• 66%*
    Reduction in the time taken to complete risk assessments
  • 37%*
    Cost savings in risk assessments and associated processes
  • 30%*
    Reduction in the number of man-days required for a scaled-up level of vulnerability management
*Source: Customer responses and GRC Journey Business Value Calculator

IT Risk Management App

The MetricStream IT Risk Management App empowers organizations to adopt a focused and business-driven approach when managing and mitigating IT risks and threats. The app integrates with multiple end-point IT security and infrastructure management tools and security intelligence feeds to identify and prioritize the risk exposure for IT assets.

It also provides sophisticated analytics and reports that transform raw risk data into actionable IT risk intelligence, providing clear visibility into the top risks within the enterprise. The app is certified for conformance with global accessibility standards and best practices as defined by WCAG 2.1 Level AA and Section 508.

Download Datasheet Business Value Calculator

Enabling High Performers

Responsive and personalized interface designed for information security and risk practitioners

Highly configurable to meet your specific IT risk requirements

Insights and risk intelligence for better decisions

Fast, lean, ready for the future


Centralized Repository for Assets, Processes, Threats, and Vulnerabilities

Define and maintain business entities such as IT risks, assets, threats, vulnerabilities, processes, and controls. Consolidate IT assets in a common library leveraging out-of-the-box connectors with a Configuration Management Database (CMDB) such as BMC Atrium. Map IT assets to threats and vulnerabilities along with associated details such as description, category, hierarchy, ownership, visibility, and validity.

Consolidation of Threat Intelligence

Monitor the threat landscape, zero-day advisories, and threat bulletins. Subscribe to RSS or email-based threat alerts from leading industry sources, and filter the alerts based on keywords.

Vulnerability Consolidation and Prioritization

Import vulnerability data from multiple third-party vulnerability scanning tools such as QualysGuard and Nessus. Alternatively, subscribe to RSS or email-based threat alerts from leading industry sources. Generate a combined risk rating across each asset’s vulnerability and business context. Based on the rating, prioritize vulnerability remediation strategies for optimal efficiency. Orchestrate the remediation process workflow using predefined templates and rules.

IT Risk Assessments

Assess, quantify, monitor, and manage IT risks in an integrated manner using industry standard IT risk assessment frameworks such as ISO 27001, FAIR, and IRAM2. Perform multi-dimensional risk assessments with support for both top-down and bottom-up approaches. Conduct advanced assessments by configuring risk scores, and ranking them using a simple risk matrix. Roll up the scores to an assessed entity or organization. Define the logic for computing both inherent and residual risk scores, and view and analyze these scores through flexible heat maps.

Issue Management and Remediation

Identify and document issues from IT risk assessments as well as threat and vulnerability management. Initiate a closed-loop process of investigation, root cause analysis, and remediation. Prioritize and assign resources for investigation and remediation through the underlying workflow and collaboration engine. Define an action plan, and track the remediation process to closure.

For vulnerabilities, define rules to auto-detect vulnerability patterns among assets and to auto-trigger remediation of issues or incidents. Automatically route incidents from the app into BMC Remedy and ServiceNow.

IT Risk Monitoring and Reporting

Generate user-configurable risk reports, risk heat maps, and role-based executive dashboards which aggregate IT risk, threat, and vulnerability data for comprehensive visibility. Gain a 360-degree view of the information through the app’s data browser. Continuously monitor risk metrics and performance, as well as the organization’s threat and vulnerability posture.

Learn More

Delivering Business Value

  • Build confidence with regulators and executive management by demonstrating a robust, enterprise-level approach to IT risk management and business resilience
  • Improve efficiency by correlating vulnerabilities with IT assets, and prioritizing remediation efforts based on the areas of highest criticality
  • Save costs by rationalizing IT risk and control assessments, while also reducing redundancies and errors
  • Improve decision-making, and reduce IT risks and threats with accurate and timely insights from the first and second lines
  • Gain real-time visibility into IT risk and threat exposure, as well as the appropriate mitigation measures through contextual risk information from across processes and assets
Get a demo Download RFP Template Pricing Contact