Simplify IT Compliance by Leveraging the MetricStream and UCF Common Controls Hub Integration
Select a section from the dropdown
  • MetricStream

    MetricStream MetricStream provides enterprise and cloud Apps for Governance, Risk and Compliance (GRC) for modern and digital enterprises.

    MetricStream’s market-leading Apps for GRC enable organizations to strengthen risk management, regulatory compliance, vendor governance, and quality management while driving business performance.  Their simple and modular approach to GRC is transforming risk management in a business environment that is increasingly mobile, social, global, and virtual.

    Consistently rated as a market leader by leading analysts, MetricStream has received several awards and recognitions for product innovation and customer success.

    MetricStream is headquartered in Palo Alto, California, and has offices across the globe.

    Industries Served:

    • Airlines
    • Automotive
    • Banking and Financial Services
    • Consumer Product Goods
    • Energy and Utilities
    • Food and Beverage
    • Government
    • Health Insurance
    • Healthcare
    • Insurance
    • Manufacturing
    • Medical Devices
    • Mining
    • Oil and Gas
    • Pharmaceuticals and Life Sciences
    • Retail

    The MetricStream Advantage

    • Supports the IT compliance lifecycle from designing compliance frameworks to linking controls and policies
    • Integrates GRC content, through GRC Intelligence, from multiple sources in real-time
    • Facilitates issue and remediation management effectively through a systematic and streamlined approach
    • Leverages the UCF content library
    • Helps configure, schedule, and execute self-assessments, certifications, and surveys
    • Provides enterprise-wide visibility through dashboards and risk heat maps

    There has been a dramatic increase in the number of compliance and regulatory requirements for the IT function in organizations. With international IT regulations such as COSO, COBIT, ITIL, ISO 27001/27002, PCI-DSS, FISMA, and NIST 800-53, and an evolving cybersecurity threat landscape, CISOs and CIOs are under constant pressure to manage IT compliance in a more efficient and integrated manner.

    The MetricStream IT Compliance Management App simplifies and streamlines the compliance management lifecycle across IT enterprises. The app allows you to adopt a centralized approach to IT compliance management, and provides top-level visibility into compliance processes across geographies, business units, and functional departments. The app also enables you to stay informed about the key changes and updates across IT regulations by integrating with authoritative sources.  Additionally, the app standardizes controls across multiple IT regulations based on the industry-standard UCF library.

    • IT Compliance Environment Design The MetricStream IT Compliance Management App builds and maintains a central structure of the overall IT compliance hierarchy, including processes, assets, risks, controls, and audits. The app also maps controls to compliance regulations and policies to provide an integrated approach to on-going IT compliance activities.
    • UCF Common Control Hub The app leverages the industry-leading UCF common controls hub to standardize and harmonize control sets across multiple IT regulations. The tight integration between UCF and the MetricStream GRC library enables dynamic linking of regulations with UCF control statements.
    • Self-Assessments and Surveys The IT Compliance Management App enables you to configure and execute IT compliance surveys, certifications, and control self-assessments based on predefined templates and schedules. It supports electronic sign-offs at departmental and functional levels, and rolls them up for executive certifications.
    • IT Compliance and Control Assessments The app enables you to manage compliance assessment programs better by ensuring that the controls and activities designed to meet regulatory requirements are effective. The app supports automatic assessments based on predefined criteria and checklists, performs tests related to completeness, accuracy, validity, authorization and segregation of duties, and has a mechanism to score, tabulate, and report results.
    • Issue and Remediation Management The IT Compliance Management App triggers a systematic process to document, investigate, and resolve IT compliance and control issues. It also sends out automated alerts to keep investigation and remediation task assignments on track.
    • Effective IT Compliance with GRC Intelligence The IT Compliance Management App delivers GRC Intelligence, which facilitates the collation of regulatory content from multiple sources in real-time, through a comprehensive approach. This provides actionable insights through alerts, notifications, and content updates, enabling you to proactively address the latest regulatory changes.
    • IT Compliance Reporting The app provides pre-defined real-time reports, user-specific dashboards, and graphical snapshots that provide extensive visibility into the status of the IT compliance assessment efforts and overall compliance profile.


    Automate and Integrate IT Compliance Processes

    The MetricStream IT Compliance Management App provides a common framework to manage and monitor compliance with a range of IT regulations and standards. The app scales across the enterprise, streamlining and automating IT compliance workflows, while consolidating compliance and control data into a central repository. The app also integrates with the Unified Compliance Framework (UCF), enabling enterprises to map 9,300+ IT control statements to 1,200+ regulations.

    The key challenges

    • Managing thousands of regulations can be pricy
    • Tackling the complexities that arise due to managing and monitoring multiple regulations
    • Adapting to the frequent changes in policies, standards, and regulations
    • Harmonizing a host of government and industry regulations, internal policies, and general
      best practices

    To examine all these IT regulatory and compliance requirements simultaneously, it is imperative to have a comprehensive process in place. It helps you select those regulations that are applicable to your organization, assess the risks, apply appropriate controls, verify that the controls are in place, and audit the controls for their ongoing effectiveness.

    The MetricStream IT Compliance Management App provides a centralized system to manage and track compliance with a range of IT regulations and standards. The app scales across the enterprise, streamlining and automating IT compliance management workflows, while consolidating compliance data in a central repository for optimal visibility.

    MetricStream and UCF Common Controls Hub (CCH) Integration

    To address the above challenges and unify IT compliance initiatives across the organization, MetricStream has partnered with Network Frontiers to deliver the UCF Common Controls Hub’s (CCH) integration with the market-leading MetricStream IT Compliance Management App. UCF is the largest and the only industry-vetted compliance database that maps and harmonizes more than 9,300 IT control statements to more than 1,200 regulations, standards, and frameworks.

    The Common Controls Hub connects the various criteria, policies, and lexicons of over 200,000 individual compliance mandates across over 800 laws, standards, and regulations (referred to by the UCF as authority documents) from around the world.

    Access Content On demand

    The MetricStream–UCF CCH API based integration allows you to access on demand content to import authority documents, citations, controls, and questions/procedures from UCF Common Controls Hub portal into MetricStream GRC library.

    Create Operational Data

    Operating data specific to the nature of the business can be leveraged via MetricStream modules to measure their design and reference effectiveness

    Create Reference Data

    Reference data is benchmark data that is specified by the UCF Common Controls Hub. You can upload your existing operating data onto the MetricStream solution to be mapped to reference data (from the UCF Common Controls Hub). This helps you measure compliance gaps for any given area and achieve continuous improvement over a period of time.

    Leverage Content Reports and Delta Reports

    Reporting needs vary widely among different levels of an organization. With the Common Controls Hub Content, you can get precise reports with concise formats and thorough in-detail reporting capabilities to address specific areas of compliance.

    • UCF citations browser: This report allows you to know the various requirements of a regulation. It allows you to select one or multiple authority documents, as well as the report briefs with the citations and controls that are a part of those authority documents.
    • UCF citations and controls search: This report allows you to understand the regulations based on control keywords or citation keywords.
    • UCF harmonized controls browser: This report allows you to select authority documents and understand the harmonization of controls across regulations/standards. The common controls across all chosen authority documents are then presented in an easy-to-navigate format.

    Value Proposition

    The MetricStream IT Compliance Management App, in collaboration with UCF Common Controls Hub, offers you the flowing benefits:

    • Choose appropriate authority documents and harmonize a common control list by simply selecting the specific industries, market segments, and geographies relevant to your organization.
    • Compare any two sets of authority documents for an instant gap/overlap analysis and gauges the impact of new standards, regulations or laws, rather than completing an entirely new assessment.
    • Track the changes required by new or updated laws, and understand your exposure to non-compliance.
    • Create a standardized structure that traces the what, why, and how of every authority document.

    Key Highlights of MetricStream UCF Common Controls Hub Integration

    • Reduce cost: Eliminate duplication of efforts by asserting compliance across multiple authority documents simultaneously. You can map internal risk assessments to centralized UCF authority documents and citation references. Organizations can be compliant with multiple standards across industry, country, and state by demonstrating compliance with a much smaller set of harmonized controls.
    • Decrease complexity: Simplify your regulations requirements by clarifying conflicts created by multiple overlapping forms. Compliance teams can perform a common audit across multiple regulations, standards, and guidelines.
    • Save time: Create a single point of control over hundreds of complex regulations, requirements, and guidelines, thus allowing you to research your specific requirements. Clarify conflicts created by overlapping authority documents, and drill down for explanations and sources for each control.
    • Improve IT governance: The MetricStream IT-Compliance Management App helps organizations harness the power of UCF to solve complex compliance issues. This integrated approach helps customers focus on the right areas for better risk and compliance management. It also allows organizations to map internal policies, standards, and controls to UCF controls.

  • Contact Us

      First Name:

      Last Name:

      Email address:

      Tell us what you’re interested in, select all that apply:

      Send us your questions:

      This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.
    • April 2023

      Wednesday 04/26/23 | 9:00 am (PDT) - 10:00 am (PDT)

      Webinar: Cyber Regulations Review Managing Cyber Risk with the Proposed Cyber SEC Rules and Biden Executive Cyber Orders

      Webinar: Cyber Regulations Review Managing Cyber Risk with the Proposed Cyber SEC Rules and Biden Executive Cyber Orders

      View More

      June 2021

      Thursday 06/24/21 | 9:00 am (PDT)

      Simplify and Accelerate Your IT Compliance by Leveraging a Common Controls Framework

      Simplify and Accelerate Your IT Compliance by Leveraging a Common Controls Framework

      View More

      June 2019

      Wednesday 06/26/19 | 12:00 am (PDT)

      Moving Beyond Risk Management to Cybersecurity Compliance

      Moving Beyond Risk Management to Cybersecurity Compliance

      View More

      • 09/20/16
        Unified Compliance Confirms MetricStream as First Ever to Utilize Patented Real-time Risk and Compliance Framework API in IT GRC Software

        MetricStream is the first Governance, Risk, and Compliance (GRC) solution provider to take advantage of the Unified Compliance Framework’s (UCF) real-time Common Controls Hub library of Authority Documents, Common Controls, and Audit Guidelines. Lafayette, CA–September …

        Read More
    • Upcoming Events