ConnectedGRC

Drive a Connected GRC Program for Improved Agility, Performance, and Resilience

Explore the right questions to ask before buying a Cyber Governance, Risk & Compliance solution.

Explore the right questions to ask before buying a Cyber Governance, Risk & Compliance solution.

Learn More

Discover ConnectedGRC Solutions for Enterprise and Operational Resilience

Learn about the EU’s Digital Operational Resilience Act (DORA) and how you can prepare for it.

Learn about the EU’s Digital Operational Resilience Act (DORA) and how you can prepare for it.

Learn More

Explore What Makes MetricStream the Right Choice for Our Customers

Robert Taylor from LSEG shares his experience on implementing an integrated GRC program with MetricStream

Robert Taylor from LSEG shares his experience on implementing an integrated GRC program with MetricStream

Learn More

Discover How Our Collaborative Partnerships Drive Innovation and Success

Watch Lucia Roncakova from Deloitte Central Europe, speak on how the partnership with MetricStream provides collaborative GRC solutions

Watch Lucia Roncakova from Deloitte Central Europe, speak on how the partnership with MetricStream provides collaborative GRC solutions

Learn More

Find Everything You Need to Build Your GRC Journey and Thrive on Risk

Download this report to explore why cyber risk is rising in significance as a business risk.

Download this report to explore why cyber risk is rising in significance as a business risk.

Learn More

Learn about our mission, vision, and core values

Gurjeev Sanghera from Shell explains why they chose MetricStream to advance on the GRC journey

Gurjeev Sanghera from Shell explains why they chose MetricStream to advance on the GRC journey

Learn More
+1-650-620-2955
+1-650-620-2955 Contact Us Request Demo
×
Hit enter to search or ESC to close
The key components include:

1. Infrastructure and Operating system,

2. Core software components, and

3. MetricStream Web application

MetricStream’s security architecture is based on a Shared Responsibility model. Infrastructure, Operating System, and Core software components are MetricStream’s responsibility. MetricStream leverages a well-architected ‘security in layers’ design, vendor/ OEM updates, VA/PT, and Bitsight scans to maintain and enforce robust controls.

By the very nature of the application’s configurability, extensions, and customizations, responsibility for MetricStream’s Web Application security is shared between Customers and MetricStream. The MetricStream Web Applications are designed with Secure SDLC principles and validated via Application Pen testing at every release.

Image removed.
 
Customer’s Responsibility

MetricStream Cloud leverages a multi-instance model (not multi-tenant) so customers can plan software upgrades independently. Customers have two possible upgrade paths to maintain software currency with security improvements and features of the MetricStream Web Application:

  • 1. Upgrade to the latest version of the platform and applications as soon as they are released. Customizations and extensions need to be considered during the upgrade process.
  • 2. Customers do not have to upgrade at every release; however, customers should upgrade at least once a year to the current release to take advantage of feature and security improvement. If customers do not upgrade annually, they run the risk of not exploiting these improvements and potentially running on unsupported software.
 
lets-talk-img

Ready to get started?

Speak to our experts Let’s talk