KnowBe4’s New GRC Platform Takes the Bite out of Risk Management

SaaS-based governance, risk and compliance platform defeats the business disruption caused by complex GRC initiatives

KnowBe4, the provider of the world’s largest security awareness training and simulated phishing platform, today announced that it has released a new, updated SaaS-based GRC platform featuring compliance management, policy management and risk management.

Most organizations leverage spreadsheets, documents and/or collaboration portals, as well as email threads and individual calendars to manage their GRC initiatives. These practices are inefficient, error prone, costly, and present greater risk to the organization.

“KCM GRC allows organizations to eliminate the business disruption caused by the dreaded audit cycle, keep key employees focused on important work as opposed to sitting in meetings, and enable visibility into compliance and risk initiatives at all levels of the business,” said Stu Sjouwerman, CEO, KnowBe4. “It’s intuitive, easy to use and affordable. We’ve rounded out the requirements of what it takes to successfully manage GRC in a more convenient way.”KCM-GRC-LOGO

All organizations follow some type of regulation. Many need to comply with PCI-DSS, but often that is combined with other regulations such as HIPAA. Even if an organization is not required by law to comply with any regulations, there may be a need to follow an internal risk framework, internal policies & procedures, or an industry best practices framework such as NIST* or CIS**. Managing compliance for one regulation or framework is time consuming. Having multiple regulations becomes impractical to manage without automation.

Additionally, managing policy distribution and tracking attestation can be a challenging and time-consuming process.

KCM’s risk management workflow is simple: identify the risk, respond to the risk and monitor the risk. The KCM risk workflow is based on the well-recognized NIST 800-30 and integrates with the compliance features by allowing compliance or audit gaps to be escalated to the risk register. It identifies, assesses and monitors risk as well as gaps within organizations’ security programs.

For more information on KCM GRC, please visit

About KnowBe4

KnowBe4, the provider of the world’s largest integrated security awareness training and simulated phishing platform, is used by more than 20,000 organizations worldwide. Founded by data and IT security expert Stu Sjouwerman, KnowBe4 helps organizations address the human element of security by raising awareness of ransomware, CEO fraud and other social engineering tactics through a new-school approach to security awareness training. Kevin Mitnick, internationally recognized computer security expert and KnowBe4’s Chief Hacking Officer, helped design KnowBe4’s training based on his well-documented social engineering tactics. Tens of thousands of organizations worldwide trust KnowBe4 to mobilize their employees as their last line of defense.

Number 96 on the 2018 Inc. 500 list, #70 on 2017 Deloitte’s Technology Fast 500 and #2 in Cybersecurity Ventures Cybersecurity 500. KnowBe4 is headquartered in Tampa Bay, Florida with European offices in England, the Netherlands, Germany and offices in South Africa and Singapore.

*NIST: National Institute of Standards and Technology

** CIS: Critical Infrastructure Cybersecurity

Get the latest about social engineering

Subscribe to CyberheistNews