Businesses today operate in an extremely dynamic environment with continuously changing organizational structures, processes, functions, and people. GRC processes and methodologies are also in a constant state of flux with new risks emerging, and compliance regulations growing and evolving at a rapid pace.

Many organizations currently operate legacy systems and internally built GRC applications that are difficult to upgrade. As a result, adapting to risk and compliance changes becomes a complex, time-consuming, and costly process. To keep up with these changes, organizations need a GRC framework that is flexible, extensible, and configurable.

Download Fact Sheet

MetricStream AppStudio

AppStudio is a cloud-based, next-generation framework that enables you to effectively manage apps and solutions built on the MetricStream GRC Platform. With AppStudio, authorized users can personalize, configure, extend, and customize GRC apps to address evolving requirements. AppStudio is unique in the breadth of scenarios it supports, ranging from personalizing GRC apps based on user preferences, to configuring apps based on advanced business and IT requirements.

AppStudio provides an extensible GRC architecture to adapt to ongoing change rapidly, and reduce the associated costs. With AppStudio, you can perform the following:


Enable business users to make upgrade-safe changes without coding to suit his/her individual needs and preferences (Figure 1). 


Enable a power user or administrator to make upgrade-safe changes without coding. Either an existing app functionality can be changed, or a net new functionality can be created (Figure 2).


Enable a power user or developer to make upgrade-safe changes with coding. Either an existing app functionality can be changed, or a net new functionality can be created.


Make changes to an existing app functionality with or without coding. Once these changes are made, upgrades will require additional effort and testing. 


Delivering Business Value

  • Gain agility by tailoring GRC apps to meet the changes in business requirements

  • Accelerate app development with high-level building blocks, reusable code libraries, and design methods

  • Reduce configuration time by using drag-and-drop tools and other visual elements

  • Provide assurance that business specific changes can be applied to GRC apps in an upgrade safe manner

  • Stay ahead of the regulatory curve by adapting to regulatory changes rapidly, and reducing the associated costs

M7 Platform Highlights

  • 1

    Engaging and Personalized User Experience
    Makes GRC processes simple, context-sensitive, and personalized for each user; facilitates an intuitive and engaging user experience

  • 2

    Supports app configurations and extensions in an upgrade-safe and scalable manner through the MetricStream AppStudio configuration framework; helps the organization adapt to change quickly

  • 3

    Mobility and Layering
    Provides a responsive interface that allows GRC processes to be managed across devices; leverages a REST API integration framework to layer GRC processes over heterogeneous IT systems and business critical infrastructure

  • 4

    Reporting and Analytics
    Delivers powerful visualization tools and analytics to manage and monitor GRC trends, data relationships, and actions in real time across the extended enterprise

  • 5

    Lean and Robust Architecture
    Is built on a lean, modern, scalable, and extensible architecture that enables the global digital enterprises of today to seamlessly scale up and support new users, while also adding new apps and solutions to meet changing organizational needs


  • Data Designer

    Create business or data objects such as risk objects, audit objects, and issue objects with minimal coding and technical expertise. Leverage simple drag-and-drop options to define form categories, and lay them out in the desired manner.

    Build relationships between data objects through innovative features such as Advanced Data Types (ADT). For example, associate risk objects with control objects, organization objects and more. Essentially, model the system with simple configurations to achieve complex functionalities, while also building forms and reports.

    Define the data model for an app, consisting of data objects (e.g. risks, controls) and the attributes that are associated with each of these objects (e.g. risk name, type, impact). Define these entities either independently, or take them from the MetricStream GRC Platform’s pre-existing library.

  • Form Designer

    Leverage built-in industry best practices to build forms with the latest user interaction components. Include various fields in the form (text, drop-down, RTF, attachments, and more), as well as form elements such as tabs and sections.

    Use the system’s advanced visualization capabilities such as grid layouts and hierarchical tree layouts to represent complex relationships across multiple data objects in simple interfaces. The browser-based IDE consists of various advanced widgets to support rapid form prototyping and form building with no coding effort.

  • Workflow Designer

    Build complex business scenarios to support various types of routing logic, using an easy drag-and-drop functionality. Create blueprints (reusable workflow templates) and user-specific workflows based on industry best practices.

    Trigger emails and system alerts or tasks based on the routing logic. Configure workflow emails for power users such as business administrators in an upgrade-safe manner.

    Enable business administrators or IT developers to define workflows for identifying, reviewing, approving, and publishing risks. Implement common custom business processes involving Boolean logic, such as “if the criticality is ‘low,’ skip the second approval step.” Also implement complex routing logic by using the custom PL/SQL stored procedures as hook procedures in the workflow transitions.

  • Report Designer

    Give authorized users the flexibility to create custom reports on an ad hoc basis. These users can select the source of data for the report (basically, a data universe), and go through a series of screens to define the types of columns to display, the formatting, sorting and grouping of columns, the filters and coloring conditions, the report type, and other options. They can also create reports using data from across different functions and processes to achieve a comprehensive enterprise view of information.

  • Other Key Capabilities

    Leverage the data import/ export capabilities to upload and download data based on your specific business needs. The data import capability helps upload data objects and forms by performing basic validations such as data type validations and checking against the list of values for drop-down fields. The data export capability helps download the published form data.

    Use the utilities (widgets) to configure forms, workflows, and apps. The change label widget helps update one or all references of the field label names in a single operation. Meanwhile, the clone components widget helps in cloning AppStudio components such as application IDs, forms, workflows, and the blueprints associated with the workflows.

  • Upgrade-Safe Configurations

    Leverage the component dependency tool and upgrade diff tool to analyze the impact of an upgrade while modifying a pre-packaged app. In addition, use the relationship configurator to modify pre-packaged GRC library relationships.

Get a demo Download RFP Template Pricing Contact