By using this site you agree to our use of cookies. Please refer to our privacy policy for more information.Close


Businesses today operate in an extremely dynamic environment with continuously changing organizational structures, processes, functions, and people. GRC processes and methodologies are also in a constant state of flux with new risks emerging, and compliance regulations growing and evolving at a rapid pace.

Many organizations currently operate legacy systems and internally built GRC applications that are difficult to upgrade. As a result, adapting to risk and compliance changes becomes a complex, time-consuming, and costly process. To keep up with these changes, organizations need a GRC framework that is flexible, extensible, and configurable.

Download Factsheet

MetricStream AppStudio

AppStudio is a cloud-based, next-generation framework that enables you to effectively manage apps and solutions built on the MetricStream GRC Platform. With AppStudio, authorized users can personalize, configure, extend, and customize GRC apps to address evolving requirements. AppStudio is unique in the breadth of scenarios it supports, ranging from personalizing GRC apps based on user preferences, to configuring apps based on advanced business and IT requirements.

AppStudio provides an extensible GRC architecture to adapt to ongoing change rapidly, and reduce the associated costs. With AppStudio, you can perform the following:


Tailor the user experience, and accommodate specific individual needs. Business users can personalize home pages, landing pages, reports, and charts based on their needs and preferences.


Perform common and advanced app configuration changes, and ensure that the behavior of the system is aligned to organizational needs. Power users such as business administrators can define organizational structures/ roles and lists of values, add or modify fields within forms, alter workflows, modify email content, and more. All configurations performed are upgrade-safe and require no coding efforts.


Manage medium and complex app extensions to ensure that the behavior of the system is aligned to organizational needs. IT developers can add new forms or workflows, or even modify the business logic of the MetricStream app. All extensions are upgrade-safe and require minimal coding efforts.


Rapidly build GRC apps with an integrated suite of reusable code libraries, best practices, and design methodologies. IT developers can modify MetricStream app workflows, forms, dashboards, charts, reports, and more. All customization capabilities require additional effort and detailed testing as part of the MetricStream app upgrade process.


Why AppStudio

  • Enables Adaptability To Business Change

    Helps adapt GRC applications in a rapid and scalable manner to changes in business requirements and regulatory needs

  • Provides Agile Configuration Capabilities

    Supports rapid configuration of apps by providing parameterized options to switch on and off workflow features, while also delivering a drag-and-drop user interface for defining thresholds, formulae, and workflows based on your exact organizational needs

  • Ensures Upgrade-Safe Change Management

    Enables changes to be configured in a scalable and upgrade-safe manner; helps ensure that GRC apps are upgraded to the latest version while carrying configurations and customizations across versions

  • Enhances App Extensibility For Future Business Needs

    Provides a suite of tools, frameworks, best practices, and design methods that enable authorized users to rapidly extend the core functionality provided by the MetricStream platform and apps

M7 Platform Highlights

  • 1

    Engaging and Personalized User Experience
    Makes GRC processes simple, context-sensitive, and personalized for each user; facilitates an intuitive and engaging user experience

  • 2

    Supports app configurations and extensions in an upgrade-safe and scalable manner through the MetricStream AppStudio configuration framework; helps the organization adapt to change quickly

  • 3

    Mobility and Layering
    Provides a responsive interface that allows GRC processes to be managed across devices; leverages a REST API integration framework to layer GRC processes over heterogeneous IT systems and business critical infrastructure

  • 4

    Reporting And Analytics
    Delivers powerful visualization tools and analytics to manage and monitor GRC trends, data relationships, and actions in real time across the extended enterprise

  • 5

    Lean And Robust Architecture
    Is built on a lean, modern, scalable, and extensible architecture that enables the global digital enterprises of today to seamlessly scale up and support new users, while also adding new apps and solutions to meet changing organizational needs


  • Data Designer

    Create business or data objects such as risk objects, audit objects, and issue objects with minimal coding and technical expertise. Leverage simple drag-and-drop options to define form categories, and lay them out in the desired manner.

    Build relationships between data objects through innovative features such as Advanced Data Types (ADT). For example, associate risk objects with control objects, organization objects and more. Essentially, model the system with simple configurations to achieve complex functionalities, while also building forms and reports.

    Define the data model for an app, consisting of data objects (e.g. risks, controls) and the attributes that are associated with each of these objects (e.g. risk name, type, impact). Define these entities either independently, or take them from the MetricStream GRC Platform’s pre-existing library.

  • Form Designer

    Leverage built-in industry best practices to build forms with the latest user interaction components. Include various fields in the form (text, drop-down, RTF, attachments, and more), as well as form elements such as tabs and sections.

    Use the system’s advanced visualization capabilities such as grid layouts and hierarchical tree layouts to represent complex relationships across multiple data objects in simple interfaces. The browser-based IDE consists of various advanced widgets to support rapid form prototyping and form building with no coding effort.

  • Workflow Designer

    Build complex business scenarios to support various types of routing logic, using an easy drag-and-drop functionality. Create blueprints (reusable workflow templates) and user-specific workflows based on industry best practices.

    Trigger emails and system alerts or tasks based on the routing logic. Configure workflow emails for power users such as business administrators in an upgrade-safe manner.

    Enable business administrators or IT developers to define workflows for identifying, reviewing, approving, and publishing risks. Implement common custom business processes involving Boolean logic, such as “if the criticality is ‘low,’ skip the second approval step.” Also implement complex routing logic by using the custom PL/SQL stored procedures as hook procedures in the workflow transitions.

  • Report Designer

    Give authorized users the flexibility to create custom reports on an ad hoc basis. These users can select the source of data for the report (basically, a data universe), and go through a series of screens to define the types of columns to display, the formatting, sorting and grouping of columns, the filters and coloring conditions, the report type, and other options. They can also create reports using data from across different functions and processes to achieve a comprehensive enterprise view of information.

  • Other Key Capabilities

    Leverage the data import/ export capabilities to upload and download data based on your specific business needs. The data import capability helps upload data objects and forms by performing basic validations such as data type validations and checking against the list of values for drop-down fields. The data export capability helps download the published form data.

    Use the utilities (widgets) to configure forms, workflows, and apps. The change label widget helps update one or all references of the field label names in a single operation. Meanwhile, the clone components widget helps in cloning AppStudio components such as application IDs, forms, workflows, and the blueprints associated with the workflows.

  • Upgrade-Safe Configurations

    Leverage the component dependency tool and upgrade diff tool to analyze the impact of an upgrade while modifying a pre-packaged app. In addition, use the relationship configurator to modify pre-packaged GRC library relationships.

Request a demo Download RFP Template Pricing Contact