Previously, the company did not have well-defined business processes and workflows. It largely depended on manual processes and had no recourse to repetitive tasks in IT and cyber risk and compliance. Strengthening IT risk and security was a particular priority due to the COVID-19 pandemic which resulted in amplified online access.
The company, which has around 59,000 employees from over 100 countries, lacked a centralized GRC database which not only limited the visibility into IT and cyber risk and compliance profiles across the enterprise but also how risks and controls were mapped to business units, processes, and assets.
It also used error-prone manual processes and tools, such as spreadsheets for control maturity assessments. The challenges were further exacerbated due to the lack of insightful reporting and charts to identify such controls. The company also depended on inefficient manual approval cycles.
To address and overcome these challenges, the company deployed MetricStream CyberGRC products on AWS cloud including IT and Cyber Risk and IT and Cyber Compliance. With MetricStream, it now has a centralized repository of critical assets and processes in place and has digitally transformed its Cyber GRC system, making it faster, more agile, and scalable.
Implementing MetricStream CyberGRC products provided an opportunity for the company to align key business processes and workflows—particularly chalking out a unified framework for business processes, risks, and controls. This standardized approach allowed it to cut across organizational silos, automate repetitive tasks in IT and cyber risk and compliance, and eliminate duplication of efforts, thereby significantly improving overall efficiency.
With MetricStream, the company now has a centralized inventory of critical processes and assets as well as a full linkage of all risk, controls, and checklists. This integrated model enhanced transparency by providing a single source of truth, improved IT and cyber risk and compliance visibility, synchronized controls, and provided a holistic and real-time view of the state of IT GRC to key stakeholders, enabling the company to make faster and well-informed decisions and enhance business resilience.
Accelerated processing of
IT and cyber risk and compliance assessments
and issues for remediation
Real-time risk reporting
and monitoring, enhanced
speed, agility, and scalability of IT GRC processes
Centralized repository of critical assets and processes
Automation of repetitive tasks in IT and cyber risk and compliance
The company previously struggled with conducting quarterly control maturity assessments for advanced and baseline controls due to high dependency on manual processes, which required significant time, effort, and resources. Manual approval cycles and the lack of a centralized compliance database further added to the problem.
The sportswear giant implemented MetricStream IT and Cyber Compliance with additional configurations and extensions such as Control Maturity Evaluation workflow. This enabled it to not only consolidate compliance data in a centralized database, enabling comprehensive and real-time visibility, but also automate and streamline IT and cyber compliance management workflows. The company was able to enhance the speed of conducting IT and cyber compliance risk assessments as well as simplify the process of scheduling and conducting automated IT control tests.
The implementation also improved the company’s visibility and measurement capabilities into key risks by linking KRIs and enhanced speed, agility, and scalability of Cyber GRC processes based on industry best practices. It also helped the company accelerate the processing of risk and compliance assessments and issues for remediation. In addition, real-time risk reporting and monitoring along with powerful dashboard metrics significantly improved IT and cyber risk management capabilities.