anecdotes Reviews

Anecdotes allows me to ingest our tools to show continuous compliance monitoring. It integrates with 90% of our systems like AWS, HR systems, and even most of our security tooling. These integrations serve as the building blocks for control requirements that can then be easily mapped to applicable frameworks (for us SOC 2, HIPAA, PCI, ISO27001, CSA CoC GDPR). They support 26 frameworks in total ATM which is more coverage then many other compliance tools I've looked at.

Favorite feature is called Evidence Pool:

Evidence from integrated tools comes in via API calls and Anecdotes automatically maps the relevant data fields from that system into very accesible table-based views. You can then filter this data for things like exceptions (some that anecdotes has pre-defined for each integration or custom rules if you want to get fancy). Another great use case is using this table to spot check what's actually happening in your systems. All of the connections are read-only. The tool actually gives me visibility to systems I don't neccessarily need direct access to, giving me only the relevent info for compliance.

This tool also does the basic stuff well. Policy management works perfect, you can create custom controls or requirements, you can always resort to uploading screenshots or other document-based evidence to support a control and that's all very intuitive in the system.

Going back to the frameworks --> they are going to map your evidence on the requirement level, NOT, the control level. So for example, you'll have a requirement like "User Access Reviews" and evidence of your choosing will sit in that requirement. From there Anecdotes will do it's best job to map that requirement to controls in ALL the frameworks you have. But what if you have a different scope from framework to framework? You still have the flexibiltity to change the evidence for that control on a framework to framework basis because it doesn't try and tie the actual controls to each other.

The anecdotes team is amazing. The onboarding process is delightful and CSM presence is unmatched from any vendor I've ever used.

I recommend this tool highly if you are running compliance for a SaaS company.

I use the JIRA/Confluence integration in this tool a lot because a ton of audit evidence lives in those systems. Sometimes making a connection to those it can time out when trying to link to a requirement. I notice that it works everytime if I try again immediately.

Audits and continuous monitoring

Anecdotes provides visibility into an information security program while simultaneously allowing complex organizations to customize their experience and controls. As an auditor, it makes evidence collection seamless.

Anecdotes does a great job and continuously adds new features, improving the experience of the product and responding to customer and auditor feedback over time.

As an auditor, it is better to focus on the activities that help truly help clients build trust with their customers vs pushing paper around. Anecdotes helps remove that aspect of an engagement to focus on the right activities.

Seeing multiple compliance frameworks in one place makes both internal and external auditing so much easier - it also helps spot control gaps and remediates them quickly. The Customer Success team is one of the best I have worked with.

Sometimes the software can be slow, but since I have got a new, faster laptop, these problems seem to have been resolved. Each time I have had an issue where something hasn't worked as excepted, it has been resolved very quickly.

As an InfoSec Compliance team of 1, time is precious. Automating the compliance controls has freed up some much-needed time to focus on building out and improving other security programs across the business.

the ability to export the data automatically

Sometimes the software gets a little stuck

Shortening times and a particularly convenient way of working

As an auditor, it is the most straightforward tool to manage the audit.

Our audit clients share evidence through this tool, which is very easy.

The strong point of Anecdotes is the fastest of adding new features and new plug-ins

Anecdotes have to be more mature and develop their SOX IT module.

Anecdotes managed all security and privacy compliance aspects and regulations.

They present everything on their platform and save a lot of time for me and for my clinets.

The convenient and effective user interface, a large number of supported compliance programs, continuous improvement and innovation

I don't see any downsides while using the solution

Ongoing and operational issues maintenance. The vendor is currently processing neither major nor significant operational issues.

Simplicity of Risk Manger, approachable, professional and more...

Any issues that we had were taken care of by them very quickly.

Risk monitoring

This is a tool that is very easy to use, the user experience is great. I also like the different applications, it is great that we can do many different tasks in one place.

I haven’t seen anything that I don’t like.

We are using anecdotes to build out the foundation of our compliance program. The automation is saving us a lot of manual work.

I liked the organization that the system does, the fact that it makes it very easy for the customer and does not require a lot of work from him.

Generic frameworks that do not always fit the framework of the examining firm

The system solves the problem of collecting and uploading the evidence and thus saves a lot of work time.

Once we connected the plugins (was straightforward), the platform automatically collected the evidence and flagged gaps that we had. This allowed me to get working on our foundation very quickly and made us more secure overall

So far I haven't identified something I don't like. Whenever I had any question I spoke with the customer success team that was responsive and helpful

We got anecdotes to help us with our SOC 2 and to grow our compliance plan