# NAVEX IRM Reviews 2026. Verified Reviews, Pros & Cons | Capterra > Is NAVEX IRM the right Risk Management solution for you? Explore 20 verified user reviews from people in industries like yours to make a confident choice. Source: https://www.capterra.com/p/150187/Keylight-Platform/reviews --- NAVEX IRM 4.7 (20) Provider data verified by our Software Research team, and reviews moderated by our Reviews Verification team. [Learn more](https://www.capterra.com/our-story/) * * * Last updated March 13th, 2026 # Reviews of NAVEX IRM Ease of use 4.0 Customer Service 4.7 ## Showing most helpful reviews Showing 1-20 of 20 Reviews Sort by: Most Helpful Rating Company Size Reviewer's Role Length of Use Frequency of Use Jackie L. IT GRC Keylight Program Manager Insurance Used the software for: 2+ years ### "Keylight is easy to use and easy to configure to suit your needs. " May 22, 2018 5.0 Pros Keylight is completely configurable and extremely adaptable. It has powerful yet simple-to-produce reporting capabilities that enable metrics and provide transparency with ease. I can't stress enough how easy the configuration (Admin) capabilities are to learn and to use. And for those times where help is needed, the Lockpath Support and Professional Services teams are first class. Always eager to help and it is evident that customer service is a high priority for the company. Workflows and notifications can be easily built which can provide a centralized location for many use cases, including: Identifying and monitoring risks; Recording regulatory and other requirements, controls associated with those requirements, including assigning ownership and review of those controls, and Audit projects which are tied directly to the controls; Vendor Management, including monitoring compliance and tying to any applicable risks. I guess what I'm trying to say is, the Keylight GRC platform helps take some of the complexity out of GRC. The above are just a few of the many possibilities. Because the tool is so easy to configure, I tell my colleagues to "tell me your dream"-- I'm usually able to get pretty close. Cons Sometimes the tool is less than intuitive. Don't get me wrong-- I still stand by my statement that it is extremely easy to use-- but sometimes the way to do something is not the way you'd imagine. Most times, there is a way to do what you need to do, it's just not always the way you'd expect. Lockpath Support is always an excellent resource to work through these situations. Review Source RT Rick T. System Security Analyst Used the software for: 1-2 years ### "Robust GRC Management Tool" June 8, 2018 5.0 Makes managing GRC tasks, exceptions, vendors, etc much MUCH more efficient. We have seen significant time savings by using this software. Pros This is a fully customizable solution to help meet GRC management needs. This has also been expanded into other areas, including assessments, asset reviews, documentation management/reviews, testing management, vendor management, and a host of other things. Cons The online doc is ok, but may need updating. We have also run into reporting limitations, and the software can struggle with graphic reporting if the number of records exceed some preset quantity. The other is very specific; when creating a new field and setting the character parameters, the parameters are permanent for the life of the field. For example, if a text field is set for 100 characters, but a year later, you find a need to allow for 500 characters, the existing field cannot be redefined. A new field needs to be created to allow for the expanded setting. So when you are trying to create a field and be cognizant of the space (i.e. limiting to 100 characters), you are limiting the future-growth of the data this field may manage. The same goes for the tolerances of the numeric fields. Once the parameters (number of spaces before and after a decimal point) are set, there is no changing the field. It must be replaced with a new field, rather than having an effective recalculation process. Review Source ML Mike L. 3rd party risk management specialist Used the software for: 2+ years ### "Keylight has been a good platform and meets our needs" June 6, 2018 4.0 A very good third party management software. It has helped us to streamline and organize our 3rd party risk management process Pros Excellent customer service, intuitive and easy to use. layout and menus are well suited for navigation and functionality. Cons On premise solution has some bugs to work out. software could be faster when clicking through and going from page to page. Review Source MG Michael G. Senior Security Engineer & Risk Analyst Used the software for: 2+ years ### "Excellent GRC platform with phenomenal support." June 6, 2018 5.0 Excellent customer support and the ability for me to use the product however our organization sees fit. Often a process or workflow design can become a reality within weeks without having to build out new features or wait for software to catch up. Pros LockPath Keylight is highly customizable and new features and upgrades are released on a very timely schedule. The platform is highly stable and provides great insights to our data across our environments. Custom dashboards and reporting metrics can be configured for different roles as well which helps provide the most important data to a given user. Be it high level CISO dashboards, to implementation based feeds for system administrators, the customization capabilities are there. Cons There is a slight learning curve with this product but this has become incrementally less with every release. I would not say it is complicated by any means, complexity largely results in how vast you've opted to customize your system and integrate connectivity with other platforms through connectors. Review Source VR Verified Reviewer Information Security Compliance Analyst Hospital & Health Care Used the software for: 6-12 months ### "Keylight is nimble, useful system." January 9, 2019 4.0 Keylight lets us manage our vendors in a very simple way. We can add vendors, provide assessments, provide reviews, and render decisions all within the system and effectively. It has simplified a number of tasks for me personally. Pros Keylight makes the complex tasks involved in vendor management easy to handle. From vendor communications to information retention, Keylight does it all and in a fairly user friendly way. Cons Lockpath has traditionally not communicated potential problems in upcoming updates and has not provided system issue notifications very well, if at all. They are pleasant to talk to but work from the basis of regardless the problem, we're only going to discuss issues if you call in. Review Source Nathan G. Manager, Information Security Computer Software Used the software for: 2+ years ### "Significant win for our company" June 6, 2018 5.0 Pros What I like most about LockPath Keylight is the flexibility and ease of use use. Unlike other GRC tools, I do not need an entire support team to make rapid changes and add value. Cons What I like least about LockPath Keylight is occasional slowness and enhanced historical reporting (which requires additional cost). Review Source MK Morgan K. Sr. Analyst Insurance Used the software for: Less than 6 months ### "Seeking Tool for Risk Management and Workflow (Rm & Cm Applications)" October 8, 2018 5.0 The experience with Lockpath has been positive including their attentiveness and responsiveness to meet our needs with their tool. Pros Lockpath Keylight is highly configurable and easy to navigate from an administrative perspective with coaching from the Professional Services team. The speed of implementation is primarily based on the tool owner to provide documentation and dedicate time to understanding the system. The user-friendliness of the front end of the tool ultimately falls on the administrator as the system is pretty much a blank slate upon purchase. The Quickstart implementation structured our system’s foundation and the remainder of the configuration was able to be completed either by the Professional Service team or by an internal administrator of the system. The Professional Service and Support teams have been highly responsive to questions and enhancement requests for the system. Professional Service hours have been very useful in working through more advanced requirements and gaining a more robust training to the system. Cons As noted above, the Risk Keylight application is 100% configurable which means there is no direct out-of-the-box workflows or fields. This can be an advantage or disadvantage based on the needs of your company. If your company is able to detail specific requirements, the configuration of basic workflows is quick to implement. The Compliance Keylight application came with a few pre-built workflows and forms which has been helpful to quickly input data and see results in the system. Review Source VR Verified Reviewer Security Compliance Analyst Computer Software Used the software for: 1-2 years ### "The Keylight GRC tool helps in managing risks across different business in our organization." June 6, 2018 4.0 Pros The customization options along with graphical tools help in visualizing the risks with respect risk scores. Cons It gets slow to load some of the links to its own web pages. IT takes a lot of time to transition between the Keylight modules. Review Source FG Fran G. Security and Risk Engineer Computer Games Used the software for: 2+ years ### "i have been using this product since 2015 & this includes the applications (Am, Cm, Im, Rm, Sm & Vm)" May 18, 2018 5.0 makes life easier in meeting the needs of the various teams i need to build the applications for. the workflow is very easy to work with. Pros ease of development and customization of the product, the ease of fitting it to your business operations, not fitting the business to the tool. i also like the responsiveness of the customer support people. Cons a few minor enhancements that they have in their queue to eventually build out and the fact that i have to wait for them. Review Source VR Verified Reviewer Manager, Information Security Systems Hospital & Health Care Used the software for: 2+ years ### "Good GRC solution with a robust framework" April 3, 2019 4.0 While the framework required more work than we anticipated, overall the Keylight GRC platform has been a good first step into the GRC tool space. Pros Framework is very flexible to meet the needs of most organizations, inexpensive for the architecture. Cons Would not be a good fit for companies that want something that is more plug n play where you select the regulatory requirements, you yes/no the risks and it outputs dashboards. Review Source JL Joi L. Senior IT Security Analyst Hospital & Health Care Used the software for: 1-2 years ### "Great Experience with Lockpath's Keylight Tool" April 3, 2019 5.0 Keylight has been a great tool and has assisted with streamlining our third party review process. Using the tool, we are able to weight questions, calculate a score based on the vendor’s response, obtain information regarding the security scorecard rating, document a summary regarding the review, easily update questions to be completed by the third party, administer user access for the tool, and keep track of the progress of completion of the questionnaire. Also, Lockpath is quick to respond whenever I have questions regarding the tool. Additionally, I meet with a representative from Lockpath on a regular basis to touch base and discuss any issues, questions, or provide feedback. I’ve had an excellent experience with Lockpath’s Keylight tool and highly recommend it. Pros Ability to weight questions Ability to calculate score based on vendor's response to questionnaire Ease of updating questions/info in questionnaire Ease of providing user administration Ease of monitoring progress of completion of questionnaire Good customer service Cons The reporting functionality could be improved Review Source MS Melissa S. Manager Information Risk management Legal Services Used the software for: 2+ years ### "Excellent platform and model vendor" January 15, 2019 5.0 The platform has enabled the risk function to have broad management capabilities in all GRC areas with a minimal amount of staff to support the platform. Pros Highly extensible and customizable for our workflows and reporting requirements Cons The administrator UI isn't in the usual structure which takes some time to get used to but it is the same in every module so once you are used to the layout it is the same for every piece in the platform. Review Source GP Greg P. Sr. Security Architect Entertainment Used the software for: 2+ years ### "Great turn up process, much smoother development than it's compeditors" June 6, 2018 5.0 Pros The SAAS platform means I don't have to have a staff dedicated to keeping one application running. Keylight is easy to use and understand and can provide the workflows we need. Cons The integrations are priced individually. The API isn't "public" and could use some tweaking. The ambassador/agent model is a bit old as is uploading CVS files for data modification. Review Source VL Verna L. Information Security Engineer Used the software for: 2+ years ### "LockPath is flexible and customer support team very knowledgeable." June 7, 2018 5.0 Pros Improvements of the tool with each upgrade makes it even more flexible for all users and skill levels. Cons I find that building out workflows involves too many steps and can be a bit cumbersome. Additionally, converting compliance documents to MS Word formats could be improved. Review Source MS Molly S. GRC Analyst Used the software for: 1-2 years ### "Keylight has enabled us to manage our entire GRC program in a centralized platform." June 6, 2018 5.0 Pros The ability to customize all workflows to internal processes and requirements. No other tool we assessed provided this flexibility. The ability to leverage data across modules to ensure information is consistent and linked for reporting purposes. Cons The platform is not quite as intuitive as other tools but going through Keylight training or leveraging Lockpath's managed services helps greatly. Review Source CN Chris N. Security Administrator Used the software for: 2+ years ### "Great Product For Regulatory Compliance " June 7, 2018 4.0 Pros We like using Keylight because it allows us to keep track of all of and stay up to date with all of our policy and compliance documentation. The platform also holds people (performers) accountable and ensures due diligence with regards to their relevant tasks. Cons The roles can be a little confusing, when we set up users, it is sometimes a challenge to determine what access they need, especially for people in IT. Review Source CS Christopher S. Intern Information Technology and Services Used the software for: Less than 6 months ### "Powerful with steep learning curve" April 4, 2019 4.0 So far we only have the Vendor manager operational, and once I read up and practiced a bit, setting up tables is pretty straight forward, but we have to be careful because setting up a practice questionnaire and issuing it in a test means we now have a sample questionnaire that we apparently can never delete or get rid of. I feel it's going to be a great asset, but getting it operational seems time-consuming and labor-intensive. Pros The number of features is pretty great and it seems like it's going to be a powerful tool once it's operational. Cons It's pretty complicated to set up and make ready for use. Review Source MC Mark C. Information Security Analyst Insurance Used the software for: 6-12 months ### "Takes the guesswork out of managing risk." May 22, 2018 4.0 Slowly, we are forming a GRC culture. Changing the way this company does business Pros Controls framework and auditability are key. They help drive accountability, which drives real change. Cons Reporting can be tricky. Overall, the UI can be trick and take awhile for the averae user to get used to. Review Source DB Deborah B. Information Security Analyst Management Consulting Used the software for: 6-12 months ### "LockPath experience" April 3, 2019 5.0 Pros I like that it helps me organize my GRC functions, helps automate things and takes out a lot of the manual work that GRC usually requires. It is like another resource . Cons It can be confusing at times knowing where to go to connect different documents and functions. It is not the most user friendly software. It does take a mindset that is not afraid to explore and ask questions. Review Source MC Michael C. Security Analyst - GRC Used the software for: Less than 6 months ### "Makes vendor management and employee attestations simple. " June 6, 2018 5.0 Pros \*Saves me time issuing, following up, and tracking our vendor due diligence efforts. \* Compliance tracking for staff awareness events can be configured with ease. \* Support availability, product knowledge, and communication is top notch. Cons \* Initial familiarity with how the applications work and inter-operate isn't the most intuitive. However, training videos are freely available and help speed up the learning curve. Review Source Similar Products Featured