November 12, 2014 | Palo Alto, California: MetricStream, a leading provider of Governance, Risk, and Compliance (GRC) solutions today announced that the company has been positioned in the "Leaders" Quadrant of the 2014 Magic Quadrant for IT Vendor Risk Management1

"We are pleased to be positioned as a Leader in Gartner's Magic Quadrant for IT VRM," said Gaurav Kapoor, Chief Operating Officer at MetricStream. "Organizations are facing frequent regulatory changes, rising operational complexity, and an increasingly risky and diverse multi-tier vendor ecosystem. These challenges are further accelerated due to new and emerging risk areas such as the movement of infrastructure and data to the cloud, increasing sophistication in data theft and cyber-crime, mobility, prolific social media usage, and the introduction of disruptive e-commerce and payment methods."

Continued Mr. Kapoor, "We are privileged to be working with customers across industries, helping them with their VRM programs across direct and indirect vendors. We are making significant R&D investments to continue to drive innovation in the areas of content, big data, mobility, and cloud. We are also making it easier for our customers to adopt these pre-packaged applications and programs. As an example, one of the largest insurance companies in the world recently automated their VRM program across hundreds of users within a few weeks, in response to a regulatory deadline. Today, they are continuing to expand their VRM program across multiple facets of vendor governance with MetricStream."

MetricStream's GRC platform and applications allow customers to tie their VRM program to other areas such as vendor performance, quality, audits, compliance, and contract management in a way that drives more holistic GRC programs supported by real-time analytics. 

The increasing incidence of data breaches has raised concerns that companies are not doing enough to mitigate the risks associated with their IT service providers. Today, these providers are increasingly being given access to confidential data - such as credit card details and protected health information – which makes them high-risk entities. Consequently, regulators have introduced a series of new VRM standards and guidelines such as PCI DSS 3.0 and OCC mandates. CIOs across industries are under increasing pressure to build a more robust IT VRM program that effectively mitigates vendor risks, manages vendor performance, and secures confidential data. CIOs continue to look to MetricStream to enable and support them on this journey. 

The Gartner reports says, "While some organizations look for broad GRC platforms that include IT VRM capabilities, others are more interested in using IT VRM software to solve a risk- or regulation-related challenge in the short term. However, the latter group many may end up buying a broader set of capabilities for IT risk management, operational risk management and business continuity management, among other things, to solve broader enterprise risk needs." 

MetricStream's cloud-based Vendor Risk Management Application is pre-prepackaged and easy to adopt. Users can streamline and automate end-to-end vendor risk assessments, monitoring, and mitigation. The application can also be used for more comprehensive programs which require risk assessments across multiple levels of vendors, products, services, locations, and regulations. 

The application has the ability to integrate and share risk data with a multitude of other GRC applications, such as those for IT risk management, compliance, audit management, policy management, and business continuity management. Integration with MetricStream's offers data feeds around vendor-specific regulations, standards, and social media conversations. 

MetricStream is continuing to focus its resources on innovation, research, and development. The company is committed to simplifying and accelerating implementations and helping customers realize greater value from their GRC investments.

1Magic Quadrant for IT Vendor Risk Management by Christopher Ambrose, Gayla Sullivan, and Kris Doering. 29 October 2014

About the Magic Quadrant
Gartner does not endorse any vendor, product or service depicted in its research publications, and does not advise technology users to select only those vendors with the highest ratings or other designation. Gartner research publications consist of the opinions of Gartner's research organization and should not be construed as statements of fact. Gartner disclaims all warranties, expressed or implied, with respect to this research, including any warranties of merchantability or fitness for a particular purpose.

About MetricStream

MetricStream is the independent market leader in enterprise cloud applications for governance, risk, compliance (GRC), and quality management. MetricStream apps and software solutions improve business performance by strengthening risk management, corporate governance, regulatory compliance, audit management, vendor governance, and quality management for organizations across industries, including banking and financial services, health care, life sciences, energy and utilities, consumer brands, government, technology, and manufacturing. MetricStream is headquartered in Palo Alto, California, with an operations and GRC innovation center in Bengaluru, India, and sales and operations support in 12 other cities globally.(

Press contact

[email protected]

Get a demo Download RFP Template Pricing Contact