We are currently using the KnowBe4 KCM GRC Platform in IT and in our legal team. There are a few users that are members to be able to submit audit evidence, but they don't have much function outside of that. We're using to perform internal IT-related audits, risk assessments, and vendor management. It's excellent at the first two objectives, giving us a snapshot look at where we stand for various compliance requirements at a glance. It also speeds up our audit times when we have external audits performed.