General summary
Provides a security questionnaire and vendor due diligence information exchange to help reduce the operational overhead of traditionally manual and point in time assessments.
UpGuard is an end-to-end third-party risk management platform with best-in-class time-to-value and scalability from initial implementations to beyond.
UpGuard delivers powerful, integrated tools for automated third-party monitoring, in-depth risk assessment and remediation, and one-click reporting.
By combining actionable insights with built-in risk management workflows, UpGuard helps organizations maintain comprehensive oversight of their supply chain security posture and equips them with the necessary tools to shut down emerging risks rapidly.
UpGuard delivers powerful, integrated tools for automated third-party monitoring, in-depth risk assessment and remediation, and one-click reporting.
By combining actionable insights with built-in risk management workflows, UpGuard helps organizations maintain comprehensive oversight of their supply chain security posture and equips them with the necessary tools to shut down emerging risks rapidly.
Bitsight is a cybersecurity ratings platform that continuously monitors organizational and vendor security postures. It collects and analyzes data from multiple sources—including botnet and malware intelligence—to offer evidence-based risk insights. Bitsight also integrates with GRC and TPRM workflows, allowing teams to proactively mitigate threats across their extended supply chain. However, Bitsight’s pricing structure can complicate scalability.
SecurityScorecard is a cybersecurity ratings platform that monitors external-facing vendor networks. It aggregates risk signals from various sources to produce vendor security ratings. SecurityScorecard integrates with SIEM and GRC tools and provides insights that mitigate supply chain attacks. However, risk assessment workflows are managed separately via the Atlas module, which can lead to fragmented processes that could delay vendor assessment delivery and impact program efficiency
RiskRecon specializes in external security monitoring and asset attribution with strong accuracy and strong cloud scanning capabilities, which are particularly valuable for IT-centric organizations. Owned by Mastercard, RiskRecon has stable financial backing and solid scanning accuracy. However, it remains primarily focused on external scan strengths and takes a partnership-first approach to TPRM workflows.
Key strengths
UpGuard excels by completing full vendor scans every 24 hours, which provides near real-time visibility into vendor security postures while seamlessly integrating native end-to-end AI-powered vendor assessment workflows.
UpGuard's licensing model and efficient learning curve offer best-in-class time to value and program efficiency.
UpGuard's licensing model and efficient learning curve offer best-in-class time to value and program efficiency.
In addition to risk monitoring, Bitsight employs analytical forecasting to estimate future security trajectories. It integrates with platforms like ServiceNow, JIRA, and PowerBI to suit more advanced workflows. This network of partnerships, coupled with strong institutional acceptance, reinforces Bitsight’s profile with complex organizations.
SecurityScorecard covers an extensive range of cyber intelligence, drawing from open, proprietary, and dark web sources to identify vendor security risks and assess IP reputation risks. SecurityScorecard’s well-known A–F letter grade system makes it approachable for executives and large enterprises.
RiskRecon provides a notably accurate external scanning solution and offers practical remediation guidance. It even prioritizes vulnerabilities by asset value for IT teams.
Key weaknesses
UpGuard's focus on core frameworks like ISO 27001 and NIST offers robust coverage for most security and compliance needs, though organizations requiring highly specialized or region-specific regulations may choose to augment it with dedicated GRC modules.
Its strengths in cybersecurity and continuous monitoring ensure strong TPCRM capabilities, but those seeking an all-encompassing governance solution (e.g., covering environmental or privacy regulations) might benefit from additional integrations.
Its strengths in cybersecurity and continuous monitoring ensure strong TPCRM capabilities, but those seeking an all-encompassing governance solution (e.g., covering environmental or privacy regulations) might benefit from additional integrations.
Bitsight's pricing structures can quickly escalate operational expenses for TPRM programs and create complicated decisions regarding the extent of risk visibility that can be deployed for vendors within a supply chain. Customers additionally cite attribution challenges for risks and assets within shared IP and cloud environments, which require support request submissions to address.
Monitoring and assessment capabilities are also separately licensed, which may increase purchasing complexity and limit end-to-end coverage to several vendors within supply chains.
SecurityScorecard's staggered scan cycles disrupts real-time vendor security posture visibility. IP attribution issues are also cited as common scanning problems.
Additionally, vendor monitoring and risk assessments are licensed separately, which may increase purchasing complexity and limit coverage of end-to-end visibility of supply chain vendors
RiskRecon takes a partnership and integration-first approach to vendor assessment workflows. This necessitates the adoption of an additional solution provider to achieve an optimal assessment experience, as supported by the RiskRecon platform.
Usability and learning curve
Risks detailed on point-in-time vendor assessment coupled with continuous monitoring of inherent risk, threat intelligence, and risk scoring. The exchange model forces more frequent point in time assessments, as many as 2-3 times each year.
UpGuard offers best-in-class time to value for initial implementations.
UpGuard's platform architecture is designed from the ground up to deliver a quick and shallow adoption curve. UpGuard's clean and intuitive interface ensures ease of ongoing operation and rapid pick-up from new staff members as needed.
UpGuard's platform architecture is designed from the ground up to deliver a quick and shallow adoption curve. UpGuard's clean and intuitive interface ensures ease of ongoing operation and rapid pick-up from new staff members as needed.
Bitsight is generally intuitive for professionals familiar with security ratings, with an interface offering clear vendor risk summaries. However, some advanced features require more expertise and time to leverage effectively, particularly when deploying Bitsight's separate modules for monitoring and risk assessments.
SecurityScorecard's dashboards and clear A-F grading help non-technical stakeholders quickly grasp vendor risk exposure. However, some users report multiple drill-down steps required to reach specific risk insights, which could lengthen new user learning curves
RiskRecon is focused on delivering clear, actionable findings for IT and SecOps-centric security teams with a clean interface for surfacing and remediating risks. While its limited scope of purely external scan data can simplify usage, complications can quickly arise for those integrating RiskRecon with a partner provider for assessment workflows.
Customer support
ProcessUnity (formerly CyberGRX) offers extensive community support sharing best platform and program practices via regularly updated podcasts, webinars, whitepapers, and strategic partnerships.
Known for world-class support across all tiers and customer-friendly guidance, UpGuard delivers proactive and prompt engagement to resolve customer issues quickly. Dedicated teams assist with both technical and strategic TPRM challenges.
Bitsight provides reputable support, particularly for large enterprises with dedicated account teams. Smaller organizations may experience less responsiveness and find self-service documentation limited.
Generally supportive for enterprise levels, with a community of free users. However, customers at lower licensing tiers report slower responses and less personalized support.
RiskRecon offers stable support with detailed product documentation and guides available.
Pricing and support
ProcessUnity (formerly CyberGRX) lists typical engagements as starting at around $120,000 USD. This includes validated assessments data, and unlimited access to the CyberGRX Exchange.
UpGuard offers a freemium package for monitoring up to 5 vendors.
Also provides free access to an AI-powered vendor questionnaire management tool, Trust Exchange.
Pricing starts at USD 1,599 / month.
A 14-day free trial for paid plans is also available.
Also provides free access to an AI-powered vendor questionnaire management tool, Trust Exchange.
Pricing starts at USD 1,599 / month.
A 14-day free trial for paid plans is also available.
Public pricing is not available. Does not publically offer a free trial.
Public pricing information is not available. Offers a free plan and a 14-day free trial for paid plans.
Public pricing is not available. Does not publically offer a free trial.
API and Integrations
ProcessUnity (formerly CyberGRX) offers a fully functional bidirectional API.
UpGuard provides a well-documented API enabling custom integrations, webhooks, and automation across common security and GRC tools. Its extensibility is straightforward, designed for rapid deployment and minimal setup friction. UpGuard also connects with over 4,000+ apps through a dedicated Zapier integration.
Streamlines remediation and monitoring by natively integrating with Jira, Service Now, and Slack.
Streamlines remediation and monitoring by natively integrating with Jira, Service Now, and Slack.
SecurityScoreCard offers an extensive marketplace of integrations with security, GRC, and workflow platforms. However, integrations tend to primarily focus on score visibility in other platforms rather than workflow extensibility. Offers integrations with several third-party platforms, such as RSA Archer, ServiceNow, and more.
SecurityScoreCard offers an extensive marketplace of integrations with security, GRC, and workflow platforms. However, integrations tend to primarily focus on score visibility in other platforms rather than workflow extensibility. Offers integrations with several third-party platforms, such as RSA Archer, ServiceNow, and more.
RiskRecon features basic integration options for exporting findings and connecting with ticketing systems or GRC solutions. Offers integrations with GRC platforms, such as RSA Archer, Sigma Ratings, Whistic, and more.
Customers
Major customers include Medibank Private, Mass Mutual, QBE, Solix, and McAfee.
Major customers include The New York Stock Exchange (ICE), Morningstar, TDK, PagerDuty, Hopin, and IAG.
To learn more, read UpGuard’s customer stories.
To learn more, read UpGuard’s customer stories.
Major customers include Optus / Singtel, The University of North Florida, Snam, and PROSA.
Major customers include Symantec, Pepsico, Two Sigma, and Stony Brook University.
Major customers include Informatica, Tufts Health Plan, the University of San Francisco, and Sentara.
G2 rating
Accurate as of March 2025
4.5, based on 19 reviews.
4.5, based on 383 reviews. Named a G2 Market Leader for Third Party & Supplier Risk Management Software.
4.6, based on 44 reviews.
4.2, based on 75 reviews.
4.5, based on 2 reviews.
Predictive capabilities
Checks identified risk vectors such as phishing, ransomware susceptibility (like WannaCry), man-in-the-middle attacks, DNSSEC, vulnerabilities, email spoofing, domain hijacking, and DNS issues. Data breach incidents are captured, and notice is provided via the exchange.
As UpGuard checks for misconfigurations across your Internet footprint, many important breach vectors are covered, including phishing, ransomware susceptibility (like WannaCry), man-in-the-middle attacks, DNSSEC, vulnerabilities, email spoofing, domain hijacking, and DNS issues. Data leaks are automatically surfaced by the platform for your team to assess and close before they become breaches.
Bitsight is widely recognized for malware and botnet reporting, though attribution to hosting providers or shared IP ranges can lead to accuracy challenges requiring correction support.
SecurityScorecard utilizes active and passive data collection methods that are publicly available. The data collected provides indicators of risk relating to open ports, DNS, HSTS, SSL (and more) that are processed via their proprietary algorithm to produce individual security ratings.
Allows users to implement a baseline configuration within the RiskRecon portal to match risk structures being used to manage enterprise and third-party risk. Risks monitored provide visibility into email security, application security, network filtering, and more.
Security rating
950
/ 950
950
/ 950
950
/ 950
950
/ 950
950
/ 950
General summary
Provides a security questionnaire and vendor due diligence information exchange to help reduce the operational overhead of traditionally manual and point in time assessments.
Key strengths
Key weaknesses
Usability and learning curve
Risks detailed on point-in-time vendor assessment coupled with continuous monitoring of inherent risk, threat intelligence, and risk scoring. The exchange model forces more frequent point in time assessments, as many as 2-3 times each year.
Customer support
ProcessUnity (formerly CyberGRX) offers extensive community support sharing best platform and program practices via regularly updated podcasts, webinars, whitepapers, and strategic partnerships.
Pricing and support
ProcessUnity (formerly CyberGRX) lists typical engagements as starting at around $120,000 USD. This includes validated assessments data, and unlimited access to the CyberGRX Exchange.
API and Integrations
ProcessUnity (formerly CyberGRX) offers a fully functional bidirectional API.
Customers
Major customers include Medibank Private, Mass Mutual, QBE, Solix, and McAfee.
G2 rating
Accurate as of March 2025
4.5, based on 19 reviews.
Predictive capabilities
Checks identified risk vectors such as phishing, ransomware susceptibility (like WannaCry), man-in-the-middle attacks, DNSSEC, vulnerabilities, email spoofing, domain hijacking, and DNS issues. Data breach incidents are captured, and notice is provided via the exchange.
Security rating
950
/ 950
General summary
UpGuard is an end-to-end third-party risk management platform with best-in-class time-to-value and scalability from initial implementations to beyond.
UpGuard delivers powerful, integrated tools for automated third-party monitoring, in-depth risk assessment and remediation, and one-click reporting.
By combining actionable insights with built-in risk management workflows, UpGuard helps organizations maintain comprehensive oversight of their supply chain security posture and equips them with the necessary tools to shut down emerging risks rapidly.
UpGuard delivers powerful, integrated tools for automated third-party monitoring, in-depth risk assessment and remediation, and one-click reporting.
By combining actionable insights with built-in risk management workflows, UpGuard helps organizations maintain comprehensive oversight of their supply chain security posture and equips them with the necessary tools to shut down emerging risks rapidly.
Key strengths
UpGuard excels by completing full vendor scans every 24 hours, which provides near real-time visibility into vendor security postures while seamlessly integrating native end-to-end AI-powered vendor assessment workflows.
UpGuard's licensing model and efficient learning curve offer best-in-class time to value and program efficiency.
UpGuard's licensing model and efficient learning curve offer best-in-class time to value and program efficiency.
Key weaknesses
UpGuard's focus on core frameworks like ISO 27001 and NIST offers robust coverage for most security and compliance needs, though organizations requiring highly specialized or region-specific regulations may choose to augment it with dedicated GRC modules.
Its strengths in cybersecurity and continuous monitoring ensure strong TPCRM capabilities, but those seeking an all-encompassing governance solution (e.g., covering environmental or privacy regulations) might benefit from additional integrations.
Its strengths in cybersecurity and continuous monitoring ensure strong TPCRM capabilities, but those seeking an all-encompassing governance solution (e.g., covering environmental or privacy regulations) might benefit from additional integrations.
Usability and learning curve
UpGuard offers best-in-class time to value for initial implementations.
UpGuard's platform architecture is designed from the ground up to deliver a quick and shallow adoption curve. UpGuard's clean and intuitive interface ensures ease of ongoing operation and rapid pick-up from new staff members as needed.
UpGuard's platform architecture is designed from the ground up to deliver a quick and shallow adoption curve. UpGuard's clean and intuitive interface ensures ease of ongoing operation and rapid pick-up from new staff members as needed.
Customer support
Known for world-class support across all tiers and customer-friendly guidance, UpGuard delivers proactive and prompt engagement to resolve customer issues quickly. Dedicated teams assist with both technical and strategic TPRM challenges.
Pricing and support
UpGuard offers a freemium package for monitoring up to 5 vendors.
Also provides free access to an AI-powered vendor questionnaire management tool, Trust Exchange.
Pricing starts at USD 1,599 / month.
A 14-day free trial for paid plans is also available.
Also provides free access to an AI-powered vendor questionnaire management tool, Trust Exchange.
Pricing starts at USD 1,599 / month.
A 14-day free trial for paid plans is also available.
API and Integrations
UpGuard provides a well-documented API enabling custom integrations, webhooks, and automation across common security and GRC tools. Its extensibility is straightforward, designed for rapid deployment and minimal setup friction. UpGuard also connects with over 4,000+ apps through a dedicated Zapier integration.
Streamlines remediation and monitoring by natively integrating with Jira, Service Now, and Slack.
Streamlines remediation and monitoring by natively integrating with Jira, Service Now, and Slack.
Customers
Major customers include The New York Stock Exchange (ICE), Morningstar, TDK, PagerDuty, Hopin, and IAG.
To learn more, read UpGuard’s customer stories.
To learn more, read UpGuard’s customer stories.
G2 rating
Accurate as of March 2025
4.5, based on 383 reviews. Named a G2 Market Leader for Third Party & Supplier Risk Management Software.
Predictive capabilities
As UpGuard checks for misconfigurations across your Internet footprint, many important breach vectors are covered, including phishing, ransomware susceptibility (like WannaCry), man-in-the-middle attacks, DNSSEC, vulnerabilities, email spoofing, domain hijacking, and DNS issues. Data leaks are automatically surfaced by the platform for your team to assess and close before they become breaches.
Security rating
950
/ 950
General summary
Bitsight is a cybersecurity ratings platform that continuously monitors organizational and vendor security postures. It collects and analyzes data from multiple sources—including botnet and malware intelligence—to offer evidence-based risk insights. Bitsight also integrates with GRC and TPRM workflows, allowing teams to proactively mitigate threats across their extended supply chain. However, Bitsight’s pricing structure can complicate scalability.
Key strengths
In addition to risk monitoring, Bitsight employs analytical forecasting to estimate future security trajectories. It integrates with platforms like ServiceNow, JIRA, and PowerBI to suit more advanced workflows. This network of partnerships, coupled with strong institutional acceptance, reinforces Bitsight’s profile with complex organizations.
Key weaknesses
Bitsight's pricing structures can quickly escalate operational expenses for TPRM programs and create complicated decisions regarding the extent of risk visibility that can be deployed for vendors within a supply chain. Customers additionally cite attribution challenges for risks and assets within shared IP and cloud environments, which require support request submissions to address.
Monitoring and assessment capabilities are also separately licensed, which may increase purchasing complexity and limit end-to-end coverage to several vendors within supply chains.
Usability and learning curve
Bitsight is generally intuitive for professionals familiar with security ratings, with an interface offering clear vendor risk summaries. However, some advanced features require more expertise and time to leverage effectively, particularly when deploying Bitsight's separate modules for monitoring and risk assessments.
Customer support
Bitsight provides reputable support, particularly for large enterprises with dedicated account teams. Smaller organizations may experience less responsiveness and find self-service documentation limited.
Pricing and support
Public pricing is not available. Does not publically offer a free trial.
API and Integrations
Bitsight integrates with popular platforms like ServiceNow and Splunk, offering APIs for custom reporting and automation. Offers integrations with RSA Archer GRC, CyberGRX, OneTrust Vendorpedia, ProcessUnity, MetricStream, and more.
Customers
Major customers include Optus / Singtel, The University of North Florida, Snam, and PROSA.
G2 rating
Accurate as of March 2025
4.6, based on 44 reviews.
Predictive capabilities
Bitsight is widely recognized for malware and botnet reporting, though attribution to hosting providers or shared IP ranges can lead to accuracy challenges requiring correction support.
Security rating
950
/ 950
General summary
SecurityScorecard is a cybersecurity ratings platform that monitors external-facing vendor networks. It aggregates risk signals from various sources to produce vendor security ratings. SecurityScorecard integrates with SIEM and GRC tools and provides insights that mitigate supply chain attacks. However, risk assessment workflows are managed separately via the Atlas module, which can lead to fragmented processes that could delay vendor assessment delivery and impact program efficiency
Key strengths
SecurityScorecard covers an extensive range of cyber intelligence, drawing from open, proprietary, and dark web sources to identify vendor security risks and assess IP reputation risks. SecurityScorecard’s well-known A–F letter grade system makes it approachable for executives and large enterprises.
Key weaknesses
SecurityScorecard's staggered scan cycles disrupts real-time vendor security posture visibility. IP attribution issues are also cited as common scanning problems.
Additionally, vendor monitoring and risk assessments are licensed separately, which may increase purchasing complexity and limit coverage of end-to-end visibility of supply chain vendors
Usability and learning curve
SecurityScorecard's dashboards and clear A-F grading help non-technical stakeholders quickly grasp vendor risk exposure. However, some users report multiple drill-down steps required to reach specific risk insights, which could lengthen new user learning curves
Customer support
Generally supportive for enterprise levels, with a community of free users. However, customers at lower licensing tiers report slower responses and less personalized support.
Pricing and support
Public pricing information is not available. Offers a free plan and a 14-day free trial for paid plans.
API and Integrations
SecurityScoreCard offers an extensive marketplace of integrations with security, GRC, and workflow platforms. However, integrations tend to primarily focus on score visibility in other platforms rather than workflow extensibility. Offers integrations with several third-party platforms, such as RSA Archer, ServiceNow, and more.
Customers
Major customers include Symantec, Pepsico, Two Sigma, and Stony Brook University.
G2 rating
Accurate as of March 2025
4.2, based on 75 reviews.
Predictive capabilities
SecurityScorecard utilizes active and passive data collection methods that are publicly available. The data collected provides indicators of risk relating to open ports, DNS, HSTS, SSL (and more) that are processed via their proprietary algorithm to produce individual security ratings.
Security rating
950
/ 950
General summary
RiskRecon specializes in external security monitoring and asset attribution with strong accuracy and strong cloud scanning capabilities, which are particularly valuable for IT-centric organizations. Owned by Mastercard, RiskRecon has stable financial backing and solid scanning accuracy. However, it remains primarily focused on external scan strengths and takes a partnership-first approach to TPRM workflows.
Key strengths
RiskRecon provides a notably accurate external scanning solution and offers practical remediation guidance. It even prioritizes vulnerabilities by asset value for IT teams.
Key weaknesses
RiskRecon takes a partnership and integration-first approach to vendor assessment workflows. This necessitates the adoption of an additional solution provider to achieve an optimal assessment experience, as supported by the RiskRecon platform.
Usability and learning curve
RiskRecon is focused on delivering clear, actionable findings for IT and SecOps-centric security teams with a clean interface for surfacing and remediating risks. While its limited scope of purely external scan data can simplify usage, complications can quickly arise for those integrating RiskRecon with a partner provider for assessment workflows.
Customer support
RiskRecon offers stable support with detailed product documentation and guides available.
Pricing and support
Public pricing is not available. Does not publically offer a free trial.
API and Integrations
RiskRecon features basic integration options for exporting findings and connecting with ticketing systems or GRC solutions. Offers integrations with GRC platforms, such as RSA Archer, Sigma Ratings, Whistic, and more.
Customers
Major customers include Informatica, Tufts Health Plan, the University of San Francisco, and Sentara.
G2 rating
Accurate as of March 2025
4.5, based on 2 reviews.
Predictive capabilities
Allows users to implement a baseline configuration within the RiskRecon portal to match risk structures being used to manage enterprise and third-party risk. Risks monitored provide visibility into email security, application security, network filtering, and more.
Security rating
950
/ 950
ProcessUnity (formerly CyberGRX) Pricing
CyberGRX lists typical engagements as starting at around $120,000 USD. This includes validated assessments data, and unlimited access to the CyberGRX Exchange.
ProcessUnity (formerly CyberGRX) Features
Provides a security questionnaire and vendor due diligence information exchange to help reduce the operational overhead of traditionally manual and point in time assessments.
Checks identified risk vectors such as phishing, ransomware susceptibility (like WannaCry), man-in-the-middle attacks, DNSSEC, vulnerabilities, email spoofing, domain hijacking, and DNS issues. Data breach incidents are captured, and notice is provided via the exchange.
ProcessUnity (formerly CyberGRX) Use Cases
CyberGRX was founded in 2015 and is based in Denver, Colorado in the United States. CyberGRX provides enterprises and their third parties improve their approach to third-party cyber risk management.
It does this by collecting questionnaire data and cyber risk assessments in a structured format and then sharing them on their information exchange platform to reduce the operational overhead of due diligence programs.
ProcessUnity (formerly CyberGRX) Demo / Trial
CyberGRX offers a a custom built, interactive demo via its website to allow potential customers to gain insights into cyber risk exposure across their ecosystems.
ProcessUnity (formerly CyberGRX) API
CyberGRX offers a fully functional bidirectional API.
ProcessUnity (formerly CyberGRX) Reviews
The general sentiment of CyberGRX users based on multiple review sources is summarized below:
Key Pros:
1. Comprehensive Assessments:
- Detailed and in-depth third-party risk assessment templates simplifying the identification of critical vendor risks that need to be addressed.
- Provides valuable vendor risk insights to support a comprehensive third-party risk management program.
2. Customer Support:
- Very responsive customer support team that's very knowledagble about common risk assessment processes.
- Great people supporting the technology, enhancing the overall user experience.
3. Shareability and Collaboration:
- Streamlines collaboration of security information pertinent to risk assessments through the CyberGRX Exchange Portal.
- The "complete once, share many" model saves significant time and effort in completing repetitive assessments.
4. Innovative Features:
- Innovative third-party risk management features that align with industry best practices.
- Able to map to different cyber frameworks to support alignment across various security control requirements and third-party security contexts.
Key Cons:
1. Complexity and Usability Issues:
- Some users have reported a poor navigational experience, with the platform's design not optimized to streamline workflows across vendor risk management lifecycle stages.
- The risk assessment user interface is particularly confusing, which could cause frustrating delays in risk assessment processes.
2. Scope and Flexibility:
- The tool attempts to be a 'one size fits all' solution for all third-party risk management, which isn't an ideal design for companies offering multiple products and services.
- Some users have complained about a lack of sufficient support for vendor risk mitigation and monitoring processes, suggesting the solution is more of a risk assessment tool rather than a complete Vendor Risk Management solution.
3. Pricing Model:
- Confusing pricing model, making it difficult for prospects to clearly understand implementation and licensing costs.
4. Difficulty in Managing Multiple Services
- Some users have raised issues with the platform's inability to handle risk managament processes across a range of products and services, making it difficult to scale a Vendor Risk Management program with the platform.
Gartner Peer Insights
Overall ratings for the IT VRM Solutions market. Accurate as of January 2024
UpGuard
4.4, based on 160 reviews. Named a Representative Vendor in the 2022 Gartner Market Guide for IT VRM Solutions
CyberGRX
4.5, based on 45 reviews.
G2
Accurate as of March 2025
UpGuard
4.5, based on 383 reviews. Named a G2 Market Leader for Third Party & Supplier Risk Management Software.
CyberGRX
4.5, based on 19 reviews.
Glassdoor
Accurate as of January 2024
UpGuard
4.6
CyberGRX
4.3
All Competitors & Alternatives
We want you to choose the best platform, even if it's not UpGuard.
