All ideas

Use Case: We use a shared responsibility model where some controls are provided by other parts of the org. Those controls are assessed separately and added to the evidence library for use in assessments of systems consuming the controls. My intent...

Report to view the Common and Sample question responses provided by the Assessors or control owners during the testing

Martktplaats B.V would like to be able to paste evidence into the sample table (in test execution page). This would allow them to fully use MetricStream to handle evidences. Currently, customer does this using the spreadsheet uploads. Other GRC so...

NIST SP 800-30 NIST Cybersecurity Framework is popular among companies in the US. NIST has become the gold standard for assessing cybersecurity maturity, identifying security gaps, and meeting cybersecurity regulations. Using our IT- risk module w...

I would like to request a function where if you want to edit the relationship list (add or remove) the pop-up window for the option shows what has already been selected previously. Currently if you want to edit it, the list does not show which one...

Currently, when we attempt to add Question and Procedures from library in the Questionnaire form under surveys, the QP popup window does not have filter options to choose right set of QPs. This is creating lot of inconvenience to customer when the...

In the Vulnerability Management use case we see that the clients setup Remediation Rules for the Critical - Combined Risk Rating or other criteria's where remediation to be initiated as soon as the vulnerability is pulled into MetricStream. This l...

In product's roadmap will there be interactions between IT Risk and IT Compliance Modules. For eg: Failure of a control and the creation of an issue in the IT compliance module does not change the Risk score in the IT Risk module. As this is suppo...

Very often customers have threat data they want to upload/use, but do not have a threat vector defined for them. Can we make this field optional, or perhaps add values of Other or TBD.

Raiffeisen as part of it's use-case testing would like to • Identify risks which aren’t covered by any control• Identify assets which are not affected by a dedicated risk I tried Orphans - but the Assets are related to the Orgs and the Risks relat...