical GRC tool that has a lot to offer a company that has never used a GRC tool in the past. Definitely worth a demo and serious consideration.

What business problems are you solving with the product? What benefits have you realized?

Traditionally our audit cycles were difficult in that we rarely hit our target evidence collection windows. Adding to that difficulty we typically have sample requests that introduce complexity and cross-collection on requests with similar subjects and titles making it easy to get lost in email weeds. With ZenGRC, we removed all that complexity by making each and every evidence request unique. Sample requests were entered as new requests in the system so as not to get confused with the original request. Accountability was easily visible with the Request status on the Audit dashboard and escalations were efficient. On our first run, after a small 30 minute training session, we achieved 98.5% completion ahead of our submission deadline. That would have been impossible without ZenGRC.

Sign in to G2 Crowd to see what your connections have to say about ZenGRC
Headshots
ZenGRC review by User in Computer Software
User in Computer Software
Validated Reviewer
Verified Current User
Organic
Reviewed On

ZenGRC has been a critical tool in our compliance management

What do you like best?

I have been using ZenGRC for over two years now and it has been an essential tool helping us get and stay organized when we embarked on gaining a SOC 2 attestation. We have since been through two SOC 2 audits and are using ZenGRC to help us assess and remediate our gaps against ISO 27001.

What do you dislike?

There's a fair amount of things you have to edit by exporting to CSV, editing in your favorite spreadsheet app, then re-importing, so it would be nice if some of that functionality was built into the UI. That being said, that workflow is actually ideal for some tasks.

Our last audit firm wasn't able to use the app directly for requesting and managing audit evidence so there was a bit of duplication of effort. The ZenGRC team is making some changes to make that better though.

What business problems are you solving with the product? What benefits have you realized?

GRC program management, controls gap analysis, compliance reporting. Because it's so well organized we've managed to keep the required staff to manage compliance at a minimum.

What Governance, Risk & Compliance solution do you use?

Thanks for letting us know!
ZenGRC review by <span>Leo C.</span>
Leo C.
Validated Reviewer
Verified Current User
Organic
Reviewed On

Best GRC tool on the market!

What do you like best?

The tool is so simple to use and navigate around. It gives me everything I need in regards to dashboards, heatmaps and condensing all of my risks and regulations. I can get what I need through a couple of clicks. Hands down the best tool I've used for risk reporting and compliance requirements.

All the people at Reciprocity are amazing to work with. Always responsive and on hand to go above and beyond whenever needed.

What do you dislike?

Needs more reporting functions and different dashboard types. Most Execs like visuals and straight to the point reporting in my experience.

What business problems are you solving with the product? What benefits have you realized?

We needed to move away from spreadsheets, better our reporting requirements and get what we need on demand.

ZenGRC review by <span>Travis R.</span>
Travis R.
Validated Reviewer
Organic
Reviewed On

ZenGRC Delivers, Great Alternative to "Traditional" GRC Toolsets

What do you like best?

ZenGrC provided use with a single platform under which we could manage multiple, complex audits. The evidence collection and workflows replaced what was an otherwise tedious and duplicative process with JIRA tickets. The ability to present evidence from previous years as an example is immensely helpful when dealing with turnover in engineering and operations teams. Simple implementation, very lightweight, but not lacking for features.

What do you dislike?

The JIRA integration is rapidly improving but isn't quite as richly features as we would like. That being said, our use of JIRA is probably on the extreme side off complex so the current integration is likely acceptable for the majority of customers.

Recommendations to others considering the product

Take the time to do a POC and you will not be disappointed. Their support and go-live is exceptional.

What business problems are you solving with the product? What benefits have you realized?

GRC, multiple concurrent audits, understanding audit readiness, coordination between multiple teams and auditors.

ZenGRC review by <span>Gemma B.</span>
Gemma B.
Validated Reviewer
Verified Current User
Organic
Reviewed On

A dynamic tool for tracking compliance issues in a tech environment

What do you like best?

Using ZenGRC, we've automated tracking of compliance issues that pose potential risks. It has allowed us to remediate these issues swiftly.

What do you dislike?

Exporting reports to CSV then takes a decent amount of reformatting to ready them for Executive review, but the new dashboard functionalities are providing new options in reporting key results which is great.

Overall the team has been quick to respond to requests for changes or additional functionality.

What business problems are you solving with the product? What benefits have you realized?

Centralized and systematic issue tracking across review types, programs and teams.

ZenGRC review by Executive Sponsor in Hospital & Health Care
Executive Sponsor in Hospital & Health Care
Validated Reviewer
Verified Current User
Organic
Reviewed On

Best GRC on the market

What do you like best?

We've been using zGRC for 18 months. It is the best tool I've found for mapping compliance obligations, controls, risks, vendors, and the myriad of other objects that need to be modeled for a solid risk and compliance program. It's ability to cross-link objects to each other, especially linking controls to multiple frameworks (SOC 2, HITRUST, PCI, etc) is invaluable. I could not do my job without it.

What do you dislike?

The ability to model risks could be improved. We've extended it with custom fields to fit our needs.

Recommendations to others considering the product

It's a great product. The Reciprocity team is easy to work with, and they listen to customer product suggestions. We looked at a lot of other software. Nothing came close to zGRC for the money.

What business problems are you solving with the product? What benefits have you realized?

Our company is subject to multiple compliance frameworks. We needed a system to map all our controls to those frameworks to simplify audit and compliance. Also, we needed a way to track risks, especially as related to our vendors. zGRC has greatly enhanced our ability to get and stay compliant. It cuts our audit times in half.

Learn more about ZenGRC

ZenGRC Videos

Kate avatar
Kate from G2 Crowd

Learning about ZenGRC?

I can help.
* We monitor all ZenGRC reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. Validated reviews require the user to submit a screenshot of the product containing their user ID, in order to verify a user is an actual user of the product.