ZenGRC

4.5 / 5 12 reviews

Who Uses This Software?

We serve Information Security and Compliance teams who are looking to better manage their Compliance needs. Target industries include Tech, Retail, Utilities, Consumer Goods, Healthcare and Finance.


Average Ratings

12 Reviews
  • 4.5 / 5
    Overall
  • 5 / 5
    Ease of Use
  • 5 / 5
    Customer Service

Product Details

  • Starting Price
    $2,500.00/month
  • Free Demo
  • Deployment
    Cloud, SaaS, Web
  • Training
    Documentation
    Webinars
    Live Online
    In Person
  • Support
    Online
    Business Hours

Vendor Details

  • RECIPROCITY
  • reciprocitylabs.com/
  • Founded 2009
  • United States

About ZenGRC

ZenGRC is trusted by companies of all sizes including Salesforce, Walmart and Airbnb to reduce time and cost, while eliminating spreadsheets. ZenGRC is light years beyond using spreadsheets, docs, or emails to manage compliance at a fraction of the cost of other enterprise GRC tools. In additIon to increasing visibility into controls, processes and risks, customers also provide better insights to senior management. Get a free demo today!


ZenGRC Features

  • Archiving & Retention
  • Audit Trail
  • Controls Testing
  • Environmental Compliance
  • FDA Compliance
  • HIPAA Compliance
  • ISO Compliance
  • OSHA Compliance
  • Risk Alerts
  • Sarbanes-Oxley Compliance
  • Version Control

ZenGRC Reviews Recently Reviewed!

Reciprocity is an invaluable partner in meeting our data management needs.

Nov 15, 2017
4/5
Overall
4 / 5
Ease of Use
5 / 5
Features & Functionality
5 / 5
Customer Support
5 / 5
Value for Money
Likelihood to Recommend: 9.0/10 Not
Likely
Extremely
Likely

Pros: The ability to customize the use of the software to meet our unique needs. The technical folks also understand our use case and suggest different ways for us to think about our data and how best to represent it. I like way the system has matured and is tying various elements together (like audit and risk). Customer service is excellent and I really, really like having the same person to deal with all the time. This eliminates having to re-explain your data set to the next help desk guy.

Cons: While many of the changes to the system have been helpful, the constant changes can be hard to keep up with and difficult to plan how to expand our use of the system.

53f28f3ff094c0de8783e8475753d0bb

ZenGRC Delivers Compliance and Automation

Nov 09, 2017
5/5
Overall
5 / 5
Ease of Use
4 / 5
Features & Functionality
5 / 5
Customer Support
5 / 5
Value for Money
Likelihood to Recommend: 10.0/10 Not
Likely
Extremely
Likely

Pros: Simple, easy to use, despite managing complex workflows and multiple audits across ,multiple teams. Easy to import specific controls and modify existing control sets to meet our needs as necessary. Audit readiness dashboard is critical as you prepare for new compliance initiatives or are questioned on "how difficult" it would be to be to become compliant with a specific regulation or framework to close a deal.

Cons: The JIRA integration is improving in significant ways, however the complexity and manner with which we implemented JIRA makes an effective integration difficult and as a result the immediate integration is not as useful as we would like to see. That being said, the two-way sync has made a dramatic improvements, and for most customers, the existing integration is likely more than sufficient.

Overall: The immediate benefits are streamlining of processes and simplification of evidence collection. What used to be a multi-step JIRA project with a manual review, then publishing to a separate project where our auditors could view the evidence, is now a simple workflow. This is a huge timesaver and makes the audit process as painless as possible.

ZenGRC is a major part of our successful compliance programs

Sep 22, 2017
5/5
Overall
5 / 5
Ease of Use
5 / 5
Features & Functionality
5 / 5
Customer Support
5 / 5
Value for Money
Likelihood to Recommend: 10.0/10 Not
Likely
Extremely
Likely

Pros: I have been using ZenGRC for over two years now and it has been an essential tool helping us get and stay organized when we embarked on gaining a SOC 2 attestation. We have since been through two SOC 2 audits and are using ZenGRC to help us assess and remediate our gaps against ISO 27001.

Cons: There's still a some things you have to edit by exporting to CSV, editing in your favorite spreadsheet app, then re-importing, so it would be nice if some of that functionality was built into the UI. That being said, that workflow is actually ideal for some tasks.

Our last audit firm wasn't able to use the app directly for requesting and managing audit evidence so there was a bit of duplication of effort. The ZenGRC team is making some changes to make that better though.

Overall: Because it's so well organized we've managed to keep the required staff to manage compliance at a minimum.

ZenGRC is the perfect solution for our compliance and audit teams at our tech company

Sep 19, 2017
5/5
Overall
5 / 5
Ease of Use
5 / 5
Features & Functionality
5 / 5
Customer Support
5 / 5
Value for Money

Pros: ZenGRC has a nice user interface and is fairly intuitive to use. I can't tell you how many horrible GRC tools I've used. ZenGRC is refreshing.

Cons: I would love to see a way to use ZenGRC as a tool to automate audit workprograms, testing, spreadsheets and reporting.

ZenGRC is a great workflow tool from starting a request to collect evidences and close out request.

Sep 11, 2017
3/5
Overall
5 / 5
Ease of Use
3 / 5
Features & Functionality
4 / 5
Customer Support
4 / 5
Value for Money
Likelihood to Recommend: 7.0/10 Not
Likely
Extremely
Likely

Cons: The tool needs some enhancements and bug fix to add value to the customers and be user friendly. We are actively using the tool to manage our PCI audit. There are some features that needs to be added to save time during evidence collection and verifying process. I do not think the ZenGRC has met their SLA for customer support. I hope they work on redefining their SLA for their customer.

Overall: ZenGRC is a great tool for managing different audits. I love the workflow from starting multiple requests to collecting and accepting evidences. It is reducing the manual effort of tracking requests in excel file. The audit report matrix gives a solid picture for management to track and find the status of the active audit.

Intuitive and User-friendly Approach to Managing Complex Business Processes

Aug 17, 2017
5/5
Overall
5 / 5
Ease of Use
5 / 5
Features & Functionality
Likelihood to Recommend: 9.0/10 Not
Likely
Extremely
Likely

Comments: It's essential to meet these objectives not only for legal, security, and governance, but also in furthering and enhancing mobility capabilities across the enterprise, and add new solutions as the proliferation of connected devices continues to accelerate.

Pros: As a non-technical founder, I evaluated this product on behalf of our customer/prospects. Its intuitive, easy to follow workflows in managing the complexity of rapidly changing and dynamic requirements in compliance, governance, and security are issues that are top of mind early in the product design and discovery phase. Having a trusted partner provides reassurances and more holistic solutions to meet these challenges and increase value.

Cons: The only cons are related to having not used the product as an end user, but rather evaluated from demos, meetings, and whitepapers to enhance customer value and as a potential partner.

Best GRC tool I have used. It's easy and user friendly for risk and compliance requirements

Jul 18, 2017
5/5
Overall
5 / 5
Ease of Use
5 / 5
Features & Functionality
5 / 5
Customer Support
4 / 5
Value for Money
Likelihood to Recommend: 10.0/10 Not
Likely
Extremely
Likely

Pros: Easy to set up and begin recording and reporting on risks. All our compliance requirements in one central place and accessable by a few clicks of a button.

Cons: It needs more reporting and visual features as my target audience need more graphs and items to show different risk profiles, risk appetite, thresholds etc

Overall: It does everything I need in a fraction of the time. It is efficient and very easy to navigate around.

Effective and Efficient

Jun 28, 2017
4/5
Overall
5 / 5
Ease of Use
4 / 5
Features & Functionality
4 / 5
Customer Support
4 / 5
Value for Money
Likelihood to Recommend: 8.0/10 Not
Likely
Extremely
Likely

Pros: Since implementing ZenGRC, Vision Critical has improved our ability to effectively and efficiently manage our compliance audits. ZenGRC provides a user-friendly mechanism for submitting evidence and ensuring that appropriate artifacts have been submitted. Furthermore, The ZenGRC dashboards allow Vision Critical to manage and track multiple audits and risk items, while delivering successful results.

Cons: We are anxiously awaiting storage integration with AWS S3 and will continue to review other potential solutions with Reciprocity labs.

Best Governance, Risk and Compliance tool on the market

Apr 21, 2017
5/5
Overall
5 / 5
Ease of Use
5 / 5
Features & Functionality
5 / 5
Customer Support
5 / 5
Value for Money
Likelihood to Recommend: 10.0/10 Not
Likely
Extremely
Likely

Pros: Ease of use
Relationships of objects
Standards library

Overall: ZenGRC is the easiest to use, and most flexible, GRC tool on the market. It is simple enough that even small organizations will find it useful, but powerful enough to help the largest of companies. Its power comes from the way it links objects to each other. Controls, objectives, threats, risks, systems, vendors, customers, contracts, etc. are all cross linked to each other. And best of all, Reciprocity has a vast library of compliance standards that are cross-linked. Because of this, you can have a single set of master controls that are linked to PCI, SOC2, HIPAA, HITRUST, NIST, ISO, or whatever other frameworks you are using. Simplifies and "audit once" methodology for companies that deal with many different standards.

Additionally, the risk management capabilities of ZenGRC make it easy to integrate enterprise risk management into your overall compliance program.

There are few pieces of software I can't live without, but ZenGRC is one I'd fight for at any company I joined.

Recommendations to other buyers: Once we were comfortable with the software, we redesigned our risk management and policy management programs around the way the software works. It ended up being more intuitive that the way we were doing them before. It's a powerful tool that enables collaboration between the security, compliance and privacy teams.

Streamlining issue management

Apr 11, 2017
4/5
Overall
4 / 5
Ease of Use
4 / 5
Features & Functionality
5 / 5
Customer Support
4 / 5
Value for Money

Comments: We used to spend a ton of time sending emails to manage issue tracking and resolution for audits. ZenGRC makes tracking issues incredibly simple.

Great compliance tool

Mar 31, 2017
5/5
Overall
5 / 5
Ease of Use
4 / 5
Features & Functionality
5 / 5
Customer Support
5 / 5
Value for Money
Likelihood to Recommend: 9.0/10 Not
Likely
Extremely
Likely

Comments: Before ZenGRC, we used spreadsheets and emails to manage our audits. After using ZenGRC, I'll never go back. Their Customer Success team is amazing. They go above and beyond to make sure that we're well taken care of.

Audit Management Made Easy

Mar 31, 2017
4/5
Overall
4 / 5
Ease of Use
4 / 5
Features & Functionality
5 / 5
Customer Support
5 / 5
Value for Money

Comments: ZenGRC has been a great help for managing our assessments. The system is flexible, easy to use and constantly improving with regular updates.

Vendor Response

by RECIPROCITY on April 03, 2017

Thanks for submitting your review! We're pleased to hear that you are getting a lot of value out of ZenGRC.