Metricstream Logo

AI-First Connected GRC

Drive a Connected GRC Program for Improved Agility, Performance, and Resilience

webinar

Explore critical best practices for addressing the intersection of third-party and cyber risk. Register now.

Learn More

Discover Connected GRC Solutions for Enterprise and Operational Resilience

Learn about the EU’s Digital Operational Resilience Act (DORA) and how you can prepare for it.

Learn about the EU’s Digital Operational Resilience Act (DORA) and how you can prepare for it.

Learn More

Explore What Makes MetricStream the Right Choice for Our Customers

Robert Taylor from LSEG shares his experience on implementing an integrated GRC program with MetricStream

Robert Taylor from LSEG shares his experience on implementing an integrated GRC program with MetricStream

Learn More

Discover How Our Collaborative Partnerships Drive Innovation and Success

Watch Lucia Roncakova from Deloitte Central Europe, speak on how the partnership with MetricStream provides collaborative GRC solutions

Watch Lucia Roncakova from Deloitte Central Europe, speak on how the partnership with MetricStream provides collaborative GRC solutions

Learn More

Your Insight Hub for Simpler, Smarter, Connected GRC

Download this report to explore why cyber risk is rising in significance as a business risk.

Looking into 2025 – A Journey Through GRC Challenges and Priorities

Download the Report

Learn about our vision and mission

Gurjeev Sanghera from Shell explains why they chose MetricStream to advance on the GRC journey

Gurjeev Sanghera from Shell explains why they chose MetricStream to advance on the GRC journey

Learn More
+1-650-620-2955
+1-650-620-2955 Contact Us Request Demo
×
Hit enter to search or ESC to close
Case Study

Leading Sports Footwear and Apparel Company Automates IT and Cyber Risk and Compliance

READ MORE

As one of the leading and best-known global sports footwear and apparel brands, the company has a deep commitment to governance, risk, and compliance (GRC). It identified the need to digitize its IT Risk and Compliance management to streamline the processes, eliminate manual and repetitive tasks, and enhance overall efficiency and business resilience. The previous outdated approach and lack of a centralized database limited the company’s visibility into risks and the effectiveness of controls.

To meet its Cyber GRC needs, the company tapped MetricStream’s IT and Cyber Risk and IT and Cyber Compliance Management products running on Amazon Web Services (AWS) cloud. With the implementation, it now has a single source of truth for its risks and controls and has successfully automated and streamlined its Cyber GRC processes— enhancing visibility into its IT and cyber risk and compliance profiles, accelerating the processing of risk and compliance assessments and issues for remediation, and improving overall speed, agility and scalability.

Legacy Approach and Related Challenges

Previously, the company did not have well-defined business processes and workflows. It largely depended on manual processes and had no recourse to repetitive tasks in IT and cyber risk and compliance. Strengthening IT risk and security was a particular priority due to the COVID-19 pandemic which resulted in amplified online access.

The company, which has around 59,000 employees from over 100 countries, lacked a centralized GRC database which not only limited the visibility into IT and cyber risk and compliance profiles across the enterprise but also how risks and controls were mapped to business units, processes, and assets.

It also used error-prone manual processes and tools, such as spreadsheets for control maturity assessments. The challenges were further exacerbated due to the lack of insightful reporting and charts to identify such controls. The company also depended on inefficient manual approval cycles.

To address and overcome these challenges, the company deployed MetricStream CyberGRC products on AWS cloud including IT and Cyber Risk and IT and Cyber Compliance. With MetricStream, it now has a centralized repository of critical assets and processes in place and has digitally transformed its Cyber GRC system, making it faster, more agile, and scalable.

Aligned Business Processes and Workflows

Implementing MetricStream CyberGRC products provided an opportunity for the company to align key business processes and workflows—particularly chalking out a unified framework for business processes, risks, and controls. This standardized approach allowed it to cut across organizational silos, automate repetitive tasks in IT and cyber risk and compliance, and eliminate duplication of efforts, thereby significantly improving overall efficiency.

Centralized Repository and Improved IT and Cyber Risk and Compliance Visibility

With MetricStream, the company now has a centralized inventory of critical processes and assets as well as a full linkage of all risk, controls, and checklists. This integrated model enhanced transparency by providing a single source of truth, improved IT and cyber risk and compliance visibility, synchronized controls, and provided a holistic and real-time view of the state of IT GRC to key stakeholders, enabling the company to make faster and well-informed decisions and enhance business resilience.

Challenge

  • Lack of well-defined business processes and workflow, limiting visibility into IT and cyber risk and compliance posture
  • No centralized database
  • Dependency on manual processes for control maturity assessments
  • Inefficient approach to IT and cyber risk and compliance management

Business Value Realized

  • Accelerated processing of IT and cyber risk and compliance assessments and issues for remediation
  • Real-time risk reporting and monitoring, enhanced speed, agility, and scalability of IT GRC processes
  • Centralized repository of critical assets and processes
  • Automation of repetitive tasks in IT and cyber risk and compliance

Enhanced Control Maturity Assessments

The company previously struggled with conducting quarterly control maturity assessments for advanced and baseline controls due to high dependency on manual processes, which required significant time, effort, and resources. Manual approval cycles and the lack of a centralized compliance database further added to the problem.

The sportswear giant implemented MetricStream IT and Cyber Compliance with additional configurations and extensions such as Control Maturity Evaluation workflow. This enabled it to not only consolidate compliance data in a centralized database, enabling comprehensive and real-time visibility, but also automate and streamline IT and cyber compliance management workflows. The company was able to enhance the speed of conducting IT and cyber compliance risk assessments as well as simplify the process of scheduling and conducting automated IT control tests.

Improved IT and Cyber Risk and Compliance Management Capabilities

The implementation also improved the company’s visibility and measurement capabilities into key risks by linking KRIs and enhanced speed, agility, and scalability of Cyber GRC processes based on industry best practices. It also helped the company accelerate the processing of risk and compliance assessments and issues for remediation. In addition, real-time risk reporting and monitoring along with powerful dashboard metrics significantly improved IT and cyber risk management capabilities.

Related Resources

Case Study

Major Insurance Company Uses a Holistic Approach to Engage All Lines of the Business in GRC

 Read More readmore
Case Study

Leading UK Financial Institution Improves Risk Visibility With Single Source of Truth for Operational Risk Management and Compliance

 Read More readmore
Case Study

Baptist Health Care Improves Audit Efficiency and Visibility With MetricStream

 Read More readmore
lets-talk-img

Ready to get started?

Speak to our GRC experts Let’s talk