Palo Alto, California (PressExposure) May 09, 2011 -- Building on its on-going commitment to improve business performance through innovation, MetricStream, the market leader in enterprise-wide Governance, Risk and Compliance (GRC) solutions, today announced significant enhancements to its GRC Platform version 6. The new platform includes an enhanced GRC data model with a high degree of flexibility for designing GRC programs and processes. It also delivers superior user experience through intuitive navigation tools, visualization of GRC data, and simplified information sharing and collaboration capabilities. A sophisticated security and access control paradigm supports complex organizational structures with multiple business, functional and product lines.
Today, organizations are gradually moving away from silo-based applications towards a standardized and enterprise-wide GRC framework. MetricStream ensures that the framework supports independent risk, compliance and assurance functions and processes, while integrating them on a common information platform. Such an environment enables greater collaboration as well as improved visibility into business risks and controls.
Flexible and Extensible GRC Data Model: MetricStream GRC Platform 6 now includes the GRC Foundation - an extensive set of libraries for risks, controls, processes, policies, assets, organizations, regulations and other GRC elements. These entities are highly configurable, and can have attributes, relationships and workflows defined centrally and leveraged across the enterprise.
The platform architecture enables organizations to model functions such as Internal Audit, Operational Risk and Corporate Compliance in a comprehensive manner. It also enables the design of multi-disciplinary and integrated GRC ecosystems spanning a range of control and assurance processes such as Policy Management, Quality Management, Supplier Risks and Performance, IT Risks and Compliance, and Environment, Health and Safety (EHS).
The new platform is equipped with enhanced adaptive capabilities, enabling customers to swiftly respond to changes in risks and regulatory requirements. These changes could occur from developments in business environments, entrance into new markets, the launch of new products, or acquisitions and restructures.
New GRC data entities and objects can be built and seamlessly assimilated with the application environment, in adherence to specific customer requirements. For example, a customer could create a new entity that connects risks and controls, and enables the assessment of risk triggers.
"With the flexibility and ease of configuration that MetricStream GRC Platform now provides, our customers can establish a robust company-wide infrastructure that will always be risk-aware, regulation-ready and synchronized with governance standards," said Vidya Phalke, CTO at MetricStream. "MetricStream is delivering a blueprint to tie GRC with business strategy and performance."
Intuitive User Experience and Collaboration: User experience and navigation on the MetricStream GRC platform has also undergone significant changes. The platform includes new usability standards for improved navigation and easy access to contextual information. It also enables highly intuitive visualization of relationships between organizations, processes, risks, controls and regulations.
The platform will facilitate active GRC project management and efficient utilization of staff in large and globally dispersed teams. Advanced resource pool management, assignment tracking, milestones, distribution lists and shared calendars will enable greater collaboration across the organization, and better prioritization of GRC activities.
Enhanced Security and Access Management: The platform contains a highly configurable and flexible security model for administering access and security to application users. Security administrators can enable or restrict access to various GRC library objects with a strong two-step definition process.
The system contains robust capabilities for security, access controls, identity management, audit trails, electronic signatures, encryption, authorization and authentication. These capabilities ensure compliance with various international, national and regional regulations on record keeping, privacy, and protection of the quality and integrity of data (such as HIPAA, PCI and 21 CFR Part 11).
MetricStream is positioned in the Leaders Quadrant of the Gartner Magic Quadrant for Enterprise GRC Platforms, 2010.