KnowBe4 KCM GRC Platform (discontinued) vs. SAI360

KnowBe4 KCM GRC Platform is well suited for a company that knows what they're doing compliance wise and needs to save time doing it. It won't be something you can spend a few hours on and then put on autopilot. It was made to create a rhythm within your own team, and you'll need to have the buy-in. It's useful for IT and Legal teams that already have a vendor risk management process, but want to have a better handle on it. Giving an outside auditor read-only access to a scope is also a huge time saver.

Incentivized

The usage of ROAM, as well as the integration of external programmes through API and import functions, has almost reduced duplication of work. One thing to keep in mind is that your use cases must be very clear. There are a lot of SAI solutions, and their titles don't always correspond to what they actually perform.

Incentivized

• Mapping controls across different compliance frameworks. It saves you a ton of time and energy!
• Performing risk assessments at the granularity that you prefer, splitting assessments across departments and teams if you wish.

Incentivized

• Customized unified design platform
• Modules that fit your organization
• Low technology involvement with information department.
• Built on foundational platforms some bidirectional in the ERM framework with TPRM contracts
• Single sign-on web-based applications

Incentivized

• Vendor management has a few kinks to work out. We want to be able to do internal questionnaires for vendors as a compliance checklist before we sign off on a contract. Nothing in the works yet, but there are a few workarounds.
• The navigation between different tasks in scope is clunky, and it's easy to lose your place, and it forces you back to the main page of the scope to retrace your steps.

Incentivized

• Reporting
• Legacy modules (i.e. tasks)
• Look and feel
• Intuitive UI

Overall it is a very versatile system that does help to keep our processes automated and secure. We are able to streamline our day to day activities.

Incentivized

Support from KnowBe4 KCM GRC Platform is always great. It's always in-house localized support, with excellent response times, and dedicated Customer Success Managers to answer the bulk of your questions or take your suggestions and make them a feature request. They will also reach out at least quarterly and do health checks to make sure you're using the platform to the best of your ability.

Incentivized

Quantivate and Fusion were the other two options we checked out. The quantity was high, and a good bit more expensive, but it was the best performing with its platform. They also had more modules that each cost extra to add to your subscription. KnowBe4 KCM GRC Platform was all-in-one and a little less mature, but the better buy. Fusion was hard to follow in the demo, and I was not overly impressed. I may have made my decision early enough in the demo to not pay much more attention to it.

Incentivized

Archer was very similar to SAI360 in cost and features. Has a more modern look and feel and more task functionality. The price point was very similar. Didn't choose them as our existing usage is in an On-Prem version and support from our in-house IT team was not able to be obtained. MetricStream was very modern looking with an intuitive UI. Appeared to have all the features with a number of additional bells and whistles. The price point was far above our budget and we could not get approval to move them to the RFP.

• Just having the capacity to do things the right way, and formally, has driven some of our compliance efforts.
• Due to licensing limitations, we likely overspent on seats to the platform that we didn't need but also didn't want to miss out on.

Incentivized

• The system is costly for the initial setup
• Does help to mitigate risk and keep the vendors and internal departments from becoming non-compliant.
• One license for all users
• Easy to manage employee's security access

Incentivized