Palo Alto, CA -- (SBWIRE) -- 06/18/2010 -- MetricStream Inc., a leading provider of Governance, Risk and Compliance (GRC) solutions, that MetricStream IT-GRC Solution received a Promising rating in Gartner’s report entitled in, 2010 "MarketScope for IT Governance, Risk and Compliance Management." Coming on the heel of this report, Haymarket Media’s SC Magazine, the popular publication for IT Security Professionals, published a detailed product review of MetricStream IT-GRC Solution awarding it a 5-Star overall rating.

According to the Gartner report, authored by Gartner Vice Presidents and Distinguished Analysts Paul Proctor and Mark Nicolett, “IT GRCM products support operation risk management through functions that measure, manage, and report on IT-centric technology and process controls. Organizations can use IT GRCM products to document and assess their IT-centric technology and process controls.” As per Gartner, the core IT GRCM functions are: controls and policy mapping, policy distribution and training attestation, IT control self-assessment and measurement, IT GRCM asset repository, automated general computer control (GCC) collection, remediation and exception management, compliance reporting, IT compliance dashboards and IT risk evaluation.

“There is a clear convergence of IT-GRC and Enterprise GRC as the two are intertwined. Our customers are reaping the benefits of adopting a common platform for GRC that can gather and report risk and compliance information across the enterprise spanning IT, operations, legal, compliance, finance and supply chain functions,” said Gaurav Kapoor, CFO and General Manager at MetricStream. “We believe Gartner’s report confirms our position in the market and our commitment to providing customers with an integrated GRC Platform designed to help them achieve better business performance.”

MetricStream provides a comprehensive IT-GRC Solution with rich capabilities for:

* Asset Discovery
* Vulnerability Assessment
* IT Risk and Policy Management
* Continuous Compliance Monitoring
* Entitlement Lifecycle Management
* Automated Remediation

MetricStream IT-GRC solution allows customers to effectively manage policies, risks, control objectives and controls - for compliance with IT standards and best practices such as Cobit, ITIL, ISO 27002, FFIEC, NIST and industry regulations such as NERC, PCI, HIPAA, BASEL II, FISMA , GLBA and SOX. The solution is integrated with control and audit automation infrastructure to respond to real-time threats, incidents and vulnerabilities. With its open architecture and powerful Infolets - user-configurable adapters for rapid integration - MetricStream effectively connects with infrastructure systems and applications for network scanning, security monitoring and device management to enable seamless capture of incidents and vulnerabilities, real-time risk assessments, continuous control monitoring and efficient response management. It supports automating risk identification, assessment and mitigation processes based on IT asset profile and impact on business.

Customer can further reduce complexity and costs by leveraging Network Frontiers Unified Compliance Framework (UCF) database which maps and harmonizes more than 2,500 IT control statements to more than 400 regulations, standards and frameworks. The solution’s entitlement management capabilities record identity conflicts and segregation of duties issues for increasing effectiveness of IT governance initiatives. Salient features that enable a risk-based approach to IT-GRC include:

* Continuous scanning and monitoring of the IT infrastructure
* Sophisticated IT policy management - from IT SOPs to device level policies with mapping to assets
* Lightweight Infolets - user-configurable adapters for rapid integration
* Integrated IT risk and analytics with business risk and governance
* Linking compliance and risk objectives with IT security threats and business policies
* Managing issues and track compliance to various industry and security standards
* Policy enforcements in dedicated as well as virtualized environments
* Entitlement management with role-based identity and Segregation of Duties (SoD) management

According to Michael Lipinski of SC Magazine, “(MetricStream’s) ability to report on a risk and correlate it right down to the list of specific controls in various regulatory bodies was great. Most organizations are subject to more than one legal or regulatory requirement, and the ability to quickly group and summarize risk to the combined controls is very helpful.”

Within the realms of IT Risk Management, Vendor Risk Management (VRM) and Business Continuity Planning (BCP) are becoming a core competency for organizations to ensure that they have a contingency plan in place to support their business should the worst happen or the vendors supporting their mission-critical systems fails them. MetricStream IT-GRC solution suite includes a comprehensive VRM application to help institute a repeatable and sustainable vendor risk and compliance management program to assess, analyze, mitigate and monitor vendor risks against internal policies as well as industry standards and regulations.

MetricStream also provides an integrated and flexible framework for embedding BCP in the risk management model and streamlining BCP lifecycle stages of analysis, design, implementation, testing and acceptance and maintenance based on industry standards such as BS 25999.

About MetricStream
MetricStream is a market leader in Enterprise-wide Governance, Risk, Compliance (GRC) and Quality Solutions for global corporations. MetricStream solutions are used by leading corporations such as Pfizer, Philips, NASDAQ, UBS, SanDisk, BP, Subway, Fairchild Semiconductor, Hitachi and TaylorMade-Adidas Golf in diverse industries such as Pharmaceuticals, Medical Devices, Automotive, Food, High Tech Manufacturing, Energy and Financial Services to manage their quality processes, regulatory and industry-mandated compliance and corporate governance initiatives, as well as by over a million compliance professionals worldwide via the www.ComplianceOnline.com portal. MetricStream is headquartered in Palo Alto, California and can be reached at http://www.metricstream.com.

MarketScope Disclaimer
The MarketScope is copyrighted 2010 by Gartner, Inc. and is reused with permission. The MarketScope is an evaluation of a marketplace at and for a specific time period. It depicts Gartner's analysis of how certain vendors measure against criteria for that marketplace, as defined by Gartner. Gartner does not endorse any vendor, product or service depicted in the MarketScope, and does not advise technology users to select only those vendors with the highest rating. Gartner disclaims all warranties, express or implied, with respect to this research, including any warranties of merchantability or fitness for a particular purpose.