From Complexity To Compliance
When managing hundreds of global vendors and navigating their ISO 27001 certification became overwhelming, Bazaarvoice sought a better way. By implementing ZenGRC at the beginning of 2024, they simplified their audit workflows and compliance documentation management while maintaining their customized GRC practices.
“The dashboards are great for gathering the data that I need to present to leadership. “
Lori Anderson – GRC Manager, Bazaarvoice
About Bazaarvoice
What began as a simple ratings and reviews platform, Austin-based software company Bazaarvoice transformed into an industry-leading powerhouse that harnesses the full spectrum of user-generated content.
Through recent acquisitions of Affable and Granify, they have expanded their services to include user-generated content syndication, advanced analytics, and influencer-to-retailer connections. With this explosive growth comes a critical challenge: safeguarding an ever-expanding data ecosystem through robust compliance and risk management practices.
Having recently completed their second ISO 27001 surveillance audit; the company is now preparing for a full recertification under the ISO 27001:2022 standard. Their GRC team functions as internal auditors while providing consultative feedback for teams across the organization.
Breaking Free From Spreadsheet-Based Compliance
Bazaarvoice’s GRC team struggled with managing their ISO 27001 compliance and vendor management processes through spreadsheets and Word documents. “We were constantly searching through multiple documents and multiple areas of storage for evidence items,” explains Chris Hidalgo, GRC Analyst at Bazaarvoice. The team needed a centralized solution to track findings, manage work, and report to leadership effectively – and found ZenGRC to be the right fit.
Transforming Audit Management
ZenGRC has provided Bazaarvoice with a database-driven approach to managing their compliance programs, including tracking audit statuses and metrics. “We’re getting the data in there to have that history to call up for other audit-related projects much faster than usual,” notes Hidalgo.
When transitioning their vendor management process to ZenGRC, the import/export features proved invaluable, enabling them to quickly migrate vendor data and questionnaires without disrupting ongoing processes. As Hidalgo shares, “The import/export features of Zen are powerful and much easier than I anticipated.”
For their ISO certification process, they create comprehensive audit records and use the platform as a request repository, importing controls and tracking evidence requests to mirror their external audit processes.
Achieving Enhanced Visibility and Control
ZenGRC’s reporting capabilities have transformed how Bazaarvoice manages and presents their compliance and vendor data to executives and key stakeholders. “The dashboards are great for gathering the data that I need to present to leadership,” notes Lori Anderson, GRC Manager at Bazaarvoice.
The team has experienced notable improvements in faster data recall, enhanced visibility into control effectiveness, streamlined vendor onboarding, and improved reporting capabilities.
Hands-On Guidance From The ZenGRC Team
The partnership has proven particularly valuable due to the responsive support they have received. As Hidalgo notes, “The support has been very hands-on, which is surprising given how long we’ve been onboarded. Nothing seems like too much of an ask for ZenGRC.”
This combination of powerful functionality and exceptional support has enabled Bazaarvoice to establish a more efficient and organized approach to managing their compliance and vendor relationships, setting a strong foundation for their ongoing ISO 27001 certification efforts.