November 09, 2011 | Palo Alto, California: MetricStream Inc., a leading provider of enterprise-wide Governance, Risk, Compliance (GRC) Management solutions today announced that MetricStream IT-GRC Solution received a 'Positive' rating in Gartner's report entitled 'MarketScope for IT Governance, Risk and Compliance Management'.
"MetricStream IT-GRC Solution is empowering Information Technology and Security groups at corporations across the world to facilitate a fully-integrated, real-time, transparent and automated approach to IT risk and compliance management," says Shellye Archambeau, CEO of MetricStream. "We believe that Gartner's 'Positive' MarketScope rating affirms our strong position in the market and our rich product capabilities to enable customers to proactively measure and manage their IT and process controls."
According to the MarketScope report, "the core IT GRCM functions are: Controls and policy mapping, Policy distribution and training attestation, IT control self-assessment and measurement, IT GRCM asset repository, automated general computer control collection (configuration and vulnerability assessment), remediation and exception management, IT compliance dashboards and reporting and IT risk evaluation."
The report highlights the growing demand for IT GRCM technology with a greater emphasis on technology-related requirements, such as integration and management of automated control data from security and infrastructure tools. According to the MarketScope report, "The IT GRCM market benefits organizations that wish to automate and improve existing processes for measuring, managing and reporting IT controls that are ready for automation."
MetricStream IT-GRC solution ships with out-of-the-box integrations with various security and IT infrastructure applications, with pre-defined rules and interfaces to facilitate data import, export and functions such as risk and control scoring. This includes connectors for various IT security and infrastructure tools for Threat and Vulnerability Management, SIEM and Log Management, Segregation of duties (SoD) and User Provisioning, Incident Monitoring and Problem Management, Configuration Management, Operations and Asset Management, Network Virtualization and Scanning, Utility Smart Grid and Facilities devices. In addition, the solution ships with a wide range of IT regulations, standards, controls, and policy content that is regularly updated. This includes control standards such as COBIT, FFIEC, ISO 27001 and NIST-SP800, regulations such as Basel II, FISMA, GLBA, HIPAA, NERC, PCI and SOX and security configuration policies from CIS, FDCC / USGCB and NIST.
Through these capabilities, MetricStream enables customers to perform real-time risk assessments, monitor controls continually, proactively detect and resolve incidents, and ensure compliance with the full spectrum of IT standards and regulations for data governance, security and privacy.
MetricStream IT-GRC solution is well-recognized for its flexible, work-flow driven and automated approach to managing end-to-end IT-GRC requirements. In addition, the company also enables a strategic, top-down approach that address requirements of business executive by integrating Enterprise GRC (E-GRC) and IT-GRC programs on a single, centralized platform. Such an approach integrates IT risk and compliance with financial, legal, HR and operational governance requirements from a measurement and reporting perspective to provide a holistic view for effective enterprise risk management (ERM).
"The increasing inter-relationships between E-GRC and IT-GRC indicate that Governance, Risk, Compliance for Business, IT and Security are converging," says Gaurav Kapoor, COO of MetricStream. "MetricStream is at the forefront of this trend, having already established a formidable leadership in the E-GRC space. By integrating Business, IT and Security GRC on a common platform, we are enabling customers to facilitate a holistic and sustainable top-down approach to GRC that focuses on performance and results. At the same time, the solution enables IT and IS managers to leverage bottom-up risk and control information such as vulnerability, patch and configuration control data."
* Gartner, Inc., MarketScope for IT Governance, Risk and Compliance Management, by Mark Nicolett and Paul E. Proctor, September 30th, 2011
About the MarketScope report
Gartner does not endorse any vendor, product or service depicted in our research publications, and does not advise technology users to select only those vendors with the highest ratings. Gartner research publications consist of the opinions of Gartner's research organization and should not be construed as statements of fact. Gartner disclaims all warranties, expressed or implied, with respect to this research, including any warranties of merchantability or fitness for a particular purpose.