In today’s digital world, organizations are facing increasing demands to layer governance, risk, and compliance (GRC) initiatives, and maintain a common GRC taxonomy across various stakeholders. They also have to deal with multiple regulatory requirements that have increased in line with fast-changing business environments. Meanwhile, the widespread adoption of BYOD devices has ampliﬁed data security concerns, and made IT risk and compliance management a daunting challenge.
In this context, organizations are realizing signiﬁcant value in integrating business, IT, and security initiatives on a common GRC platform. This approach helps simplify and strengthen regulatory compliance and risk management in line with industry standards and best practices.Download Fact Sheet
MetricStream GRC Platform
The MetricStream GRC Platform provides the enabling infrastructure to manage a wide range of regulatory requirements and risks related to data conﬁdentiality, integrity, and availability. Built on J2EE and a thin-client architecture, the platform oﬀers a consolidated, centralized framework to support multiple GRC related processes and requirements.
Through the GRC platform, a consistent and closed-loop approach to GRC can be maintained across sites and functions. The platform provides real-time visibility into compliance data. It also strengthens collaboration and co-ordination across various teams. The platform delivers an intuitive user experience along with sophisticated conﬁgurability, mobility, and advanced analytics built on a future-ready open architecture. The user interface is inherently suited to support accessibility requirements for users who are diﬀerently-abled. The platform is also certiﬁed for conformance with global accessibility standards and best practices as deﬁned by WCAG 2.1 Level AA and Section 508.
The platform comes with other key capabilities such as workﬂows, conﬁgurable forms, integration frameworks, reports, executive dashboards, business intelligence, analytics, mobility, email alerts and notiﬁcations, and secure access control – all of which enable you to manage your GRC processes in an eﬀective manner.
Delivering Business Value
Make GRC engaging with intuitive and personalized user interfaces, adaptive visualizations, and a modern architecture
Build confidence that GRC apps can be modified to address evolving business and market needs
Provide real-time visibility into business entities and GRC libraries through a centralized and flexible data model
Accelerate decision-making with contextual, real-time intelligence delivered through advanced reports and analytics
Simplify access to data via mobile responsive interfaces; enable faster exchange of data between heterogeneous systems
M7 Platform Highlights
Engaging and Personalized User Experience
Makes GRC processes context-sensitive and personalized for each user; facilitates an intuitive and engaging user experience
Supports app configurations and extensions in an upgrade-safe and scalable manner through the MetricStream AppStudio configuration framework; helps the organization adapt to change quickly
Mobility and Layering
Provides a responsive interface that allows GRC processes to be managed across devices; leverages a REST API integration framework to layer the process over heterogeneous IT systems and business critical infrastructure
Reporting and Analytics
Delivers powerful visualization tools and analytics to manage and monitor GRC trends, data relationships, and actions in real time across the extended enterprise
Lean and Robust Architecture
Is built on a lean, modern, scalable, and extensible architecture that enables the global digital enterprises of today to seamlessly scale up and support new users, while also adding new apps and solutions to meet changing organizational needs
Leverage the AppStudio toolkit to manage apps and solutions built on the MetricStream GRC Platform. Enable authorized users to personalize, configure, extend, and customize GRC apps based on evolving requirements. Gain a high degree of control and configurability at a low Total Cost of Ownership (TCO).
Use the platform’s Infolets to integrate with multiple external systems, and import information into a single repository. Depending on your business requirements, adopt various approaches to integration (including flat file Infolets, message bus-based integration, direct API interfaces, and web services). Leverage pre-built REST APIs to simplify integration via standard usage of data exchange formats and HTTP status codes.
Robust Security Infrastructure
Gain advanced capabilities for security, access control, identity management, audit trails, electronic signatures, encryption, authorization, and authentication. Enable compliance with various international, national, and regional regulations on record keeping, privacy, and protection of data quality and integrity.
Federated Data Model
Leverage the platform’s centralized data model with its library of risks, regulations, assets, controls, processes, issues, actions, reports, and other GRC related data objects. Define many-to-many relationships among these GRC objects to avoid duplication, and to enhance accountability. In addition, use the platform’s federated architecture to view the data model from multiple perspectives (e.g. risk manager, audit manager, business process owner, and financial product owner). Leverage the platform’s Multi-Dimensional Organizational Structure (MDOS) capability to add different business hierarchies or business entities such as location, legal entity, and lines of business (LOBs) as per business needs.
Reporting and Analytics Capabilities
Gain real-time business intelligence through a built-in analytics and reporting engine with powerful reports and executive dashboards. Create custom reports through a robust report designer functionality. Enable authorized users to select the data for the report, and browse a series of screens to define reporting columns, formatting, sorting and grouping of the columns, filters and coloring conditions, report type, and other options.
Use newer information visualization options such as a data explorer capability (to gain a 360-degree, holistic view of data), hover cards (to gain contextual intelligence for informed decisions and actionable insights), and metric cards (to gain quick insights, and to drill down into specific areas for more details).
Big Data Analytics
Efficiently manage the increasing volume, velocity, and variety of enterprise data, and derive valuable risk and compliance related insights through the platform’s big data analytics capabilities. Tackle massive volumes of structured and unstructured data, including transactions, trades, social media, and multimedia content, weblogs, security logs, geo-location data, click streams, and email text. Seamlessly incorporate all this data into the risk assessment, analysis, mitigation, and reporting processes.
Leverage MetricStream’s mobility solutions to manage GRC programs through your mobile devices anywhere, and at any time. Efficiently manage the effort and time spent on GRC, while consistently monitoring GRC controls and processes.
Gain dynamic and flexible Multi-Lingual Support (MLS) capabilities that transcend language and geographic silos. Based on Java i18n standards and Oracle-supported UTF8 encodings, the platform internationalizes MetricStream applications to address local language requirements. Thus, you can successfully roll out an integrated GRC program across the enterprise, and sustain a culture of integrity, responsibility, and accountability.
Real-Time Monitoring And Troubleshooting
Gain a system monitoring module with pre-packaged reports, charts, dashboards, and notifications to monitor and troubleshoot issues related to the MetricStream apps and platform. Enable end-to-end monitoring, while also tracking actionable insights, status information, and trend details.
Edit server-side documents (single attachment and rich text ﬁelds) through native clients, without having to download them. (Editing documents through native clients such as Microsoft Word ensures there is no formatting loss). Purge/ delete all obsolete saved tasks that are still in the initial stages of the workﬂow.