Explore the right questions to ask before buying a Cyber Governance, Risk & Compliance solution.
Learn More cyber governance risk compliance
Learn about the EU’s Digital Operational Resilience Act (DORA) and how you can prepare for it.
Learn More dora will bring digital risks
Robert Taylor from LSEG shares his experience on implementing an integrated GRC program with MetricStream
Learn More grc program excellence award
Download this report to explore why cyber risk is rising in significance as a business risk.
Learn More cyber risk appetite
Gurjeev Sanghera from Shell explains why they chose MetricStream to advance on the GRC journey
Learn More grc program excellence award shell
Legacy Approach and Related Challenges
Previously, the company did not have well-defined business processes and workflows. It largely depended on manual processes and had no recourse to repetitive tasks in IT and cyber risk and compliance. Strengthening IT risk and security was a particular priority due to the COVID-19 pandemic which resulted in amplified online access.
The company, which has around 59,000 employees from over 100 countries, lacked a centralized GRC database which not only limited the visibility into IT and cyber risk and compliance profiles across the enterprise but also how risks and controls were mapped to business units, processes, and assets.
It also used error-prone manual processes and tools, such as spreadsheets for control maturity assessments. The challenges were further exacerbated due to the lack of insightful reporting and charts to identify such controls. The company also depended on inefficient manual approval cycles.
To address and overcome these challenges, the company deployed MetricStream CyberGRC products on AWS cloud including IT and Cyber Risk and IT and Cyber Compliance. With MetricStream, it now has a centralized repository of critical assets and processes in place and has digitally transformed its Cyber GRC system, making it faster, more agile, and scalable.
Aligned Business Processes and Workflows
Implementing MetricStream CyberGRC products provided an opportunity for the company to align key business processes and workflows—particularly chalking out a unified framework for business processes, risks, and controls. This standardized approach allowed it to cut across organizational silos, automate repetitive tasks in IT and cyber risk and compliance, and eliminate duplication of efforts, thereby significantly improving overall efficiency.
Centralized Repository and Improved IT and Cyber Risk and Compliance Visibility
With MetricStream, the company now has a centralized inventory of critical processes and assets as well as a full linkage of all risk, controls, and checklists. This integrated model enhanced transparency by providing a single source of truth, improved IT and cyber risk and compliance visibility, synchronized controls, and provided a holistic and real-time view of the state of IT GRC to key stakeholders, enabling the company to make faster and well-informed decisions and enhance business resilience.
Challenge
- Lack of well-defined business processes and workflow, limiting visibility into IT and cyber risk and compliance posture
- No centralized database
- Dependency on manual processes for control maturity assessments
- Inefficient approach to IT and cyber risk and compliance management
Business Value Realized
Accelerated processing of
IT and cyber risk and compliance assessments
and issues for remediation
Real-time risk reporting
and monitoring, enhanced
speed, agility, and scalability of IT GRC processes
Centralized repository of critical assets and processes
Automation of repetitive tasks in IT and cyber risk and compliance
Enhanced Control Maturity Assessments
The company previously struggled with conducting quarterly control maturity assessments for advanced and baseline controls due to high dependency on manual processes, which required significant time, effort, and resources. Manual approval cycles and the lack of a centralized compliance database further added to the problem.
The sportswear giant implemented MetricStream IT and Cyber Compliance with additional configurations and extensions such as Control Maturity Evaluation workflow. This enabled it to not only consolidate compliance data in a centralized database, enabling comprehensive and real-time visibility, but also automate and streamline IT and cyber compliance management workflows. The company was able to enhance the speed of conducting IT and cyber compliance risk assessments as well as simplify the process of scheduling and conducting automated IT control tests.
Improved IT and Cyber Risk and Compliance Management Capabilities
The implementation also improved the company’s visibility and measurement capabilities into key risks by linking KRIs and enhanced speed, agility, and scalability of Cyber GRC processes based on industry best practices. It also helped the company accelerate the processing of risk and compliance assessments and issues for remediation. In addition, real-time risk reporting and monitoring along with powerful dashboard metrics significantly improved IT and cyber risk management capabilities.
Related Stories
Case Study
Major Insurance Company Uses a Holistic Approach to Engage All Lines of the Business in GRC
Case Study
Leading UK Financial Institution Improves Risk Visibility With Single Source of Truth for Operational Risk Management and Compliance
Case Study
Baptist Health Care Improves Audit Efficiency and Visibility With MetricStream
Subscribe for Latest Updates
Subscribe Now