Skip to main content
KCM GRC Platform

KCM GRC Platform


What is KCM GRC Platform?

KnowBe4 headquartered in Clearwater offers their governance, risk, compliance platform, the KCM GRC Platform.

Read more
Recent Reviews
Read all reviews
Return to navigation


View all pricing

What is KCM GRC Platform?

KnowBe4 headquartered in Clearwater offers their governance, risk, compliance platform, the KCM GRC Platform.

Entry-level set up fee?

  • No setup fee
For the latest information on pricing, visit


  • Free Trial
  • Free/Freemium Version
  • Premium Consulting / Integration Services

Would you like us to let the vendor know that you want pricing?

1 person also want pricing

Alternatives Pricing

What is Egnyte?

Egnyte provides a unified content security and governance solution for collaboration, data security, compliance, and threat detection for multicloud businesses. More than 16,000 organizations trust Egnyte to reduce risks and IT complexity, prevent ransomware and IP theft, and boost employee…

What is Clear Analytics?

Clear Analytics is a business intelligence solution that enables non technical end users to perform analytics by leveraging existing knowledge of Excel coupled with a built in query builder. Some key features include: Dynamic Data Refresh, Data Share and In-Excel Collaboration.

Return to navigation

Product Details

What is KCM GRC Platform?

The KCM GRC Platform was developed to save users the maximum amount of time getting GRC done. According to the vendor, KCM GRC has a simple, intuitive user interface, easy to understand workflows, a short learning curve, and can be fully functional in a matter of days.

With KCM, users can manage risk and compliance within their organization and across their third-party vendors, while obtaining analytics nto gaps within their security program

The KCM GRC platform consists of the following modules:

    • Compliance Management - Manage and automate compliance and audit cycles.

    • Policy Management - Manage policy distribution and attestation through campaigns.

    • Risk Management - Identify, assess, and monitor risk.

    • Vendor Risk Management - Manage third-party risk and understand at a glance, what items need to be addressed to reduce risk.

Features include:

  • Centralized controls, requirements and evidence libraries

  • Over 30 managed compliance templates

  • Vendor questionnaire and assessment templates

  • Role-based access

  • Automated email reminders for task completion

  • Unlimited support and no cost implementation

KCM GRC Platform Features

Governance, Risk & Compliance Features

  • Supported: Common repository of GRC items
  • Supported: Risk management
  • Supported: GRC policy management

KCM GRC Platform Screenshots

Screenshot of View All Compliance Requirements: View all your compliance requirements with details, descriptions, status, scope, and controls for each requirement.Screenshot of View All Compliance Tasks: The “My Dashboard” view narrows focus to tasks assigned to an individual end user, allowing your entire organization to work together towards compliance.Screenshot of View by Scope and Scope Status Report: Scopes enable you to track multiple projects in one place simultaneously allowing you to provide granular user permissions across each project.Screenshot of View Policy Campaign: See all campaign details and easily keep track of your policy campaign completion percentage and user acknowledgments.Screenshot of View Risk Breakdown and Risk Categories: The Risk Dashboard gives you high-level details on your risk categories and risk score associated with these categories.Screenshot of Easily Add Risks: The Risk Wizard makes it easy for you to create unique organizational risks or import risks from existing spreadsheets to your risk register.Screenshot of Use Pre-built and Customizable Questionnaire Templates: Ensure standard and consistent vendor assessments with pre-built and customizable questionnaire templates. You have the ability to generate assessments in HTML or CSV, depending on your preferred workow.Screenshot of Vendor Details: View all your vendor details in one place to assess and monitor compliance and risk requirements for all your third parties.Screenshot of Vendor Login: Your vendors login to an intuitive portal to upload, import, and complete required questionnaires or to provide their evidence controls.Screenshot of Controls Information and Controls Library: Assign responsibility to individual users, manage testing schedules setting specic dates, and track evidence and requirements in the Controls view.Screenshot of KCM’s Evidence Repository is a central location of all the files and DocuLinks (URLs) created within your account. You have the option to upload evidence directly to KCM (AES256 encrypted) or to provide DocuLinks back to evidence you host on your intranet.Screenshot of Dashboards – Global, by Scope, and User: The global dashboard shows all tasks across the entire organization allowing you to see at-a-glance how your entire organization is doing as you work towards getting compliant and staying compliant. This view can be limited by Scope as well. Each module within KCM has its own dashboard as well.Screenshot of Role-Based Access Control: KCM leverages RBAC for user administration. Your users only get access to the information needed based on different role types. Users can have multiple roles, depending on the implemented modules. There are even auditor roles to provide to outside consultants to review evidence and controls.

KCM GRC Platform Competitors

KCM GRC Platform Technical Details

Deployment TypesSoftware as a Service (SaaS), Cloud, or Web-Based
Operating SystemsUnspecified
Mobile ApplicationNo
Return to navigation


View all alternatives
Return to navigation

Reviews and Ratings


Attribute Ratings


(1-1 of 1)
Companies can't remove reviews or game the system. Here's why
Randy Munroe | TrustRadius Reviewer
Score 8 out of 10
Vetted Review
Verified User
We are currently using the KnowBe4 KCM GRC Platform in IT and in our legal team. There are a few users that are members to be able to submit audit evidence, but they don't have much function outside of that. We're using to perform internal IT-related audits, risk assessments, and vendor management. It's excellent at the first two objectives, giving us a snapshot look at where we stand for various compliance requirements at a glance. It also speeds up our audit times when we have external audits performed.
  • Mapping controls across different compliance frameworks. It saves you a ton of time and energy!
  • Performing risk assessments at the granularity that you prefer, splitting assessments across departments and teams if you wish.
  • Vendor management has a few kinks to work out. We want to be able to do internal questionnaires for vendors as a compliance checklist before we sign off on a contract. Nothing in the works yet, but there are a few workarounds.
  • The navigation between different tasks in scope is clunky, and it's easy to lose your place, and it forces you back to the main page of the scope to retrace your steps.
KnowBe4 KCM GRC Platform is well suited for a company that knows what they're doing compliance wise and needs to save time doing it. It won't be something you can spend a few hours on and then put on autopilot. It was made to create a rhythm within your own team, and you'll need to have the buy-in. It's useful for IT and Legal teams that already have a vendor risk management process, but want to have a better handle on it. Giving an outside auditor read-only access to a scope is also a huge time saver.
Governance, Risk & Compliance (3)
Common repository of GRC items
Risk management
GRC policy management
  • Just having the capacity to do things the right way, and formally, has driven some of our compliance efforts.
  • Due to licensing limitations, we likely overspent on seats to the platform that we didn't need but also didn't want to miss out on.
Quantivate and Fusion were the other two options we checked out. The quantity was high, and a good bit more expensive, but it was the best performing with its platform. They also had more modules that each cost extra to add to your subscription. KnowBe4 KCM GRC Platform was all-in-one and a little less mature, but the better buy. Fusion was hard to follow in the demo, and I was not overly impressed. I may have made my decision early enough in the demo to not pay much more attention to it.
Support from KnowBe4 KCM GRC Platform is always great. It's always in-house localized support, with excellent response times, and dedicated Customer Success Managers to answer the bulk of your questions or take your suggestions and make them a feature request. They will also reach out at least quarterly and do health checks to make sure you're using the platform to the best of your ability.
Return to navigation