No more typing reviews! Try our Samantha, our new voice AI agent.

ARIS Risk and Compliance Manager vs Veza comparison

 

Comparison Buyer's Guide

Executive Summary

Review summaries and opinions

We asked business professionals to review the solutions they use. Here are some excerpts of what they said:
 

Categories and Ranking

ARIS Risk and Compliance Ma...
Ranking in GRC
26th
Average Rating
8.0
Reviews Sentiment
8.0
Number of Reviews
2
Ranking in other categories
No ranking in other categories
Veza
Ranking in GRC
24th
Average Rating
7.6
Reviews Sentiment
6.7
Number of Reviews
2
Ranking in other categories
Identity Management (IM) (23rd), Privileged Access Management (PAM) (25th), SaaS Security Posture Management (SSPM) (9th), Non-Human Identity Management (NHIM) (7th), Identity Security and Posture Management (ISPM) (3rd)
 

Mindshare comparison

As of July 2026, in the GRC category, the mindshare of ARIS Risk and Compliance Manager is 1.4%, up from 1.0% compared to the previous year. The mindshare of Veza is 0.7%, up from 0.2% compared to the previous year. It is calculated based on PeerSpot user engagement data.
GRC Mindshare Distribution
ProductMindshare (%)
Veza0.7%
ARIS Risk and Compliance Manager1.4%
Other97.9%
GRC
 

Featured Reviews

BPMexp67 - PeerSpot reviewer
BPM Expert at a consultancy with 1-10 employees
Covers the entire risk management cycle, from identification and evaluation to control, mitigation, and monitoring
The most effective features are the basic ones to evaluate and control risk. We have many specific small models inside of ARIS Risk and Compliance Manager, like issue management. These are smaller add-ons depending on the needs. You are including specific models as well. The basic ones do exactly what is required for risk management: identification, evaluation, control, mitigation, and modification. And, we have dashboards with the possibility to configure compliance policies and risk limits based on which we can create alarms. If there are maximum limits, we create alarms attached to the responsible people. Normally, there is someone that identifies the risk, and then you have the risk owner. These people [normal users] can send notifications to the risk owner, who will evaluate the risk and decide whether it's important to control it or not. I remember a project where the customer wanted to control all risks and assigned many people to identify them. They started identifying risks everywhere. After a few years, the customer realized that it didn't make sense to control all of them. So, they created limits—levels of risk the company was willing to accept because it was more expensive to implement controls than to manage the risk. So, regarding ARIS Risk and Compliance Manager, you can implement all the risks and policies you can imagine because it's very customizable. You can customize a lot of things.
HarshalJethwa - PeerSpot reviewer
Cloud Operations Engineer at a tech vendor with 51-200 employees
Centralized access control has strengthened least privilege and streamlined audit compliance
The best features Veza offers in my experience are access visibility to see who can access what and which parts, relationship mapping of a user to roles, policies and resources, and risk detection such as over-permission and unused permission privileges. I can perform audit compliance using those features and the platform supports multiple platforms. Out of those features, I find risk detection to be the most valuable in my day-to-day work because I can check who has over-permission or unused permissions and understand relationship mapping and access visibility. Veza has positively impacted my organization by improving access for our users, allowing us to check the user and perform auditing for our system or organization. We are now able to implement least privilege practices, which has made our organization and system more secure.

Quotes from Members

We asked business professionals to review the solutions they use. Here are some excerpts of what they said:
 

Pros

"The most valuable feature is the risk testing, where you can attach your processes to the risk, and automatically generate all of the tests."
"We can set it so that for a specific risk, or for all risks if we want, people will receive automatic notifications to do the evaluation and implement or test the control at a set interval, like every six months or every year."
"It's the only current GRC vendor with licensing rights for HITRUST 11.3 framework, and I've avoided expensive HITRUST licensing costs through a custom control framework."
"Veza has positively impacted my organization by improving access for our users, allowing us to check the user and perform auditing for our system or organization, and we are now able to implement least privilege practices, which has made our organization and system more secure."
 

Cons

"In future releases, I would like to see more features around AI (artificial intelligence)."
"I would like to see the modeling less strict so that connectors can be more flexible."
"Veza can be improved as it is currently not suitable for small projects due to its high cost, complex setup, and requirement for more integration with multiple systems."
"The support experience could be better."
report
Use our free recommendation engine to learn which GRC solutions are best for your needs.
902,988 professionals have used our research since 2012.
 

Top Industries

By visitors reading reviews
No data available
Financial Services Firm
14%
Manufacturing Company
9%
Healthcare Company
8%
Computer Software Company
8%
 

Company Size

By reviewers
Large Enterprise
Midsize Enterprise
Small Business
No data available
No data available
 

Questions from the Community

What is your primary use case for ARIS Risk and Compliance Manager?
I recommend it to my customers. Sometimes, we follow the normal cycle: risk identification, then evaluation, then mitigation, and lastly, monitoring. In other processes, we use the software to anal...
What advice do you have for others considering ARIS Risk and Compliance Manager?
At this moment, I would recommend this tool. This is the tool I know more than the others. I know a little bit about BWise and other tools like Spark. But ARIS is the one I know best because I've b...
What is your experience regarding pricing and costs for ARIS Risk and Compliance Manager?
We have some nominated licenses, which are per user, and concurrent licenses. The concurrent licenses are more expensive than the other ones but are better, at least for a big company. We can have ...
What is your experience regarding pricing and costs for Veza?
My experience with pricing, setup cost, and licensing is that the pricing is much higher and the setup is very complex.
What needs improvement with Veza?
Veza can be improved as it is currently not suitable for small projects due to its high cost, complex setup, and requirement for more integration with multiple systems. Additionally, there are no e...
What is your primary use case for Veza?
My main use case for Veza is to use it for authentication and to determine who can access what and what can be accessed by the system or organization users. We set permissions for cloud platforms a...
 

Overview

 

Sample Customers

Alicorp, Tesco, Dubai Municipality, Emirates NBD, Suva - ARIS serves customers across all industries and of every size worldwide. Companies trust ARIS as being in the market of business process management for more than 30 years, serving users worldwide, from 1 user companies to the Fortune 500.
Information Not Available
Find out what your peers are saying about ARIS Risk and Compliance Manager vs. Veza and other solutions. Updated: June 2026.
902,988 professionals have used our research since 2012.