SOURCE: MetricStream


September 30, 2009 09:00 ET

MetricStream Announces Integration With the UCF to Help Customers Harmonize and Rationalize IT Controls

MetricStream-Network Frontiers Partnership Enables Customers to Utilize the Unified Compliance Framework (UCF) Databases to Reduce Complexity and Cut the Costs of Compliance and Audit

PALO ALTO, CA--(Marketwire - September 30, 2009) - Due to government regulations on privacy and security that have emerged in recent years to safeguard consumer information and ensure corporate accountability, compliance and controls have become central to planning, designing and ongoing administration of IT systems for CIOs and IT executives. To address this issue, MetricStream has partnered with Network Frontiers to deliver its Unified Compliance Framework (UCF) -- a comprehensive database that maps and harmonizes more than 2,500 IT control statements to more than 400 regulations, standards and frameworks, embedded with MetricStream's market leading Governance, Risk, Compliance (GRC) solutions.

Through this partnership, MetricStream clients will be able to contain the cost and manage the overwhelming complexity of IT compliance by standardizing on a common set of controls that map to all the regulations and policy mandates they need to comply with. Now available as a hierarchical dataset within the MetricStream IT-GRC application, the UCF leverages the commonalities running through various regulations, standards and guidelines in order to rationalize IT controls and organize them for easy implementation, testing and monitoring.

MetricStream's IT-GRC solution streamlines a wide range of IT activities including managing IT policies, tracking IT assets, assessing and responding to IT risks, implementing IT controls, measuring and reporting compliance with the IT controls and regulatory requirements, recognizing and responding to incidents and threats, managing IT vendor risks and performance, business continuity planning and ongoing IT auditing. By delivering the UCF content integrated with its solution, MetricStream will further enhance the ROI customers derive from an integrated IT-GRC system by providing a unified and clear view of global IT regulatory requirements and how to meet them.

The UCF includes controls from a variety of regulations and guidelines, including the Sarbanes-Oxley Act (SOX), Basel II, Gramm-Leach-Bliley Act (GLBA), Payment Card Industry Data Security Standard (PCI DSS), NASD Manual, HIPAA, CMS, FERC Security Program, NERC Critical Infrastructure Protection (CIP), Uniform Electronic Transactions Act (UETA), FIPS 191, GAO Financial Audit Manual, IRS Revenue Procedure, Federal Rules of Civil Procedure, FFIEC, NIST COBIT and ISO 27002.

"Network Frontiers has created a reliable information architecture based on thorough legal reviews of the UCF control mappings to the authoritative sources. This will provide our customers the assurance that their legal liabilities and risk exposures are limited, while they benefit from a workflow and collaboration driven IT-GRC system delivered by MetricStream," says Gaurav Kapoor, CFO and General Manager at MetricStream.

"Fortune 1000 companies select MetricStream to integrate their GRC processes into a common infrastructure, eliminating silos, standardizing processes and improving collaboration," said Craig Isaacs, CEO of Network Frontiers. "MetricStream customers can now benefit from the UCF by reducing resources, time, and costs associated with deciphering IT compliance requirements and translating them into controls and control activities. This integrated solution will also give customers a crystal clear view into the state of their IT governance program and where they need to focus for better risk and compliance management."

About MetricStream

MetricStream is a market leader in Enterprise-wide Governance, Risk, Compliance (GRC) and Quality Solutions for global corporations. MetricStream solutions are used by leading corporations such as Pfizer, Philips, NASDAQ, UBS, SanDisk, BP, Subway, Fairchild Semiconductor, Hitachi and TaylorMade-Adidas Golf in diverse industries such as Pharmaceuticals, Medical Devices, Automotive, Food, High Tech Manufacturing, Energy and Financial Services to manage their quality processes, regulatory and industry-mandated compliance and corporate governance initiatives, as well as by over a million compliance professionals worldwide via the portal. MetricStream is headquartered in Palo Alto, California and can be reached at

About Network Frontiers

Since 1992 Network Frontiers has developed ground-breaking tools to support IT best practices with a special focus on regulatory compliance, metrics, systems continuity and governance. Dorian Cougias, founder and Lead Analyst, is a frequent speaker at technology conferences and has authored numerous articles and books, including "The Compliance Book" and the award-winning "Backup Book: Disaster Recovery from Desktop to Data Center." Network Frontiers was recently cited by information technology research and advisory company Gartner as one of their five leading Cool Vendors in Risk Management and Compliance for 2009.

The Unified Compliance Framework (UCF) is Network Frontiers' flagship product. By focusing on commonalities across regulations, standards-based development, and simplified architectures, the UCF supports a strategic approach to IT compliance that reduces cost, limits liability, and leverages the value of compliance-related technologies and services across the enterprise. The UCF's content and methodology is the direct result of Network Frontiers deep understanding of IT regulations and standards and decades of experience consulting for clients, publications, and vendors in the mission-critical IT arena.

The UCF was created by Dorian Cougias and his research partner, Marcelo Halpern of the international law firm Latham and Watkins, which oversees all legal aspects of the UCF. More information can be found at

Contact Information