ZenGRC
About ZenGRC
ZenGRC by Reciprocity helps businesses of all sizes build a scalable compliance program and monitor assessment activities from a single interface. The application enables audit and compliance managers to reduce compliance failure and brand risks. The solution is used by various industries including retail, consumer goods, technology, utilities, finance, and healthcare.
ZenGRC offers features such as compliance automation, intuitive user interface, pre-loaded content, control mapping, and single sign-on. The workflow module of the application allows users to automate compliance related processes such as approvals, reviews, status tracking of control implementations, and compliance scheduling. The solution also offers an audit module that helps managers to report compliance status and collect evidence to comment on controls.
ZenGRC’s policy and contract management features enable organizations to streamline their compliance efforts and centralize the assessments process. The solution also provides pre-loaded content on HIPAA, COSO, COBIT 5, SOC 1/ 2/3, and ISO/IEC compliance. The content is updated on a regular basis and users receive upgrades to meet the latest compliance standards. ZenGRC supports team collaboration and allows managers to set up workflows for effective team management.
ZenGRC provides single sign-on options by integrating with Google Drive and other identity and access management tools such as OneLogin, Okta, Microsoft Active Directory, and PingOne. The solution also integrates with JIRA to track the status of compliance activities. Other features offered by ZenGRC include risk assessment surveys, control metrics, consolidated content, risk registry, and dashboards.
Key benefits of ZenGRC
• ZenGRC provides an intuitive user interface to help businesses manage compliance programs themselves without using the services of third-party professional consultants.
• ZenGRC offers a customizable dashboard that enables risk and compliance managers to view risk heat maps, 360-degree audit reports, and evidence collection reports.
• The solution has a risk registry feature that lets users view information related to previously identified risk controls such as risk scoring, mitigating controls, ownerships, and mitigation efforts.
• ZenGRC enables users to design risk assessment surveys to collect relevant information points from various stakeholders during the assessment process.
• The application offers reporting capabilities that help users to download reports and view data from different angles by using slicing and dicing tools.
Images
Not sure about ZenGRC?
Compare with a popular alternative
Starting Price
Pricing Options
Features
Integrations
Ease of Use
Value for Money
Customer Service
Alternatives
NAVEX IRM (formerly Lockpath)
Optimum Control
LogicGate Risk Cloud
Onspring
Reviews
Already have ZenGRC?
Software buyers need your help! Product reviews help the rest of us make great decisions.
- Industry: Computer Software
- Company size: 1,001–5,000 Employees
- Used Daily for 1-5 months
-
Review Source
Overall rating
- Value for Money
- Ease of Use
- Customer Support
- Likelihood to recommend 10.0 /10
Logical and minimal approach to GRC saves time!
Reviewed on 2018/05/21
One of the biggest benefits that has made a huge impact is the time savings we've achieved in our...
One of the biggest benefits that has made a huge impact is the time savings we've achieved in our IT Security group by using ZenGRC. Our old email/spreadsheet process would be a multi-week process, cause confusion every audit and often get us lost in the weeds of details when we needed to be focusing on the auditors. The first audit we ran through ZenGRC saved us literally a full week of time that would have been dedicated to reviewing evidence submission via email and spreadsheets. Having ZenGRC in place allowed us to put multiple review points in place BEFORE the evidence came to our group for review practically eliminating the requirement of follow-up request corrections.
Pros
ZenGRC brings all the tools you need to run a successful GRC program to the table in a clear, concise and minimalist package that's nimble and efficient. Our company had been utilizing the old method of email/spreadsheets and was getting lost in the weeds even on the smallest of audits and struggling to keep up each year to stay ahead. Our evaluations with other tools fell flat, didn't meet our requirements or introduced complexity. Our evaluation of ZenGRC started with skepticism, but quickly turned positive once we realized how logically organized the system was on the back-end. During our testing period, we were able to quickly create a Sarbanes-Oxley program, using both their template import and the GUI, in a matter of days. Since that time only a few short weeks ago we have now almost completed a full internal audit of our SOX program, complete with evidence collection and control evaluations. Our rough estimate has us gaining back a full week of time from previous audits last year and year prior using the old email/spreadsheet method. We are now rolling out an ISO27001, SOC2 and internal security control framework on the heels of the SOX success.
Cons
As with any SaaS from a small company that is new to market (less than 5 years), there are aspects of the tool that require some creative thinking and clever workarounds. This is not necessarily a dislike in my opinion, however less technical individuals may find this aspect difficult or troublesome. ZenGRC staff do redeem themselves on this front as they're quick to respond to feature requests and have already implemented several suggestions our team has submitted. Since starting to use the product, they have continually updated the product with new features, fixes and updates to existing functionality.
- Industry: Telecommunications
- Company size: 1,001–5,000 Employees
- Used Daily for 2+ years
-
Review Source
Overall rating
- Value for Money
- Ease of Use
- Customer Support
- Likelihood to recommend 9.0 /10
Practical and straightforward approach to GRC Management
Reviewed on 2020/06/02
PCI Assessments became more efficient with Objects, Controls, Requests, and Evidence migrated from...
PCI Assessments became more efficient with Objects, Controls, Requests, and Evidence migrated from spreadsheets and disparate file repositories to one system with relational mapping. Mapping Risks to our Vendors and Vulnerability management programs provides a holistic view of our security posture.
Pros
The ease of use and administration is well balanced with the functionality needed in a GRC tool. ZenGRC gets the job done without being overly complicated.
Cons
To meet our Privacy and Data Governance requirements, we initially deployed on-premises. However, soon after that, we found that software upgrades required significant IT involvement. Also, the technical specifications to continue to host on-premises did not align with our internal standards. We had to re-assessing our risk in storing sensitive information off-site. After performing more stringent due diligence of ZenGRC as a vendor, we migrated to ZenGRC cloud-hosted. Our preference would have been to remain on-premises with better upgrade automation that ZenGRC Administrators could perform within the user interface.
- Industry: Accounting
- Company size: 501–1,000 Employees
- Used Weekly for 2+ years
-
Review Source
Overall rating
- Value for Money
- Ease of Use
- Customer Support
- Likelihood to recommend 6.0 /10
Great tool for startups
Reviewed on 2023/12/20
Pros
ease of implementation and customer service
Cons
was not able to mature with the our growth
- Industry: Insurance
- Company size: 5,001–10,000 Employees
- Used Daily for 1+ year
-
Review Source
Overall rating
- Value for Money
- Ease of Use
- Customer Support
- Likelihood to recommend 10.0 /10
Powerful, extensible, and easy to use software. Excellent support and product roadmap.
Reviewed on 2019/11/08
We're facilitating internal audits with ZenGRC, and the software does a great job of it.
We're facilitating internal audits with ZenGRC, and the software does a great job of it.
Pros
The ZenGRC solution streamlines conducting internal audits. Auditors can easily set up control frameworks (tons of templates are provided, which is very helpful), evidence requests, assign them to auditees, and review the evidence submitted. Auditees can easily provide feedback, ask questions, and submit evidence for review. The workflows ZenGRC supports are both incredibly accessible and very powerful. ZenGRC actively listens to customers and has actually incorporated a number of suggestions I (and other customers) have made. I'm excited to see what they'll develop in the future.
Cons
The ZenGRC solution is fantastic, and all the complaints I had 1.5 years ago have been resolved, and my expectations exceeded. I wish the vendor/third party management module was receiving more attention, sooner, but the roadmap for its development has been conveyed to me, and I understand the timing. I wish there was a licensing model which was not tied to user counts, which would enable us to do even more with the product.
- Industry: Computer Software
- Company size: 11–50 Employees
- Used Weekly for 1+ year
-
Review Source
Overall rating
- Value for Money
- Ease of Use
- Customer Support
- Likelihood to recommend 10.0 /10
ZenGRC Delivers Compliance and Automation
Reviewed on 2017/11/10
The immediate benefits are streamlining of processes and simplification of evidence collection. ...
The immediate benefits are streamlining of processes and simplification of evidence collection. What used to be a multi-step JIRA project with a manual review, then publishing to a separate project where our auditors could view the evidence, is now a simple workflow. This is a huge timesaver and makes the audit process as painless as possible.
Pros
Simple, easy to use, despite managing complex workflows and multiple audits across ,multiple teams. Easy to import specific controls and modify existing control sets to meet our needs as necessary. Audit readiness dashboard is critical as you prepare for new compliance initiatives or are questioned on "how difficult" it would be to be to become compliant with a specific regulation or framework to close a deal.
Cons
The JIRA integration is improving in significant ways, however the complexity and manner with which we implemented JIRA makes an effective integration difficult and as a result the immediate integration is not as useful as we would like to see. That being said, the two-way sync has made a dramatic improvements, and for most customers, the existing integration is likely more than sufficient.
ZenGRC FAQs
Below are some frequently asked questions for ZenGRC.Q. What type of pricing plans does ZenGRC offer?
ZenGRC offers the following pricing plans:
- Starting from: US$2,500.00
- Free Trial: Not Available
Please contact RECIPROCITY for pricing details.
Q. Who are the typical users of ZenGRC?
ZenGRC has the following typical customers:
2–10, 11–50, 51–200, 201–500, 501–1,000, 1,001–5,000
Q. What languages does ZenGRC support?
ZenGRC supports the following languages:
English
Q. Does ZenGRC support mobile devices?
ZenGRC supports the following devices:
Q. What other apps does ZenGRC integrate with?
ZenGRC integrates with the following applications:
Amazon S3, Box, Google Drive, Jira, Microsoft SharePoint, Okta, OneDrive, OneLogin, ServiceNow, Slack, Tableau, Tenable.io
Q. What level of support does ZenGRC offer?
ZenGRC offers the following support options:
Email/Help Desk, FAQs/Forum, Knowledge Base, Phone Support, Chat
Related categories
See all software categories found for ZenGRC.