ZenGRC
Alle Bewertungen zu ZenGRC Filter anwenden
Nutzerbewertungen zu ZenGRC durchsuchen
Alle Bewertungen zu ZenGRC Filter anwenden
- Branche: Computer-Software
- Unternehmensgröße: 201–500 Mitarbeiter
- Täglich für Mehr als 2 Jahre genutzt
-
Quelle der Bewertung
Mehr Details anzeigen
ZenGRC is a major part of our successful compliance programs
Because it's so well organized we've managed to keep the required staff to manage compliance at a minimum.
Vorteile
I have been using ZenGRC for over two years now and it has been an essential tool helping us get and stay organized when we embarked on gaining a SOC 2 attestation. We have since been through two SOC 2 audits and are using ZenGRC to help us assess and remediate our gaps against ISO 27001.
Nachteile
There's still a some things you have to edit by exporting to CSV, editing in your favorite spreadsheet app, then re-importing, so it would be nice if some of that functionality was built into the UI. That being said, that workflow is actually ideal for some tasks.
Our last audit firm wasn't able to use the app directly for requesting and managing audit evidence so there was a bit of duplication of effort. The ZenGRC team is making some changes to make that better though.
- Branche: Krankenhausversorgung & Gesundheitswesen
- Unternehmensgröße: 201–500 Mitarbeiter
- Täglich für 1-5 Monate genutzt
-
Quelle der Bewertung
Mehr Details anzeigen
Best Governance, Risk and Compliance tool on the market
ZenGRC is the easiest to use, and most flexible, GRC tool on the market. It is simple enough that even small organizations will find it useful, but powerful enough to help the largest of companies. Its power comes from the way it links objects to each other. Controls, objectives, threats, risks, systems, vendors, customers, contracts, etc. are all cross linked to each other. And best of all, Reciprocity has a vast library of compliance standards that are cross-linked. Because of this, you can have a single set of master controls that are linked to PCI, SOC2, HIPAA, HITRUST, NIST, ISO, or whatever other frameworks you are using. Simplifies and "audit once" methodology for companies that deal with many different standards.
Additionally, the risk management capabilities of ZenGRC make it easy to integrate enterprise risk management into your overall compliance program.
There are few pieces of software I can't live without, but ZenGRC is one I'd fight for at any company I joined.
Vorteile
Ease of use
Relationships of objects
Standards library
- Branche: Computer-Software
- Unternehmensgröße: 201–500 Mitarbeiter
- Wöchentlich für 6-12 Monate genutzt
-
Quelle der Bewertung
Mehr Details anzeigen
Great especially for multiple certifications
Great support and team. We've been able to very easily translate a lot of the work we've done for one certification (ISO) to another regime (HIPAA), identify changes and gaps, and be ready for an audit under the new regime.
Vorteile
Helps to map requirements and controls from multiple certification regimes over to others so you don't spend a lot of time duplicating and re-documenting work. You can do certain core things once and have it covered for everything.
Nachteile
The various levels of concepts are bit confusing, especially as some of the frameworks have to be imported, and you have to decide which frameworks to use up front, without a lot of context about what the differences are.
