Compliance Manager GRC Reviews & Product Details

The most helpful bit about GRC is the step by step process in which it lays out what needs to be done and in what order. It offers help and tutorials for any topic to assist along the way. It is very comprehensive and robust. Review collected by and hosted on G2.com.

The realm of compliance is so involved, even having a great program like GRC, doesn't lighten the burden of becoming compliant. I also wish it provided template policies and procedures that we could whitelabel or customize for each client. Review collected by and hosted on G2.com.

It allows me to work with multiple frameworks, and across multiple organizations. I also like that I can develop custom frameworks for specialized environments. The implementation was straight forward, and it is easy enough to deploy into client environments. Review collected by and hosted on G2.com.

The interface could do with an update. It is very simple to use and clean, but it looks outdated (see screenshot). As for ease of integration, I have been unable to integrate my network discovery tool, which I would like to do. Another feature that would be nice would be the ability to import and evaluate configuration files from switches, AP's, and other hardware. I have only needed to work with Customer Support once, and they were able to answer my questions as well as resolve my issue . Review collected by and hosted on G2.com.

Instead of starting off with Compliance questionnaires, CM-GRC makes use of its long experience with systems analysis and reporting (as it's based on Rapidfire Tools) to create an analysis first methodology for Security assessments.

This allows you to produce immediate results as the LAN/Cloud scans will turn up technical items that need to be addressed while you work on the more prosaic security review questions that are always included in an assessment.

Like many other tools, it allows you to combine standards from a long list of supported options, and consolidates these down into a relatively concise set of questions to answer.

Within the questions, features such as assignments to subject matter experts (internal or external), evidence attachments, and multiple ways to view and export results, make it easier to pace an assessment and track progress.

The questions contain plenty of guidance to understand the right answers and evidence to provide.

Lots of useful reports, graphics, marketing materials, etc for MSSP offerings. The price is right. Review collected by and hosted on G2.com.

Vendor management needs attention; while it offers the ability to list vendors and to send them their own subset of security questions, this covers only non-compliant vendors. When you track compliant or giant vendors (IE Microsoft, Amazon AWS), there's nowhere to manage those vendors. I'd look for an ability to upload compliance docs, selecting the domains which are covered by those vendors in the shared responsibility.

While CM-GRC does integrate with other Kaseya solutions such as ITGlue and Vulscan (and even with a competitor such as Connectwise for ticketing), I'd like to see more integration options. SSO for instance is klugey as you have to create the SSO in KaseyaOne from which you can link to CM-GRC, but not directly in CM-GRC. Review collected by and hosted on G2.com.

It makes managing compliance easier. All of your Kaseya Tools integrate into it and pull all the appropriate information from those tools. VSA X also has a script that will check and deploy the discovery agent so you don't have to worry about missing any workstations. Review collected by and hosted on G2.com.

I don't care for the layout it's to jumbled. Review collected by and hosted on G2.com.

The discovery agents make data collection and understandin very simply. Pro Services is worth doing at least once. Review collected by and hosted on G2.com.

Creating Policies and procedures is not great. There is a process but it is more of a lets create a document that will meet the compliance need but is not actually useful. Review collected by and hosted on G2.com.

Compliance manager grc is very complete. It includes all the frameworks our clients need. It is easy to work on multiple compliance frameworks when their controls overlap. Review collected by and hosted on G2.com.

The flow of the program is not intuitive. Sometimes following the wizard you need to finish a step then go back as new options open up. Review collected by and hosted on G2.com.

Compliance Manager GRC brings a lot of benefits to the table. The continous monitoring aspect with the CIS benchmarks is a very nice addition. The risk management section with the integration from the other Kaseya products such as Vulscan is also extremely beneficial Review collected by and hosted on G2.com.

I would say that there are a couple of opportunities for improvement on the product. Having the ability to have time based key risk indicators would be very helpful. But the biggest one is being able to integrate with other products outside of the Kaseya suite. Review collected by and hosted on G2.com.

The prepopulated policies that can help guide you as soon as you purcahse the tool. Review collected by and hosted on G2.com.

There is just so much work to do to make this effective, but that's true of all GRC systems! Review collected by and hosted on G2.com.

Compliance has come along way in recent years. The UI enhancements have made using the system a lot more manageable and implement and maintain. It allows for several integrations with other Kaseya products that helps to pull in security data. The portals for client and vendor use are also a very powerful tool, though they could use some polish. Review collected by and hosted on G2.com.

The UI has much improved, like mentioned, however It can be challenging to understand the order of operations when introducing new people to the platform. Review collected by and hosted on G2.com.

Auto provisioning of Policies helps alot. Review collected by and hosted on G2.com.

Limited number of Standards it would be helpfull if we could import more Standards which may be Locally important not to say important to all countries but i believe all countries have their own standards and standard bodies which may make this extremely usefull. Review collected by and hosted on G2.com.