Meet the 2023 Winners of the GRC 20/20 Best in Class Awards
- GRC
- 26 October 23
Introduction
We have some exciting news to share. Two of our customers were awarded the 2023 GRC 20/20 Best in Class Awards (now known as the GRC Innovation Awards) for their outstanding accomplishments in enterprise IT GRC management and compliance management.
Congrats to Guidewire and Zurich Insurance on their much-deserved wins. We’re honored to be part of their journeys towards building successful governance, risk, and compliance (GRC) programs that accelerate business growth, strengthen resilience, and deliver high-value impact.
Here are these companies’ inspiring GRC stories.
Guidewire: Best in Class Enterprise IT GRC Management - Medium Enterprise
In today’s hyper-connected digital world, an IT risk in a seemingly insignificant area of the business can have a profound and cascading impact on the whole enterprise. Many organizations approach these risks reactively – putting out information security fires as and when they arise. But with security breaches increasing, it’s extremely important for IT teams to step back and think strategically about how to streamline resources and monitor IT GRC across interconnected information and technologies.
That’s exactly what Guidewire has done. The California-based solutions provider for insurers set out to replace their siloed and manual GRC program with true risk management processes aligned to business needs and stakeholder value.
The company began by implementing consistent risk assessments and metrics, establishing financially accountable owners for risks and issues, and developing an integrated GRC strategy with a cross-functional GRC steering committee. MetricStream was chosen as the GRC platform to manage policies, controls, compliance, risks (including vendor risks), and business continuity.
Using automation, Guidewire has sped up its risk management processes and reduced open issues by nearly 40%. Risk visibility has also improved, thanks to better reporting and regular cross-business communication. Issues no longer fall through the cracks, resources are deployed effectively, and resolution is tracked systematically through the MetricStream platform.
Since risk owners are clearly assigned, each one can move quickly in the case of an unexpected event. They communicate regularly through dashboards and continuously update views of risk and associated metrics. Unlike before, when they operated in silos, risk owners are now a connected team run on a single GRC platform.
All these efforts make Guidewire a true leader in IT GRC.
Download the award-winning case study: Guidewire Optimizes Cyber GRC Risk and Compliance with MetricStream
Zurich Insurance: Best in Class Compliance Management - Large Enterprise
Today’s organizations are dynamic and constantly changing. They’re entering new markets, releasing new products, establishing new vendor relationships, and dealing with new regulations – all of which increase compliance risks. To mitigate risk exposure, organizations need to be proactive about monitoring compliance with legal requirements, regulations, policies, and ethics. That means moving away from the compliance silos of the past towards a more integrated approach that strengthens compliance visibility and agility.
Zurich Insurance has embraced this approach. The multi-line insurer, which serves over 210 countries and territories, has modernized and streamlined its compliance, policy, and risk management processes for optimal efficiency.
Using MetricStream Compliance Management Software, the company has built a single source of truth to manage its entire global compliance operations. Automated and standardized workflows strengthen compliance efficiency.
Meanwhile, a centralized compliance policy portal makes it easy for front-line employees to access the latest policies in a secure manner. The company has also streamlined policy creation, approvals, versioning, and discovery.
With real-time visibility into compliance risks and findings, teams can make more confident decisions. At the click of a button, they can see how risks are linked to controls, testing plans, and more. Dashboards and reports provide timely compliance insights, enabling the compliance team to more effectively meet its objective of providing trusted advice to the business.
Even regulatory changes and updates are proactively captured and managed to ensure that the company is always compliant. This is what makes Zurich Insurance an award winner.
Download the award-winning case study: Zurich Insurance Modernizes Compliance with MetricStream
Congrats again to the award winners for setting new standards in GRC. It’s our privilege to work with companies that are finding innovative ways to thrive on risk, strengthen compliance, and demonstrate good governance.
Frequently Asked Questions
GRC 20/20 evaluates and verifies real-world GRC platform implementations, confirming that the approach taken and the benefits achieved qualify as best in class within a defined category. Winners are assessed on the strength of their integrated GRC strategy, the measurable outcomes delivered, and the clarity of accountability structures established across the organization.
Guidewire replaced disconnected, document-based processes with a unified GRC platform covering policies, controls, compliance, risks, and business continuity. The transformation included establishing consistent risk assessment methodologies, assigning financially accountable risk owners, forming a cross-functional GRC steering committee, and deploying automation to accelerate risk management workflows across the organization.
Following its 2023 MetricStream implementation, Guidewire reduced open issues by nearly 40% and significantly improved risk visibility through structured reporting and cross-business communication. Risk owners, previously operating in silos, became a connected team working from a single platform, enabling faster response to unexpected events and more consistent tracking of issue resolution.
Zurich Insurance built a single source of truth for its global compliance operations using MetricStream, standardizing workflows and centralizing policy management across its international footprint. Automated processes handle regulatory change capture and policy versioning, while real-time dashboards give compliance teams visibility into how risks connect to controls and testing plans across jurisdictions.
A centralized policy portal gives front-line employees a single, secure location to access the most current version of every relevant policy, eliminating the confusion that arises when policies are scattered across disconnected systems. It also streamlines the processes of policy creation, approval, versioning, and retrieval, reducing the administrative burden on compliance teams and improving consistency of policy application across the organization.
Real-time compliance visibility allows teams to see how risks connect to controls, testing plans, and findings at any given moment, rather than relying on periodic reports that may not reflect current exposure. For large enterprises operating across multiple jurisdictions, this continuous view enables faster, more confident decisions and reduces the likelihood of compliance gaps going undetected between audit cycles.
A best-in-class IT GRC program, as recognized by GRC 20/20, demonstrates an integrated architecture that replaces siloed and manual processes with a unified platform delivering measurable outcomes. Key markers include clear accountability for risk ownership, consistent risk assessment methodology, cross-functional collaboration, and documented improvements in risk visibility and issue resolution.
Automated regulatory change management captures and processes incoming regulatory updates as they occur, rather than relying on manual monitoring that can miss changes or delay response. For a global insurer like Zurich Insurance, this means that new requirements across multiple jurisdictions are proactively identified, assessed, and routed to the appropriate teams, reducing the window between regulatory change and organizational adaptation.
Alongside its technology deployment, Guidewire established a cross-functional GRC steering committee to provide strategic direction and cross-departmental alignment. The company assigned financially accountable owners to each risk and issue, replacing the informal and disconnected ownership structures that had previously allowed issues to fall through the cracks. These governance changes were as central to the program's success as the platform itself.
When risks are explicitly linked to the controls designed to address them and to the testing plans that verify control effectiveness, compliance reporting shifts from a static snapshot to a dynamic, traceable view of the organization's actual risk posture. For large insurers managing complex regulatory obligations, this linkage means that audit committees and senior leadership can see not just what the risks are, but whether the controls in place are functioning and tested, supporting more accurate and defensible reporting.
