Likelihood to Recommend Well suited for enterprise architecture modeling where the intent to document elements beyond processes as well, such as risks and controls, KPIs, systems, org charts, etc. It also has the excellent capability of creating custom reports, hence if looking for various views right from summary to detailed, this is a great tool. It is less appropriate for implementing the processes as it is not very strong in BPMN.
Read full review KnowBe4 KCM GRC Platform is well suited for a company that knows what they're doing compliance wise and needs to save time doing it. It won't be something you can spend a few hours on and then put on autopilot. It was made to create a rhythm within your own team, and you'll need to have the buy-in. It's useful for IT and Legal teams that already have a vendor risk management process, but want to have a better handle on it. Giving an outside auditor read-only access to a scope is also a huge time saver.
Read full review Pros Query feature is excellent to extract information in a specific manner. Ability to create custom reports. Collaboration feature is very good. Semantic checks to check validation errors. cloud based central repository. Read full review Mapping controls across different compliance frameworks. It saves you a ton of time and energy! Performing risk assessments at the granularity that you prefer, splitting assessments across departments and teams if you wish. Read full review Cons Defining databases, use of entities and relationship diagrams, define data, like data models, there is still a part they could improve. Providing more standard reports and improving on access rights and privileges functionality Read full review Vendor management has a few kinks to work out. We want to be able to do internal questionnaires for vendors as a compliance checklist before we sign off on a contract. Nothing in the works yet, but there are a few workarounds. The navigation between different tasks in scope is clunky, and it's easy to lose your place, and it forces you back to the main page of the scope to retrace your steps. Read full review Usability I am a BPM and Enterprise Architect Consultant and hence have been using different BPM and EA tools for consulting practice. Until now I have used Opentext Provision EA,Sparx EA, MS Visio and IBM Blueworks. All of the tools used are good and have their own unique features and capabilities. ARIS BPA is widely used by my current organization for different projects.
Read full review Support Rating It has good, even complex functionality that is provided by its library and ability to create relations between items, yet it is not hard to use. Anyone can use it in a short time. It provides reporting abilities and good documentation with the availability of exporting options. The only drawback I have seen was user management/login issues.
Read full review Support from KnowBe4 KCM GRC Platform is always great. It's always in-house localized support, with excellent response times, and dedicated Customer Success Managers to answer the bulk of your questions or take your suggestions and make them a feature request. They will also reach out at least quarterly and do health checks to make sure you're using the platform to the best of your ability.
Read full review Alternatives Considered The Service area, they have been very useful. ARIS suite is covering number of applications. ARIS engine is very powerful and robust. The tool can be configured in many ways which can be beneficial but can be a curse at the same time. As a user, you need to apply this flexibility with care.
Read full review Quantivate and Fusion were the other two options we checked out. The quantity was high, and a good bit more expensive, but it was the best performing with its platform. They also had more modules that each cost extra to add to your subscription. KnowBe4 KCM GRC Platform was all-in-one and a little less mature, but the better buy. Fusion was hard to follow in the demo, and I was not overly impressed. I may have made my decision early enough in the demo to not pay much more attention to it.
Read full review Return on Investment Documentation of processes made it possible for anyone to see who does what, how and using what systems. Dependency on specific people is eliminated. Read full review Just having the capacity to do things the right way, and formally, has driven some of our compliance efforts. Due to licensing limitations, we likely overspent on seats to the platform that we didn't need but also didn't want to miss out on. Read full review ScreenShots KCM GRC Platform Screenshots