MetricStream Introduces Integration with the UCF to Help Customers Harmonize and Rationalize IT Controls

MetricStream-Network Frontiers partnership enables customers to utilize the Unified Compliance Framework (UCF) databases to reduce complexity and cut the costs of compliance and audit

Due to government regulations on privacy and security that have emerged in recent years to safeguard consumer information and ensure corporate accountability, compliance and controls have become central to planning, designing and ongoing administration of IT systems for CIOs and IT executives. To address this issue, MetricStream has partnered with Network Frontiers to deliver its Unified Compliance Framework (UCF) –
a comprehensive database that maps and harmonizes more than 2,500 IT control statements to more than 400 regulations, standards and frameworks, embedded with MetricStream’s market leading Governance, Risk, Compliance (GRC) solutions.

Through this partnership, MetricStream clients will be able to contain the cost and manage the overwhelming complexity of IT compliance by standardizing on a common set of controls that map to all the regulations and policy mandates they need to comply with. Now available as a hierarchical dataset within the MetricStream IT-GRC application, the UCF leverages the commonalities running through various regulations, standards and guidelines in order to rationalize IT controls and organize them for easy implementation, testing and monitoring.

MetricStream’s IT-GRC solution streamlines a wide range of IT activities including managing IT policies, tracking IT assets, assessing and responding to IT risks, implementing IT controls, measuring and reporting compliance with the IT controls and regulatory requirements, recognizing and responding to incidents and threats, managing IT vendor risks and performance, business continuity planning and ongoing IT auditing. By delivering the UCF content integrated with its solution, MetricStream will further enhance the ROI customers derive from an integrated IT-GRC system by providing a unified and clear view of global IT regulatory requirements and how to meet them.

The UCF includes controls from a variety of regulations and guidelines, including the Sarbanes-Oxley Act (SOX), Basel II, Gramm-Leach-Bliley Act (GLBA), Payment Card Industry Data Security Standard (PCI DSS), NASD Manual, HIPAA, CMS, FERC Security Program, NERC Critical Infrastructure Protection (CIP), Uniform Electronic Transactions Act (UETA), FIPS 191, GAO Financial Audit Manual, IRS Revenue Procedure, Federal Rules of Civil Procedure, FFIEC, NIST COBIT and ISO 27002.

“Network Frontiers has created a reliable information architecture based on thorough legal reviews of the UCF control mappings to the authoritative sources. This will provide our customers the assurance that their legal liabilities and risk exposures are limited, while they benefit from a workflow and collaboration driven IT-GRC system delivered by MetricStream,” says Gaurav Kapoor, CFO and General Manager at MetricStream.

“Fortune 1000 companies select MetricStream to integrate their GRC processes into a common infrastructure eliminating silos, standardizing processes and improving collaboration," said Craig Isaacs, CEO of Network Frontiers. "MetricStream customers can now benefit from the UCF by reducing resources, time, and costs associated with deciphering IT compliance requirements and translating them into controls and control activities. This integrated solution will also give customers a crystal clear view into the state of their IT governance program and where they need to focus for better risk and compliance management.”


Please enter your comment!
Please enter your name here