MetricStream

Last Updated: 22nd August 2024
Analyst Coverage: Alan Rodger and David Norfolk

MetricStream is a well-established and prominent solution provider in the governance, risk and compliance (GRC) landscape, with a significant customer base across many industry sectors and geographical markets. Founded in 1999, the company’s two co-founders remain today, its chairman and co-CEO. MetricStream is one of the longest-standing GRC players – certainly the only one which has maintained its independence for so long. It has achieved steady and impressive growth over many years while the customer demand for GRC solutions has increased, to become one of the largest in its market. Its solution range has expanded greatly – unlike many competitors, MetricStream has built each area of new functionality onto its platform rather than acquiring competitors and integrating their solutions. Its workforce numbers over 1,000, serving a user base of 1.1 million+ users.

The company’s reach extends globally, with a presence in the Americas, UK & Western Europe, APAC, and MEA. The main industry focus is on: Banking & Financial Services; Healthcare and Life Sciences; Technology; Energy and Utilities; Telecoms, Media and Entertainment; Retail and Consumer; and Manufacturing sectors. Organisations adopted Connected GRC to manage various aspects of risk management, compliance, and governance strategies across multiple countries and business functions.

Company Info

Headquarters: 6201 America Center Drive, Suite 240, San Jose, CA 95002, USA
Telephone: +1 650 620 2955

ConnectedGRC

Last Updated: 22nd August 2024
Mutable Award: Gold 2024

What is it?

Fig 1 - MetricStream products and platform

ConnectedGRC by MetricStream (see Figure 1) is a comprehensive, integrated platform designed to address a broad range of complex and interconnected organisational GRC-related challenges in today’s dynamic business environment. These challenges are addressed by solutions in three product groups: BusinessGRC, CyberGRC, and ESGRC. All are underpinned by a low-code/no-code GRC platform that incorporates critical supporting capabilities e.g. multi-dimensional organisational structure support, APIs and connectors for integration, self-service reporting, advanced security features, and more.

BusinessGRC encompasses a wide range of functionalities including Enterprise Risk Management (ERM), Operational Risk Management (ORM), Internal Audit, SOX Compliance, Third-party Risk Management, Regulatory Compliance, Regulatory Change Management, Business Continuity support, and Operational Resilience.

CyberGRC focuses on risk and compliance for IT and cyber environments, as well as IT Vendor Risk Management. Its features include a centralised repository for assets and risks, a library supporting connectivity between risks and controls, threat and vulnerability assessment/scoring, support for risk quantification, and automated control testing.

ESGRC, a relatively new focus for MetricStream, supports metrics, assessment, certifications and reporting relevant for the growing importance of Environmental, Social, and Governance to overall organisational operations and risk management.

ConnectedGRC also incorporates AISpire, a solution which can apply AI techniques to risk, and control analytics, as well as providing recommendations and integrating AI into workflows throughout the company’s solutions. AISpire can also be applied to other GRC solutions.

ConnectedGRC is designed to be highly flexible and adaptable, allowing for personalisation, configuration, extension, and customisation to meet specific business needs. Its design also incorporates user-friendly interfaces with features like guided navigation, consolidated task views, and connected reporting to deliver quick insight into risks and compliance status. The capabilities are also available via a mobile app.

All solutions are built via a lo/no-code development approach, on a unified, cloud-based platform that leverages AI and ML, and provides configurable analytics and self-service reporting as well as core features such as integration facilities and security.

Customer Quotes

“MetricStream has provided the Company with a unique and integrated system to manage, coordinate and track multiple types of activities, efficiently accumulate risk and compliance data and transform them into processable business intelligence to support decision making.”
$30B+ Energy & Utilities company, focused on GRC around Process Controls

“Very flexible product and excellent support attentiveness. Having used the product for over 3 years now, I’m impressed with the level of support we continue to receive from the vendor. We have established a solid partnership that keeps any requests for support or expansion of product use cases handled efficiently and effectively.”
Head of Enterprise Risk Management, $10B – $30B, Global Manufacturing Firm

What does it do?

ConnectedGRC is a comprehensive solution enabling organisations to manage, monitor, and mitigate risks while ensuring compliance across various domains of the business. Its integration across domains facilitates the development of greater maturity in managing risks, by enabling an integrated and pervasive GRC approach. This can encompass risk, compliance, audit, cyber, and ESG functions sharing common taxonomies and frameworks, adopting agile approaches, and implementing self-service capabilities. Throughout, its AI/ML capabilities can help with automation, to reduce repetitive tasks and enhance decision-making processes.

Key functionalities include:

Risk Management, supporting risk assessments, risk mitigation and acceptance processes, and tracking of key risk indicators across ERM and ORM requirements.
Compliance Management, which helps manage regulatory compliance, policy management, and regulatory change tracking, as well as incorporating case and incident management to organise workflow.
Audit Management, which supports the entire audit lifecycle, including audit universe management, planning, resource management, execution, and reporting.
Cyber Risk and Compliance, which provides tools for IT and cyber risk management, threat and vulnerability assessment, and IT and cyber compliance.
Third-Party Risk Management, which incorporates onboarding, due diligence, periodic assessments, performance management, and continuous monitoring of third parties.
Business Continuity, which supports business impact analysis, continuity planning, and crisis management.
AiSPIRE, which supports a growing range of additional capabilities e.g. AI-infused workflows, smart policy search, intelligent risk scoring, and predictive functions within decision-making.

Its integration capabilities include over 300 APIs and pre-built connectors, supporting organisations’ requirements for integration with various enterprise systems, and enabling autonomous compliance monitoring, risk assessment, and evidence collection (all of which can incorporate automation).

Reporting and analytics functions can connect across different organisational areas and the risk, compliance, audit, and third-party risk functions, enabling both the highest level of insight and drill-down into problems and causes.

The bottom line

A range of qualities and capabilities contribute to the key value propositions of ConnectedGRC.

Primarily, by integrating key GRC functions on a single platform, the solution provides a holistic view of an organisation’s risk landscape, enabling better decision-making and more effective risk management. This also underpins easier attainment and reporting of complex compliance responsibilities. AI and ML are augmenting the improvement of decision-making, as well as adding more value to improving process efficiency and reducing manual effort. And the foundation of a low-code/no-code architecture enables adaptation to meet specific organisational needs with faster delivery timescales to accommodate change.

MetricStream states that customers have reported significant improvements in efficiency and cost savings e.g. a leading global stock exchange, which reduced its annual program cost from $17M to $13M, and decreased the number of controls in use by around 30%. Another key area for organisational GRC efficiency improvement is regulatory change management, and ConnectedGRC provides a pipeline of future changes, along with organisational impact analysis, to help customers avoid future compliance violations.

The bottom line is that ConnectedGRC by MetricStream offers a powerful, comprehensive solution for organisations looking to transform their approach to GRC. It enables businesses to not just manage risks, but to embrace and thrive on risk, turning GRC from a necessary overhead into a strategic driver of business value. With its advanced technology and solution maturity, plus MetricStream’s deep domain expertise and strong community of users, ConnectedGRC is in a leading position in the ever-evolving landscape of integrated risk management and GRC solutions.

Mutable Award: Gold 2024

Commentary

Coming soon.

Solutions

ConnectedGRC

Research

ConnectedGRC, by MetricStream

ConnectedGRC by MetricStream addresses a broad range of complex and interconnected organisational GRC-related challenges in today’s dynamic business environment.

Data Assurance

This report is about assuring the quality and provenance of your data from both internal and external perspectives.

Further Information »