ConnectedGRC

Drive a Connected GRC Program for Improved Agility, Performance, and Resilience

Explore the right questions to ask before buying a Cyber Governance, Risk & Compliance solution.

Explore the right questions to ask before buying a Cyber Governance, Risk & Compliance solution.

Learn More

Discover ConnectedGRC Solutions for Enterprise and Operational Resilience

Learn about the EU’s Digital Operational Resilience Act (DORA) and how you can prepare for it.

Learn about the EU’s Digital Operational Resilience Act (DORA) and how you can prepare for it.

Learn More

Explore What Makes MetricStream the Right Choice for Our Customers

Robert Taylor from LSEG shares his experience on implementing an integrated GRC program with MetricStream

Robert Taylor from LSEG shares his experience on implementing an integrated GRC program with MetricStream

Learn More

Discover How Our Collaborative Partnerships Drive Innovation and Success

Watch Lucia Roncakova from Deloitte Central Europe, speak on how the partnership with MetricStream provides collaborative GRC solutions

Watch Lucia Roncakova from Deloitte Central Europe, speak on how the partnership with MetricStream provides collaborative GRC solutions

Learn More

Find Everything You Need to Build Your GRC Journey and Thrive on Risk

Download this report to explore why cyber risk is rising in significance as a business risk.

Download this report to explore why cyber risk is rising in significance as a business risk.

Learn More

Learn about our mission, vision, and core values

Gurjeev Sanghera from Shell explains why they chose MetricStream to advance on the GRC journey

Gurjeev Sanghera from Shell explains why they chose MetricStream to advance on the GRC journey

Learn More
+1-650-620-2955
+1-650-620-2955 Contact Us Request Demo
×
Hit enter to search or ESC to close
Overview

For one of North America’s largest transport companies, the opportunity to continue serving millions of customers depends, to a large extent, on the organization’s ability to manage and mitigate cyber threats. Earlier, cybersecurity was just one part of the company’s larger technology and IT security program. But as the focus on cyber steadily increased, stakeholders set out to establish a dedicated cybersecurity governance, risk management, and compliance initiative.

READ MORE
Resource
Solution
Focused Approach to GRC:

After several years of working with internal experts to manage cybersecurity requirements, the organization approached MetricStream for an integrated GRC solution. They wanted a single, unified platform that would enable them to simultaneously manage all their IT risks and IT compliance requirements.

 

Increased Focus on IT and Cyber Risks:

Today, the MetricStream solution for IT risk management has given the organization a centralized and flexible system to manage and track various IT risks, including cybersecurity risks. It also supports a consistent risk and control vocabulary which simplifies risk communication and reporting.

Built on a common GRC platform, the solution enables a standardized, streamlined process for IT risk documentation, risk assessments, control management, issue detection, and resolution. The solution has also helped the company build clear risk governance structures with well-defined roles and risk owners across the three lines of defense.

Advanced business intelligence reports and dashboards provide an in-depth, near real-time view of IT and cybersecurity risks aligned to business risks, thus enabling senior stakeholders and board members to make faster and better-informed decisions.

In addition to the IT risk management solution, a separate exceptions management solution has been built by MetricStream to help the company raise exceptions as part of their risk assessments. Users can add a monetary value to each risk exception to understand its business impact on the company.

 

FEDERATED IT AND CYBER COMPLIANCE:

Using the MetricStream solution for IT compliance management has made it easier for the company to handle and track compliance with various IT and cybersecurity regulations and standards. The solution supports the process of scheduling assessments, automating them, and performing control tests based on specific company procedures.

It also enables a federated approach to IT compliance management through which the company can link IT compliance controls and assessment activities according to specific regulatory requirements. Alerts, notifications, and updates on IT regulatory content, as well as actionable insights from various online sources, are delivered on an automated basis.

The solution provides comprehensive visibility into the IT compliance process through a built-in reporting and dashboard engine.

In addition to a range of standard reports, MetricStream has built a detailed “security book” report for the company which offers a complete snapshot of the cyber-risk posture of each business asset.

 

Extending the Maturity of GRC:

The company now plans to continue their GRC journey with MetricStream by extending their GRC platform to include new solutions for third-party management, as well as policy and document management. The former will enable the company to efficiently identify, assess, mitigate, and monitor IT vendor risks, while also managing vendor compliance. The latter will help the company map their policies to regulations, risks, and controls, thus making it easier for users to identify and close compliance gaps or deficiencies proactively

 
Challenges
  • Absence of a baseline security guide to track and monitor cybersecurity risks
  • Insufficient focus on IT risks
 
Value Delivered
  • Optimized overall cybersecurity investment
  • Standardized classification of systems as per GRC cybersecurity definitions
  • Simplified the risk taxonomy across the enterprise
  • Improved visibility into top risks across the three lines of defense
  • Helped link cybersecurity risks to business risks for faster decision making
 
PRODUCTS
lets-talk-img

Ready to get started?

Speak to our experts Let’s talk