# Continuum GRC Reviews 2026. Verified Reviews, Pros & Cons | Capterra

> Is Continuum GRC the right Governance, Risk and Compliance (GRC) solution for you? Explore 24 verified user reviews from people in industries like yours to make a confident choice.

Source: https://www.capterra.com/p/244576/Continuum-GRC/reviews

---

Continuum GRC

4.6 (24)

[View alternatives](https://www.capterra.com/p/244576/Continuum-GRC/alternatives/)

Provider data verified by our Software Research team, and reviews moderated by our Reviews Verification team. [Learn more](https://www.capterra.com/our-story/)

* * *

Last updated August 24th, 2025

# Reviews of Continuum GRC

Ease of use

4.5

Customer Service

5.0

## Pros and Cons in Reviews

JD

Jon D

Director of ITComputer Software, 201 - 500 employeesUsed the software for: 1-2 years.

“Intuitive and well organized tool, was a huge help in our efforts to become StateRAMP (GovRAMP) certified. “

April 23, 2025

WR

William R

Vice President and General CounselMedical Devices, 11 - 50 employeesUsed the software for: Less than 6 months.

“The whole experience was incredibly frustrating - not just because of the vagueness and repetitiveness of the questions, which frequently required going to the vendor to ask questions of clarification, but to navigate as well.“

May 27, 2022

DM

Dan M

PresidentUtilities, 11 - 50 employeesUsed the software for: More than 2 years.

“The process is very intuitive and devised to take you through all the required responses and evidence systematically.“

April 1, 2024

Adam Z

CTOFinancial Services, 51 - 200 employeesUsed the software for: More than 2 years.

“From planning to execution and reporting, every step feels intuitive and efficient.“

March 12, 2024

WO

William O

CSO/CCO Cisco SD-WANComputer Networking, 10,001+ employeesUsed the software for: More than 2 years.

“The integration with existing technologies at Cisco SD-WAN was made nearly seamless by the ContinuumGRC team.“

June 1, 2022

## Showing most helpful reviews

Showing 1-24 of 24 Reviews

Sort by:

Most Helpful

Rating

Company Size

Reviewer's Role

Length of Use

Frequency of Use

Adam Z.  
CTO  
Financial Services  
Used the software for: 2+ years

### "Streamlining IT Audits with Precision and Flexibility"

March 12, 2024

5.0

This is a robust tool that stands out for its ability to streamline audit workflows, simplify management in multi-audit environments, and adapt to user feedback. It has been instrumental in enhancing my productivity and the overall quality of my audit processes. I highly recommend it to any professional looking for an effective solution to manage their audit workflows more efficiently.

Pros

Streamlined Audit Workflow: One of the standout features of this platform is its ability to streamline the entire audit process. From planning to execution and reporting, every step feels intuitive and efficient. The platform's user-friendly interface and logical workflow design have saved me countless hours, allowing me to focus more on analysis and less on administrative tasks. Simplified Multi-Audit Environments: Managing evidentiary documents across multiple audits has always been a cumbersome process. This platform's shared evidentiary management system is a game-changer. It allows for easy access and organization of audit evidence, reducing redundancy and improving accuracy. This feature alone has enhanced my productivity and significantly reduced the potential for errors.

Cons

The MFA entry box doesn't take the Enter keystroke for login, you have to click the button. That's the thing I like least.

Review Source

Response from Continuum GRC

May 29, 2024

Thank you for your feedback! We will look into hot-spotting the login button. I do know that tabbing and pressing the enter button works but defaulting to it would be nicer.

IH

Isabelle H.  
General Counsel and DPO  
Information Technology and Services  
Used the software for: 6-12 months

### "Review by IH 2025"

June 16, 2025

4.0

Good. Enables easier collaboration between the stakeholders. correspondence between SOC2 and ISO27 to be confirmed during next audit cycle.

Pros

the new version is user friendly. Easy to understand and use. navigation between controls is made easy

Cons

The bugs at the beginning (uploaded documents not appearing, no possibility to upload a file instead of individual documents) The lack of possibility of 'full view' and extraction of all controls as written by us for traceability and follow-up purposes Being obliged to upload over and aver again the same documents / evidence under different controls

Review Source

JM

Jeff M.  
Chief Compliance Officer  
Government Administration  
Used the software for: 2+ years

### "Our Experience "

May 31, 2022

3.0

I like it. I believe it is valuable for me in operations.

Pros

I love the fact that our audits are tied directly to NIST requirements. It helps with research on NIST needs as they are not always straight forward. Our assessments were built by Federal agencies for Federal use so it is not always straight forward.

Cons

There are issues with versions. The new version creates a master document, if not done correctly you can end up with multiple versions. It’s confusing and annoying because it appears it has lost data. You spend time adding info back only to find out you are just working with the wrong file. Also, I would like better options for the download of data to include csv. This would help with data entry when offline because you could still function.

Review Source

Response from Continuum GRC

June 1, 2022

Thank you for your feedback! Navigating NIST standards is certainly a challenge, and we are constantly working to flatten the learning curve, while making it easier to navigate the complexities of multiple compliance programs.

JD

Jon D.  
Director of IT  
Computer Software  
Used the software for: 1-2 years

### "Major benefit in our pursuit of State(Gov)RAMP certification"

April 23, 2025

5.0

Found the team at Continuum GRC to be incredibly easy to work with and very responsive when we had questions or needed custom reporting.

Pros

Intuitive and well organized tool, was a huge help in our efforts to become StateRAMP (GovRAMP) certified. Provided training was comprehensive and we were off and running.

Cons

Initial performance wasn't great but was addressed shortly after we went live. No major issues were experienced.

Review Source

Response from Continuum GRC

April 24, 2025

Thank you for your review, Jon. Next to NIST 800-53 and FedRAMP, the State(Gov)RAMP is the largest framework supported by the Continuum GRC solution among hundreds of modules already in our inventory. We thank you for being great customers!

DH

Darwish H.  
Quality Director  
Computer Software  
Used the software for: Less than 6 months

### "SOC 2 Type I - Continuum GRC Review"

April 16, 2025

5.0

We really value the collaboration with the different team members. The Continuum GRC software tool is user-friendly, and it's easy to use.

Pros

The open and professional feedback received. Software tool is user-friendly, and it's easy to use.

Cons

Some questions were not really clear, but those were explained by the auditors.

Review Source

Response from Continuum GRC

April 17, 2025

Thank you for your feedback! We do our best to provide a platform that helps both assessors and those seeking assessments for certification, attestations, accreditations, and authorizations the world over.

BL

Bill L.  
Director of Cybersecurity  
Transportation/Trucking/Railroad  
Used the software for: 6-12 months

### "FedRamp Approved GRC Tool"

August 2, 2023

5.0

Continuum was key to success in generating Executive Summary, SSP, POAM, and for traction to completion for CMMC certification.

Pros

Alignment to key frameworks such as DFARS NIST SP 800-171

Cons

Metrics at first were challenging, but feedback resulted in better reporting

Alternatives considered

[RSA Archer Suite](https://www.capterra.com/p/176996/RSA-Archer/)

Reason for choosing Continuum GRC

DoD approved

Review Source

Response from Continuum GRC

August 7, 2023

Thank you for your feedback Bill. We strive to provide the most useful and efficient tools for your audit and compliance requirements. We look forward to supporting your enterprise GRC requirements.

RD

Rangan D.  
Principal Product Management - Security & Compliance  
Computer Software  
Used the software for: 2+ years

### "Winner all around!!!"

May 31, 2022

4.0

Great tool and very efficient at what it does - The power is in the backend and the design is really good as we move from standard to standard - Would not want to move to any other tool now..

Pros

The coverage of all standards we need compliance with are all available in one place and we can seamlessly switch between the various standards as well as evidence shared across many attestations making compliance extremely easy. The forms are all upto date with the various standards and the UI is being constantly being improved making it easier and easier to use. Process and procedure feedback is incorporated fairly quickly as they listen to input and act on it. Great tool overall - would not want to switch - In fact we are bringing in more projects into the tool to leverage it's capabilities.

Cons

For a while the migration from control section to control section was messy and it was hit and miss when we used the Jump to control feature, but as of recent updates this seems to have gotten much better and we dont see the issues anymore - Also the multi user edit restriction was a pain to deal with in a multi-person team but again our input was well received and that seems to have been addressed - UI could still be better but it is evolving.

Review Source

Response from Continuum GRC

June 1, 2022

We love it when our customers provide us with feedback. It is the use cases we did not think of that helps us innovate and be the better solution. Thank you!

KT

Kevin T.  
Risk and Compliance Analyst  
Accounting  
Used the software for: 6-12 months

### "Continuum Review"

August 1, 2023

5.0

We are using Continuum as a StateRamp audit prep/support tool.

Pros

Once you figure out how to navigate the system, it does a nice job of keeping track of outstanding, and answered questions, areas for improvement.

Cons

The StateRamp module is too detailed. It seems to ask the same question several times.

Review Source

Response from Continuum GRC

August 2, 2023

Thank you for reviewing us Kevin. I agree that StateRAMP is a beast just like FedRAMP and NIST 800-53! We do our best to make that journey as efficient as possible by automapping between similar requirements, A.ITAM startup sample responses, and the many citations to our control library.

WR

William R.  
Vice President and General Counsel  
Medical Devices  
Used the software for: Less than 6 months

### "Continuum GRC Review"

May 27, 2022

3.0

Audit/level-set with SOC2 TI compliance. There HAS to be a better way! This took dozens of hours of my time to complete, and I was just one of several folks. I can only imagine if the vendor had spent a couple of hours in a personal interview to get the information they needed we could have avoided the extreme frustration, extreme expense, and diversion of attention and time this task with this kludgy software took. Level of effort for the objective seemed way out of balance.

Pros

Security. Ensuring TFA, and to some extent the time-out feature, gave me comfort.

Cons

Navigation. While I could eventually figure out where I needed to be, it was not intuitive to me. I don't know if this is related to the software, but the questions we had to answer were vaguely worded and difficult to understand (and I have two post-college degrees). It was hard to tell what the windows meant that kept opening up, the timer on the tab, and more than once I lost valuable work when I failed to scroll way to the bottom of a given screen and hit "continue" while multitasking. The whole experience was incredibly frustrating - not just because of the vagueness and repetitiveness of the questions, which frequently required going to the vendor to ask questions of clarification, but to navigate as well.

Review Source

Response from Continuum GRC

June 1, 2022

Thank you for your feedback. The AICPA SOC 2 trust principles are a little repetitive and vague for certain. The hubris of the accounting industry thinking they are qualified to conduct security audits is certainly frustrating and puts the public at risk! It seems that your frustration is associated with the organization's requirement to write control implementation statements. This is something that your auditors are forbidden to do. Our platform simply facilitates the production and protection of customer data and assessors work.

JP

Jose P.  
ISSE  
Information Technology and Services  
Used the software for: Less than 6 months

### "Lazarus Alliance Third Party Assessment"

September 1, 2022

3.0

The application was great at maintaining everything needed to do RMF (answering Controls, Artifacts, POAMs, etc) in one location for each project.

Pros

Being able to have all the Controls in one central location was a plus. Answering them, adding Artifacts, etc by Control families helped keep the focus of the questions. Integrating the assessment to our business was easy.

Cons

Did not like that you had to name the role on every CCI under each control. It should be done by the control and inherited to the CCIs below. Also, if you attach a document to a multiple controls, it copies that artifact that many times, as to have the same document multiple times making your Artifact larger than it actually should be.

Review Source

Response from Continuum GRC

September 2, 2022

Thank you for your review. We appreciate feedback as it helps up improve the Continuum GRC platform. Mapping the Responsible Role to each control requirement would be easy with our auto mapping, as would also common evidence. The challenge is however for those cases the response is indeed different.

WO

William O.  
CSO/CCO Cisco SD-WAN  
Computer Networking  
Used the software for: 2+ years

### "The FedRAMP GRC Tool for Compliance Monitoring"

June 1, 2022

5.0

Pros

The integration with existing technologies at Cisco SD-WAN was made nearly seamless by the ContinuumGRC team. The tooling also quickly enables measuring to other critical compliance initiatives through their advanced mapping capabilities, saving the organization money and resources that are critical in today's compliance environment.

Cons

We don't have negative feedback in our implementation of the ContinuumGRC tooling.

Review Source

Response from Continuum GRC

June 2, 2022

Thank you for your feedback! The expertise and use case suggestions that you and your team have made over the years have helped us to innovate and improve our solution.

JW

John W.  
Vice President  
Utilities  
Used the software for: 2+ years

### "We used the software for 3 years of SOC 2 audits"

May 31, 2022

5.0

We are very happy. Good software makes the certification process much easier. The support team is very good and help make the process smooth.

Pros

Ease of use. Ability to track progress and write notes. Ability to take feedback from auditor with notifications. Auditor is notified when notes are added. Auto saving. Ease of uploading evidence. Track overall progress and % complete. Easy to identify and move to sections that need more work.

Cons

Performance has steadily increased form acceptable to very good. Some small issues during transfer from one year to the next. Customer service addresses issues promptly.

Reason for choosing Continuum GRC

Number of certifications available. Options to expand in to other certifications on the same platform. Pricing.

Review Source

Response from Continuum GRC

June 1, 2022

Thank you for your great feedback. We will continue being attentive to your requests and suggestions. As much as we try to think of everything, it is your use case that inspires us to improve everything we do. Thank you!

MD

Michael D.  
General Counsel  
Financial Services  
Used the software for: 2+ years

### "Great Platform, even better people."

June 2, 2022

5.0

Incredibly Positive.

Pros

Ease of use, reproducability year over year.

Cons

The past audit file upload repository could use a bit more organization, but it is VERY useable as is;

Reason for choosing Continuum GRC

Price and past positive experience.

Review Source

Response from Continuum GRC

June 7, 2022

Thank you for your review! We strive to provide the perfect platform for risk assessment, risk management and your compliance requirements. Your collaboration helps us become even better. Did you know that auto mapping synchronizes evidence with all your other frameworks? Also, the new evidence manager is searchable, sortable, manageable, and re-nameable just like a local file system is? Thank you!

DM

Dan M.  
President  
Utilities  
Used the software for: 2+ years

### "SOC2 Type II Auditing"

April 1, 2024

5.0

We have used Continuum for five or six years and have always been happy with both the platform and the team that sits behind the software. They have always been very responsive and very thorough.

Pros

The process is very intuitive and devised to take you through all the required responses and evidence systematically.

Cons

The inability to automate the collection of information from existing systems means a large number of screenshots need to be added for evidence.

Review Source

Response from Continuum GRC

April 2, 2024

Thank you for your feedback! We should chat about our integration support. Our OpenAPI connects to thousands of external applications that help automate evidence collection.

KB

Karthik B.  
President/CEO  
Information Technology and Services  
Used the software for: 2+ years

### "FedRAMP Consultant and GRC/SCA perspective"

June 12, 2022

5.0

As FedRAMP consultants and GRC auditors (SCA), Continuum GRC has been tremendous in helping us save time and money in developing the system security plan (SSP) documentation and collecting the evidence to along with it. It's a great value add to any GRC team.

Pros

Ability to map the control statements to different standards such as NIST SP 800-51 and SOC-2 allows us to create the implementation statements once and have the tool automatically map them to the corresponding controls in various standards. The policy templates were invaluable.

Cons

The Save feature sometimes overwrote previous changes. The reporting of status per control can be improved.

Review Source

Response from Continuum GRC

June 16, 2022

Thank you for your feedback! We heard you and think you will like the enhanced Status Indicators with increased visual and text indications. Also, the new risk heatmap priority dashboards have been getting rave reviews from auditors and users alike.

RY

Raj Y.  
CISO  
Financial Services  
Used the software for: 2+ years

### "Continuum GRC "

June 1, 2022

5.0

This is a highly flexible and scalable compliance platform. Gamut of certifications are available under one umbrella. Furthermore, the team is great to work with, and they truly work towards your success. I am very satisfied and a repeat customer since many years now. Highly recommended.

Pros

Breath of certification offerings from a single platform is the strongest feature of Continuum GRC, including latest version offerings. The answers and evidences can be pulled from one certification to another saving time. The software offers 'Consultant View' and 'User View' with pointers to help facilitate the key questions and answers, again boosting productivity. Evidence gathering is also flexible and adaptable.

Cons

Scaling the software across a big team does require some effort. Furthermore, some of the auto bot reminders on the tasks can be confusing on answers already provided. Once a user gets comfortable with the work flow, then it becomes a non-issue. However, it can be an issue in the beginning.

Review Source

Response from Continuum GRC

June 2, 2022

Thank you so much for your feedback! We appreciate your suggestions for improvements and it inspires us to innovate. Our mission is to support professionals like you with expert solutions.

JB

Jared B.  
Director of IT  
Printing  
Used the software for: 2+ years

### "Always evolving and improving"

May 31, 2022

5.0

Continuum GRC has been an integral part of our audit process - from the ease of communication to the organization of documents. Overall it has made the entire process easier and more efficient.

Pros

The user interface was intuitive when I started using Continuum GRC over two years ago. Since then, I've noticed multiple improvements around efficiency and ease of use, so I know the developers are active, and the product is evolving.

Cons

Initially, the product went through some growing pains like any new product does. Certain parts of the user interface were clunky and some of the functionality was lacking, but most of these issues were purely aesthetic - nothing that impacted productivity.

Review Source

Response from Continuum GRC

June 1, 2022

Thank you for your feedback. We appreciate client suggestions for ways to improve the experience, usage and features.

CR

Craig R.  
Director, Compliance and Security  
Information Services  
Used the software for: Less than 6 months

### "Compliance Management "

January 3, 2024

5.0

Early in journey, support has been excellent. Quick to reply to questions, schedule meetings when needed, and to provide guidance.

Pros

Modules are cross mapped, ITAM format, ability to modify and export forms.

Cons

User guide/manual is only available online, PDF or other export is not available.

Review Source

Response from Continuum GRC

January 4, 2024

Thank you for your feedback! We will look into the capabilities of the exportability of our product manual from Jira Service Management and update you. We appreciate your suggestions for improvements as those inspire us to provide superior service and products to our important customers like you.

MD

Michael D.  
General Counsel  
Financial Services  
Used the software for: 2+ years

### "Never had an issue - works like a clock."

April 1, 2024

5.0

Very positive. Will continue to use for years to come.

Pros

Ease of use, and easy access to staff members for trouble shooting.

Cons

Occasionally upload parsing was an issue.

Review Source

Response from Continuum GRC

April 2, 2024

Thank you for your feedback! Our new File Manager is rolled out this month and includes folder creation, indexing, and meta-tagging features to help manage evidence, documents, policies, and other uploaded artifacts. Enjoy!

SB

Srikanth B.  
Director of Enterprise Security  
Health, Wellness and Fitness  
Used the software for: 2+ years

### "Easy to use and saves time"

May 26, 2022

5.0

Pros

Single pane view of multiple compliance status. Easy and quick navigations. Flagging of controls, provision to add Field notes, email notifications and follow-up.

Cons

We did face slowness sometime ago that was reported and has been taken care of immediately. After which its blazing fast.

Review Source

Response from Continuum GRC

May 27, 2022

Thank you for your review! We appreciate your support and look forward to supporting your team.

DL

Dave L.  
VP Technology  
Computer Software  
Used the software for: 2+ years

### "Continuum GRC Review"

June 8, 2022

5.0

Continuum GRC does a good job of allowing us to effectively manage our audits.

Pros

Easy to use to upload artifacts and track status.

Cons

Nothing comes to mind, we haven't had a negative experience.

Review Source

Response from Continuum GRC

June 10, 2022

Thank you for your review! We love client suggestions and will always strive to provide excellent features, value and service.

AH

Adam H.  
Director of IT and Security  
Computer Software  
Used the software for: 2+ years

### "Super helpful!"

May 27, 2022

4.0

Pros

Continuum GRC helped was a big part of our initial FedRAMP and SOC 2 audits. Being able to keep files organized year to year is valuable and really streamlines the process of collecting data.

Cons

Some of the UI is not terribly intuitive. It's fine once you get the hang of it, but it would be nice to be a little more user-friendly.

Review Source

Response from Continuum GRC

June 1, 2022

Thank you for your feedback! Our first mission was to be a solid workhorse, and then a show horse. The new "2 clicks to risk reduction" interface, new priorities dashboard and streamlines Control Groups will hopefully improve your experience. We do look forward to your candid feedback. It helps us improve!

AR

Anji R.  
Sr. IT Manager  
Hospitality  
Used the software for: 6-12 months

### "pci dss Assessment"

May 18, 2022

4.0

Very easy to use.

Pros

Easy to use and provided detailed explanation

Cons

Sometimes lost the data after entering . IT should have Auto Save option after going to next question

Review Source

Response from Continuum GRC

May 20, 2022

Thank you for your feedback! While autosave is an integral feature, along with automatic saving when a user's session expires from inactivity in the system, there may be an opportunity to implement a more robust time based autosave as well. Thank you again, and enjoy the power of Continuum GRC. Your Roadmap to Risk Reduction!

TF

Todd F.  
Director, Program Management  
Aviation & Aerospace  
Used the software for: 1-2 years

### "Compliance Game Plan and Architecture"

May 19, 2022

5.0

Pros

Easy to use and comprehensive. Made sure we checked all the blocks, protected our networks, and performed exceptionally well on the audit.

Cons

No real cons, we were able to learn and use the product quickly and it is easy to reference and update.

Review Source

Response from Continuum GRC

May 23, 2022

Thank you for your review! We appreciate your support and look forward to collaborating with your team.

Similar Products

Featured

## Send me user reviews about this product

### Fill out the form and we'll send a list of the top-rated software based on real user reviews directly to your inbox.