http://pdf.reuters.com/htmlnews/8knews.asp?i=43059c3bf0e37541&u=urn:newsml:reuters.com:20121220:nBw196753a
   Leading analyst firm cites MetricStream as a pioneer in the IT GRC productsmarket, and highlights its "strong vertical specific solutions" and "strong ITGRC capabilities around cloud and virtualized environments"PALO ALTO, Calif.--(Business Wire)--In today`s increasingly virtualized, mobile, and cloudy world, Chief InformationOfficers (CIOs) and Chief Information Security Officers (CISOs) are confrontedwith complex challenges around information security, big data management, andcompliance with regulations such as SOX, PCI DSS, HIPAA, NERC, FISMA, and ISO27001. The traditional approach of managing these requirements in multiple silosand systems is not only inefficient and expensive, but also leads toredundancies and conflicts. Today, organizations seek to rationalize andharmonize their IT GRC processes, while also providing top-level visibility intoenterprise IT risk and compliance data that can help determine areas of concern,and enable management to make quick, actionable decisions based on sound datapoints. MetricStream provides a comprehensive suite of IT GRC solutions that aggregateand unify IT risk and information security and compliance data from across thehyper-extended enterprise. The solutions also help add business context to thedata, as well as provide strong analytics capabilities to support mature,risk-oriented security programs. The MetricStream solutions integrate with various applications - such as thosefor identity management, asset management, Security Information and EventManagement (SIEM), threat and vulnerability assessment, intrusion detection andprevention, and security feeds - to consolidate data related to informationsecurity, and technology risks. Powerful dashboards present a real-time,top-level view of this information. The solution also facilitates a robustworkflow-based approach to IT audit management and remediation management. MetricStream IT GRC Solutions were recently reviewed by IDC, a leading providerof global IT research and advice, in its report - "MetricStream: ComprehensiveSolutions for IT Governance, Risk, and Compliance1." The report highlightsMetricStream`s "strong intellectual property (IP) portfolio around GRC," its"strong portfolio of IT GRC products that address end-to-end customerrequirements," and its "strong partnership with various technology vendors inthe security, smart grid, network management, operations, and asset managementspaces." The report also highlights MetricStream`s "strong IT GRC capabilitiesaround cloud and virtualized environments." Mayur Sahni, Research Manager, Services at IDC Asia/Pacific says, "Compliancerequirements today are non-negotiable, and it`s imperative for enterprises toimplement a structured, organization-wide approach to IT GRC. MetricStream has abroad set of technologies not only to enforce and implement IT controls, butalso to collect and harvest the information required to manage risk anddemonstrate governance." MetricStream IT GRC solutions provide integration capabilities for IT security,cloud, infrastructure, General Computer Controls (GCC), and business applicationcontrols. It simplifies compliance across IT regulations, standards, andframeworks by supporting automated monitoring and reporting of IT risk andcontrol effectiveness and provides comprehensive content for meeting compliancechallenges, including over 5,000+ IT control statements from over 800+ authoritydocuments through a partnership with UCF, which helps organizations harmonize onthe smallest possible set of IT controls to meet all their compliancerequirements. The solutions also provide robust IT audit managementcapabilities, streamlines the IT audit and compliance process, and enablemultiple stakeholders to gain visibility into the status of these processes andtheir results. IT control or compliance issues that arise are automaticallyrouted through a systematic process of investigation and remediation. With MetricStream`s acquisition of vPanorama cloud GRC technology from TBDNetworks, the company is able to provide solutions that allow its customers toseamlessly manage risks, regulatory compliance challenges, privacy requirements,security threats, and performance metrics across the cloud & virtualizedinfrastructure. The technology has augmented MetricStream`s IT GRC solutions byproviding granular visibility and control over security configurationassessments, continuous controls monitoring, risk management, and threat andvulnerability management. It helps minimize inefficiencies, while enhancing thereliability and performance of the cloud infrastructure. MetricStream`s robust functionality has attracted marquee customers acrossindustry segments, which include some of the largest and most respectedcompanies in social media and Internet information, banking and financialservices, healthcare, manufacturing, energy, and retail. "IT organizations have focused solely on a bottom-up approach so far -implementing granular IT controls based on vulnerability scans, patch, andconfiguration control data. This approach results in a lot of data but littleactionable intelligence," said Vasant Balasubramanian, Vice President of ProductManagement at MetricStream. "MetricStream combines bottom-up data with atop-down approach and over-arching analytics that correlate information risk,security, compliance, and business issues to provide actionable riskintelligence. Furthermore, with MetricStream`s recent acquisition of vPanoramatechnology, we provide the unique capability of bringing top-down riskintelligence and IT GRC controls to the cloud. We also help enhance businessvalue by closely aligning IT investments with organizational strategy andcorporate objectives." 1 IDC, MetricStream: Comprehensive Solutions for IT Governance, Risk, andCompliance, Doc #IN2672604U, July 2012 About MetricStreamMetricStream is a market leader in Enterprise-wide Governance, Risk, Compliance(GRC) and Quality Management Solutions for global corporations. MetricStreamsolutions are used by leading corporations such as UBS, P&G, ConstellationEnergy, Pfizer, Philips, BAE Systems, Twitter, SanDisk, Cummins and SonicAutomotive in diverse industries such as Financial Services, Healthcare, LifeSciences, Energy and Utilities, Food, Retail, CPG, Government, Hi-tech andManufacturing to manage their risk management, quality processes, regulatory andindustry-mandated compliance and corporate governance initiatives, as well asseveral million compliance professionals worldwide via the
  www.ComplianceOnline.com
  portal. MetricStream is headquartered in Palo Alto,California and can be reached at 
  www.metricstream.com.
   MetricStreamMr. Vinay Bapna650-620-2955pr@metricstream.comCopyright Business Wire 2012