KnowBe4 KCM GRC Platform: Close to the best with the best value.
Rating: 8 out of 10
IncentivizedUse Cases and Deployment Scope
We are currently using the KnowBe4 KCM GRC Platform in IT and in our legal team. There are a few users that are members to be able to submit audit evidence, but they don't have much function outside of that. We're using to perform internal IT-related audits, risk assessments, and vendor management. It's excellent at the first two objectives, giving us a snapshot look at where we stand for various compliance requirements at a glance. It also speeds up our audit times when we have external audits performed.
Pros
- Mapping controls across different compliance frameworks. It saves you a ton of time and energy!
- Performing risk assessments at the granularity that you prefer, splitting assessments across departments and teams if you wish.
Cons
- Vendor management has a few kinks to work out. We want to be able to do internal questionnaires for vendors as a compliance checklist before we sign off on a contract. Nothing in the works yet, but there are a few workarounds.
- The navigation between different tasks in scope is clunky, and it's easy to lose your place, and it forces you back to the main page of the scope to retrace your steps.
Likelihood to Recommend
KnowBe4 KCM GRC Platform is well suited for a company that knows what they're doing compliance wise and needs to save time doing it. It won't be something you can spend a few hours on and then put on autopilot. It was made to create a rhythm within your own team, and you'll need to have the buy-in. It's useful for IT and Legal teams that already have a vendor risk management process, but want to have a better handle on it. Giving an outside auditor read-only access to a scope is also a huge time saver.
RM
Randy Munroe
Information Security Analyst in Information Technology at Randall-Reilly (201-500 employees)
Vetted Review
2 years of experience