In recent years, there has been a dramatic growth in the volume of regulatory requirements in the IT industry. International standards have added to the pressure on information security professionals to manage IT compliance processes in an effective and streamlined manner. The risks of non-compliance can sometimes cost companies millions of dollars in regulatory fines, litigation, and missed opportunities. Hence, a robust IT compliance and control program is necessary to meet regulatory, legal, and audit requirements, especially in today’s digital enterprises.

Download Fact Sheet

MetricStream IT Compliance Management App

The MetricStream IT Compliance Management App provides a centralized system to manage and track compliance with a range of IT regulations and standards. The app scales across the enterprise, streamlining and automating IT compliance management workflows, while consolidating compliance data in a central repository for optimal visibility.

The app simplifies compliance by bringing together controls, policies, and assessments in an integrated structure, tailored to your organization’s requirements. The app also provides a centralized, access-controlled environment to monitor IT compliance processes, assess control deficiencies, and manage remediation. Through the system, executive management gains the visibility they need into the relationship between IT risk and IT compliance across the organization. This data, in turn, enables them to better balance risks and business performance.

The app is also certified for conformance with global accessibility standards and best practices as defined by WCAG 2.1 Level AA and Section 508.

Why MetricStream IT Compliance Management App

  • Integrates with Authoritative Regulatory Sources

    Helps you stay updated on regulatory changes by integrating with multiple authoritative regulatory data sources

  • Provides Access to the UCF Common Controls Hub

    Harmonizes controls across multiple IT standards by leveraging the industry-leading UCF framework which maps 9,300+ IT control statements to 1,200+ regulations and standards

  • Generates Control Delta Reports

    Offers a birds-eye view of the enterprise’s IT compliance status based on multiple parameters, including regulations, regulations linked to assets, and asset classes; delivers a control scorecard and detailed gap report of the operating controls that are not mapped to reference controls

  • Streamlines Control Assessments

    Simplifies the evaluation of general computer controls and application controls by importing or directly measuring IT asset level configuration settings

  • Enables Efficient Compliance Records Management

    Provides a comprehensive system to store and organize IT compliance records, policies, and documents with meta-data based tagging; offers workflow-based tools to access, modify, review, and approve documents in a controlled manner

  • Facilitates a Holistic Approach to IT Compliance Management

    Supports multiple stages of IT compliance management, including compliance framework design, control linking, and integration of policy and risk management data

Overview of IT Compliance Management

M7 Platform Highlights

  • 1

    Engaging and Personalized User Experience
    Makes IT compliance management processes simple, context-sensitive, and personalized to each user; facilitates an intuitive and engaging user experience

  • 2

    Supports app configurations and extensions in an upgrade-safe and scalable manner through the MetricStream AppStudio configuration framework; helps the organization adapt to change quickly

  • 3

    Reporting and Analytics
    Delivers powerful visualization tools and analytics to manage and monitor IT compliance, data relationships, and actions in real time across the extended enterprise

  • 4

    Lean and Robust Architecture
    Is built on a lean, modern, scalable, and extensible architecture that enables the global digital enterprises of today to seamlessly scale up and support new users, while also adding new apps and solutions to meet changing organizational needs

IT Control Self-Assessment Plans and Tests


  • IT Compliance Environment Design

    Create an IT compliance management library to document assets, asset classes, processes, controls, and questions or procedures. Map assets, asset classes, and processes to controls. Gain a consolidated view of the relationships across these data elements using the data browser or available reports.

  • UCF Common Controls Hub

    Leverage the UCF Common Controls Hub to standardize and harmonize control sets across multiple IT regulations. Gain access to a defined set of over 800+ authority documents, 88,900+ citations, 9,300+ harmonized controls, and 1,200+ regulations, standards, and frameworks. Dynamically link regulations and controls with UCF control statements via tight integration between the framework and the MetricStream library. Generate delta reports, and create operating controls and/or reference controls for a chosen authority document.

  • Self-Assessments and Surveys

    Set up, plan, manage, and conduct tests, surveys, and certifications on line items like controls, areas of compliance, requirements, processes, standards, and objectives. Define IT control tests and questions (from the MetricStream GRC Foundation), develop test/survey/certification plans, schedule these plans, and respond to the questions/procedures to determine control performance. Record assessment and survey results, collaborate with respondents, approve and sign-off on risk and control assessments, and identify non-compliance issues and control deficiencies.

  • IT Compliance and Control Assessments

    Link IT compliance controls and assessment activities according to your specific regulatory requirements. Schedule automatic assessments based on predefined criteria and checklists. Perform control tests based on questions and procedures, and attach evidence of findings. Score, tabulate, and report the results efficiently.

  • Issue and Remediation Management

    Based on the results of the IT compliance and control assessments, capture issues for remediation and/or disclosure, and assign them to owners. Trigger issue remediation and disclosure using the underlying workflow and collaboration engine. Gain real-time visibility into the status and progress of issues and remediation plans across the enterprise. Simplify collaboration and communication on issue investigation and remediation tasks.

  • Effective IT Compliance with GRC Intelligence

    Receive alerts, notifications, and updates on IT regulatory content and actionable insights from various online sources through MetricStream’s GRC Intelligence (GRCI). Create and manage regulatory alerts, subscribe to structured content channels, and choose from individual and group subscriptions to these channels. Respond to a regulatory alert by raising an issue, notifying the required stakeholders, linking alerts to data objects, and generating reports.

  • IT Compliance Reporting

    Gain visibility into the IT compliance process, and highlight issues via user-configurable executive dashboards. Track the IT compliance status, process ownership, assessment plans, and other key data on graphical charts to evaluate levels of compliance with various mandates. Drill down into the data at finer levels of detail. Generate detailed reports of self-assessments to provide clear visibility into key risk indicators, assessment results, and compliance initiatives. Schedule alerts for events such as exceptions and failures to eliminate any surprises, and to make the IT compliance process predictable.

Status of Self-Assessments and Surveys

IT Compliance Libraries

Get a demo Download RFP Template Pricing Contact