June 17, 2010 | Palo Alto, California: MetricStream Inc., a leading provider of Governance, Risk and Compliance (GRC) solutions, that MetricStream IT-GRC Solution received a Promising rating in Gartner’s report entitled in, 2010 " MarketScope for IT Governance, Risk and Compliance Management." Coming on the heel of this report, Haymarket Media’s SC Magazine, the popular publication for IT Security Professionals, published a detailed product review of MetricStream IT-GRC Solution awarding it a 5-Star overall rating.
According to the Gartner report, authored by Gartner Vice Presidents and Distinguished Analysts Paul Proctor and Mark Nicolett, “IT GRCM products support operation risk management through functions that measure, manage, and report on IT-centric technology and process controls. Organizations can use IT GRCM products to document and assess their IT-centric technology and process controls.” As per Gartner, the core IT GRCM functions are: controls and policy mapping, policy distribution and training attestation, IT control self-assessment and measurement, IT GRCM asset repository, automated general computer control (GCC) collection, remediation and exception management, compliance reporting, IT compliance dashboards and IT risk evaluation.
“There is a clear convergence of IT-GRC and Enterprise GRC as the two are intertwined. Our customers are reaping the benefits of adopting a common platform for GRC that can gather and report risk and compliance information across the enterprise spanning IT, operations, legal, compliance, finance and supply chain functions,” said Gaurav Kapoor, CFO and General Manager at MetricStream. “We believe Gartner’s report confirms our position in the market and our commitment to providing customers with an integrated GRC Platform designed to help them achieve better business performance.”
MetricStream provides a comprehensive IT-GRC Solution with rich capabilities for:
- Asset Discovery
- Vulnerability Assessment
- IT Risk and Policy Management
- Continuous Compliance Monitoring
- Entitlement Lifecycle Management
- Automated Remediation
MetricStream IT-GRC solution allows customers to effectively manage policies, risks, control objectives and controls - for compliance with IT standards and best practices such as Cobit, ITIL, ISO 27002, FFIEC, NIST and industry regulations such as NERC, PCI, HIPAA, BASEL II, FISMA , GLBA and SOX. The solution is integrated with control and audit automation infrastructure to respond to real-time threats, incidents and vulnerabilities. With its open architecture and powerful Infolets - user-configurable adapters for rapid integration - MetricStream effectively connects with infrastructure systems and applications for network scanning, security monitoring and device management to enable seamless capture of incidents and vulnerabilities, real-time risk assessments, continuous control monitoring and efficient response management. It supports automating risk identification, assessment and mitigation processes based on IT asset profile and impact on business.
Customer can further reduce complexity and costs by leveraging Network Frontiers Unified Compliance Framework (UCF) database which maps and harmonizes more than 2,500 IT control statements to more than 400 regulations, standards and frameworks. The solution’s entitlement management capabilities record identity conflicts and segregation of duties issues for increasing effectiveness of IT governance initiatives. Salient features that enable a risk-based approach to IT-GRC include:
- Continuous scanning and monitoring of the IT infrastructure
- Sophisticated IT policy management - from IT SOPs to device level policies with mapping to assets
- Lightweight Infolets - user-configurable adapters for rapid integration
- Integrated IT risk and analytics with business risk and governance
- Linking compliance and risk objectives with IT security threats and business policies
- Managing issues and track compliance to various industry and security standards
- Policy enforcements in dedicated as well as virtualized environments
- Entitlement management with role-based identity and Segregation of Duties (SoD) management
According to Michael Lipinski of SC Magazine, “(MetricStream’s) ability to report on a risk and correlate it right down to the list of specific controls in various regulatory bodies was great. Most organizations are subject to more than one legal or regulatory requirement, and the ability to quickly group and summarize risk to the combined controls is very helpful.”
Within the realms of IT Risk Management, Vendor Risk Management (VRM) and Business Continuity Planning (BCP) are becoming a core competency for organizations to ensure that they have a contingency plan in place to support their business should the worst happen or the vendors supporting their mission-critical systems fails them. MetricStream IT-GRC solution suite includes a comprehensive VRM application to help institute a repeatable and sustainable vendor risk and compliance management program to assess, analyze, mitigate and monitor vendor risks against internal policies as well as industry standards and regulations.
MetricStream also provides an integrated and flexible framework for embedding BCP in the risk management model and streamlining BCP lifecycle stages of analysis, design, implementation, testing and acceptance and maintenance based on industry standards such as BS 25999.