In today’s digital world, organizations are facing increasing demands to layer governance, risk, and compliance (GRC) initiatives, and maintain a common GRC taxonomy across various stakeholders. They also have to deal with multiple regulatory requirements that have increased in line with fast-changing business environments. Meanwhile, the widespread adoption of BYOD devices has amplified data security concerns, and made IT risk and compliance management a daunting challenge.

In this context, organizations are realizing significant value in integrating business, IT, and security initiatives on a common GRC platform. This approach helps simplify and strengthen regulatory compliance and risk management in line with industry standards and best practices.

Download Fact Sheet

MetricStream GRC Platform

The MetricStream GRC Platform provides the enabling infrastructure to manage a wide range of regulatory requirements and risks related to data confidentiality, integrity, and availability. Built on J2EE and a thin-client architecture, the platform offers a consolidated, centralized framework to support multiple GRC related processes and requirements.

Through the GRC platform, a consistent and closed-loop approach to GRC can be maintained across sites and functions. The platform provides real-time visibility into compliance data. It also strengthens collaboration and co-ordination across various teams. The platform delivers an intuitive user experience along with sophisticated configurability, mobility, and advanced analytics built on a future-ready open architecture. The user interface is inherently suited to support accessibility requirements for users who are differently-abled. The platform is also certified for conformance with global accessibility standards and best practices as defined by WCAG 2.1 Level AA and Section 508.

The platform comes with other key capabilities such as workflows, configurable forms, integration frameworks, reports, executive dashboards, business intelligence, analytics, mobility, email alerts and notifications, and secure access control – all of which enable you to manage your GRC processes in an effective manner.


Delivering Business Value

  • Make GRC engaging with intuitive and personalized user interfaces, adaptive visualizations, and a modern architecture

  • Build confidence that GRC apps can be modified to address evolving business and market needs

  • Provide real-time visibility into business entities and GRC libraries through a centralized and flexible data model

  • Accelerate decision-making with contextual, real-time intelligence delivered through advanced reports and analytics 

  • Simplify access to data via mobile responsive interfaces; enable faster exchange of data between heterogeneous systems

M7 Platform Highlights

  • 1

    Engaging and Personalized User Experience
    Makes GRC processes context-sensitive and personalized for each user; facilitates an intuitive and engaging user experience

  • 2

    Supports app configurations and extensions in an upgrade-safe and scalable manner through the MetricStream AppStudio configuration framework; helps the organization adapt to change quickly

  • 3

    Mobility and Layering
    Provides a responsive interface that allows GRC processes to be managed across devices; leverages a REST API integration framework to layer the process over heterogeneous IT systems and business critical infrastructure

  • 4

    Reporting and Analytics
    Delivers powerful visualization tools and analytics to manage and monitor GRC trends, data relationships, and actions in real time across the extended enterprise

  • 5

    Lean and Robust Architecture
    Is built on a lean, modern, scalable, and extensible architecture that enables the global digital enterprises of today to seamlessly scale up and support new users, while also adding new apps and solutions to meet changing organizational needs


  • Development Framework

    Leverage the AppStudio toolkit to manage apps and solutions built on the MetricStream GRC Platform. Enable authorized users to personalize, configure, extend, and customize GRC apps based on evolving requirements. Gain a high degree of control and configurability at a low Total Cost of Ownership (TCO).

  • Integration Engine

    Use the platform’s Infolets to integrate with multiple external systems, and import information into a single repository. Depending on your business requirements, adopt various approaches to integration (including flat file Infolets, message bus-based integration, direct API interfaces, and web services). Leverage pre-built REST APIs to simplify integration via standard usage of data exchange formats and HTTP status codes.

  • Robust Security Infrastructure

    Gain advanced capabilities for security, access control, identity management, audit trails, electronic signatures, encryption, authorization, and authentication. Enable compliance with various international, national, and regional regulations on record keeping, privacy, and protection of data quality and integrity.

  • Federated Data Model

    Leverage the platform’s centralized data model with its library of risks, regulations, assets, controls, processes, issues, actions, reports, and other GRC related data objects. Define many-to-many relationships among these GRC objects to avoid duplication, and to enhance accountability. In addition, use the platform’s federated architecture to view the data model from multiple perspectives (e.g. risk manager, audit manager, business process owner, and financial product owner). Leverage the platform’s Multi-Dimensional Organizational Structure (MDOS) capability to add different business hierarchies or business entities such as location, legal entity, and lines of business (LOBs) as per business needs.

  • Reporting and Analytics Capabilities

    Gain real-time business intelligence through a built-in analytics and reporting engine with powerful reports and executive dashboards. Create custom reports through a robust report designer functionality. Enable authorized users to select the data for the report, and browse a series of screens to define reporting columns, formatting, sorting and grouping of the columns, filters and coloring conditions, report type, and other options.

    Use newer information visualization options such as a data explorer capability (to gain a 360-degree, holistic view of data), hover cards (to gain contextual intelligence for informed decisions and actionable insights), and metric cards (to gain quick insights, and to drill down into specific areas for more details).

  • Big Data Analytics

    Efficiently manage the increasing volume, velocity, and variety of enterprise data, and derive valuable risk and compliance related insights through the platform’s big data analytics capabilities. Tackle massive volumes of structured and unstructured data, including transactions, trades, social media, and multimedia content, weblogs, security logs, geo-location data, click streams, and email text. Seamlessly incorporate all this data into the risk assessment, analysis, mitigation, and reporting processes.

  • Mobility

    Leverage MetricStream’s mobility solutions to manage GRC programs through your mobile devices anywhere, and at any time. Efficiently manage the effort and time spent on GRC, while consistently monitoring GRC controls and processes.

  • Multi-Lingual Support

    Gain dynamic and flexible Multi-Lingual Support (MLS) capabilities that transcend language and geographic silos. Based on Java i18n standards and Oracle-supported UTF8 encodings, the platform internationalizes MetricStream applications to address local language requirements. Thus, you can successfully roll out an integrated GRC program across the enterprise, and sustain a culture of integrity, responsibility, and accountability.

  • Real-Time Monitoring And Troubleshooting

    Gain a system monitoring module with pre-packaged reports, charts, dashboards, and notifications to monitor and troubleshoot issues related to the MetricStream apps and platform. Enable end-to-end monitoring, while also tracking actionable insights, status information, and trend details.

  • Others

    Edit server-side documents (single attachment and rich text fields) through native clients, without having to download them. (Editing documents through native clients such as Microsoft Word ensures there is no formatting loss). Purge/ delete all obsolete saved tasks that are still in the initial stages of the workflow.

MetricStream Home Page

MetricStream Data Explorer View

Get a demo Download RFP Template Pricing Contact