How MetricStream’s apps help in COVID-19 Management

Risk Management | 6 Min Read |27 April 20|by Yo McDonald

COVID-19 has changed the way we do Risk Management forever, with the velocity, agility and interconnectedness of risks – with  resilience, financial and economic uncertainty, health and safety and cyber coming to the foreground in new and unanticipated ways.  We are seeing leaders adapt their Governance, Risk and Compliance (GRC) programs quickly to address ever-widening repercussions of responding to the crisis, and more recently, anticipating the re-opening of business at the national, regional and local level as the situation on the ground permits.

COVID-19: The Immediate, Intermediate, and the New Normal

MetricStream’s market-leading GRC apps and platform are being leveraged in organizations across the world, in all industries to manage COVID-19 containment programs – supporting rapid and decisive intervention to flatten the curve, keep front line employees safe while continuing to serve customers, and align with vendors, suppliers and third parties.

Business leaders need to make faster decisions based on better data. They want to know  – what is the trajectory? They are keenly interested in understanding shifts, and when to expect a change – when an office, critical supplier or region is rising to a peak or re-opening based on increasing containment.  Business teams are responsible to see the trajectory and timelines for re-opening –integrating information from governments, WHO and other authorities to determine the timing of shifting much needed resources back to field – all while working from home in a new digital, cloud-based eco-system. 

MetricStream’s view is that organizations will go through three phases of COVID-19 Response and Planning:

  • The Immediate – Business Impact and Incident Response in the shortest term 
  • The Intermediate – A re-look at the Governance, Risk and Compliance priorities 
  • The New Normal – As the new normal settles in,  organizations will make COVID-19 response part of their overall process and infrastructure, with a strong bias towards real-time risk assessments and analytics on data and operational resilience, to deal with a constantly evolving risk universe.  

MetricStream solutions for management of COVID-19 follow the context of our PLAN-ACT-ADAPT framework, a helpful way to understand and consider how to specifically leverage MetricStream apps during the Immediate, Intermediate and New Normal phases of the crisis.

A screenshot of a cell phone

Description automatically generated


Business Value of Critical and Actionable information in the COVID-19 world

MetricStream apps in the PLAN stage

Risk Management teams need faster risk assessments and scorecards. They want to know – where are the hot spots?  They are conducting assessments of employees, systems, 3rd and 4th parties, policies and projects. They need to see new COVID-19 risks in terms of geographies, customers, suppliers, business lines, high value processes, policies, technology assets – in order to correlate issues and build action plans based on proven and evolving playbooks.  The MetricStream Enterprise Risk Management App helps provide that visibility and status updates to the board, leadership, partners and other stakeholders into COVID-19 connected risks, in the context of geographies, offices, customers, lines of business, products, suppliers…and more.

Third Party Management teams need a rapid assessment of supplier and vendor availability to come back online. They want to know –  what’s the current and potential impact? They need to measure the scope of impact to predict workforce changes, delays or alternative supply chains by conducting rapid assessments of impact to employees, systems, 3rd and 4th parties.  The MetricStream Third Party Management App  helps organizations get visibility into 3rd party and supply chain risk by product or country, and plan for  alternatives to impacted locations.

Business Resilience teams need faster resilience analysis. They want to know –  what is the impact? For each critical business function, they need to see current and potential impact and preparedness. That means being able to quickly measure the scope of impact to predict workforce changes, delays or alternative supply chains. To do this they must see what Business Continuity Plans and in place, being executed and where gaps are that need to be closed. The MetricStream Business Continuity Management App helps organizations make decisions on impacted offices, regions, businesses, facilities and products, by conducting Business Impact Assessments  and communicating with Emergency Mass Notification to suppliers, internal and external stakeholders.

MetricStream apps in the ACT stage

Human Resources and business teams need to communicate policies, procedures and response strategies tied to tiered, clear action plans – they need to quickly distribute revised policies, procedures and controls around COVID-19 impacted realities: Work from Home, virtual customer meetings and new Health and Safety procedures. They need to map to useful content and recommendations from WHO, CDC and other authoritative sources. The MetricStream Policy and Document  Management App

helps organizations revise and publishpolicies (leave for health workers, new travel policies, procedures for high risk areas) by location, groups and functionsas well as distribute and gain fast attestation from employees and 3rd parties as they evolve during the crisis.

Compliance teams need to ensure compliance with changing regulations and new procedures – which may vary by country and region. This often means putting evolving playbooks in the hands of those who can take action – continuously improving them rather than re-inventing the wheel. This may also mean implementing and testing renewed or stronger controls. The MetricStream Compliance Management App helps organizations assess and manage stronger controls– across cyber, workplace health, technology….and at the same time see the organizations’ Compliance profile by regulation, best practice and geography.

Information technology, security and cyber teams need to understand threats from bad actors that take advantage of new vulnerabilities that may arise in the digital world. The MetricStream IT Risk Management App helps organization assess risks in the extended enterprise and digital eco-system that may be used now by new stakeholders across the organization. Critically, the app help teams build and correlate remediation action plans to manage and close gaps.

MetricStream apps in the ADAPT stage

All teams must gather and correlate incidents – such as employee health and safety, technology or cyber-related, home office obstacles, supplier and 3rd party changes.  This helps organizations see when a region needs to shut down or re-open, when the supply chain breaks – to understand risk to affected business units, disruption from suppliers and incidents from the front-line. The MetricStream Case and Incident Management App helps organizations gain visibility into impacted locations, facilities, customers and products and ensure speedy investigations and resolution to legal and compliance cases.

Observations from the front line are becoming increasing critical to paint a more complete picture of how risks, opportunities and incidents are changing on the ground. The MetricStream Observations Management App helps organizations identify and address critical risks at the front line, and crowdsource front line incidents. Increasingly, artificial intelligence and natural language processing (NLP) are being used to identify patterns and issue clusters, provide recommendations on actions and proactively monitor issues reported on by employees and extended enterprise vendors and partners.

Lastly – the cloud has proven to be table-stakes for operating in the post-COVID-19 world where it is critical tomake access to the front line access easy – including distributed employees and those Working From Home. The MetricStream Cloud, designed for GRC, offers high availability and scalability, as well as advanced security and access control to MetricStream apps.

Effective COVID-19 management depends on providing high value and actionable information to core teams in order to  coordinate their efforts as they manage the crisis.  Risk management, business leaders, business resilience, IT, Security and human resources and front line teams may all leverage MetricStream’s cloud, platform and highly configurable apps, to provide high value across of COVID-19 operational needs.


Leave a Comment

The content of this field is kept private and will not be shown publicly.
This question is for testing whether or not you are a human visitor and to prevent automated spam submissions.
1 + 2 =
Solve this simple math problem and enter the result. E.g. for 1+3, enter 4.

Yo McDonald

Posted Article: 4

Yo McDonald, Vice President, Customer Success and Engagement, MetricStream, is a seasoned executive in Governance, Risk and Compliance (GRC) consulting and product solutions.

Read More

Top Posts

The Next-Gen CISO - Building Cyber Resilience with Cyber GRC

IT Risk & Cyber Risk | 25 May 2023 | 5 Min Read

AWS Security Lake and OCSF: A Cyber Risk Perspective

IT Risk & Cyber Risk | 31 January 2023 | 4 Min Read

10 GRC Trends to Watch Out for in 2023

GRC | 17 January 2023 | 1 Min Read

Experience the Power of Connection

GRC | 14 December 2022 | 3 Min Read

Insurance Industry. Strengthen Cyber Resilience Now!

IT Risk & Cyber Risk | 08 December 2022 | 3 Min Read


Ready to get started?

Speak to our experts Let’s talk