Resources

Organizations often navigate duplicative requests and inefficient procedures when confronting GRC (Governance, Risk, and Compliance) audits. Compliance teams must locate paperwork for each control and ensure policies are enforced – a cumbersome project when attempted without professional help. This is where ZenGRC and its partners come in.  

ZenGRC bridges the gap between GRC teams and auditors, allowing them to communicate effectively through an easy-to-use platform that clearly displays all risks, controls, and procedures in a single source of truth. This simplifies audits into a pain-free process. With ZenGRC and strategic audit and GRC partners, the audit process becomes a cohesive effort supported by experts. 

Introducing Our Partners 

360 Advanced is a leading independent audit firm conducting audits and offering customized GRC consulting aligned with each business’s individual needs. 360 Advanced helps clients reach their GRC goals by addressing control needs and identifying risks before they are realized.  

Steel Patriot Partners is a third-party GRC firm providing organizations without dedicated GRC teams with expert practice. With over 25 years of experience helping clients implement controls and procedures, Steel Patriot Partners can help any client become compliant with all cybersecurity frameworks. 

A Synergistic Partnership 

Without ZenGRC, there is often a communication gap between auditors and GRC teams. “If a customer does not have a GRC tool, we automatically implement ZenGRC,” says Amy Ford, COO of Steel Patriot Partners. “One of the great features is allowing auditors to get access to ZenGRC; that way, my team doesn’t have to provide a package. We just tell the auditor everything they need is in ZenGRC.”  

When Mountain Lake Associates (MLA), an administrative services organization in the healthcare industry, needed help implementing their GRC requirements, they turned to Steel Patriot Partners – and began using ZenGRC.  

Scott Gould, CEO of Mountain Lake Associates, says, “I regard GRC knowledge as highly specialized. I needed Steel Patriot Partners and ZenGRC to focus on the GRC aspect, so that I could focus on what I do best, which is the administration and support of patient-oriented healthcare.” 

Auditors, too, are slowed down when controls are ineffective, and evidence collection becomes a laborious process of searching through shared drives. Eric Ratcliffe, Director of Compliance Strategy at 360 Advanced, expands on these difficulties from the auditor’s perspective, saying “As an auditor, we must look at it from a risk perspective. Higher risk means we have more uncertainty, the chance that the client is not well prepared, and the chance that the client has been ill-advised. Our comfort level drops quite a bit when we know that we can’t rely on other trusted, vetted parties.”  

Fortunately, this wasn’t the case for Mountain Lake Associates and Steel Patriot Partners when it was time for 360 Advanced to conduct their independent audit; the process was smooth and pain-free thanks to ZenGRC. Eric Ratcliffe elaborated on the benefits of having clients use ZenGRC, saying, “By the time the audit gets to us, ZenGRC streamlines communications and reduces any problem areas. We want a happy client and ZenGRC helps us improve our efficiencies and reduce duplicative requests.”  

Through this impressive collaboration between Steel Patriot Partners, 360 Advanced, and ZenGRC, Mountain Lake Associates was able to achieve a rigorous HITECH SOC-2 certification on their first audit – a feat that typically takes 2-3 times to complete.  

This is the benefit of ZenGRC as a trusted tool, vetted by GRC experts, and dedicated to being partner-friendly. ZenGRC allows auditors to have a higher degree of comfort with visibility into all evidence for controls and how they tie back to framework requirements, all in a central location. No more spreadsheets, no more hassle.