MetricStream’s mission is to help our customers 'Thrive on Risk'. Trust is the foundation of enabling this journey. Trust encompasses all stakeholders - customers, partners, employees, shareholders, and a broader group of GRC industry participants. We believe transparency at all levels is key to earning and maintaining this trust. As a Governance, Risk, and Compliance (GRC) software as a service (SaaS) provider, MetricStream’s focus on trust is governed by three areas: Reliability and Performance, Security and Privacy, and Compliance. In each of the areas, MetricStream provides continuous assurance, adaptability, and improvements.

Click here to know more about the Advisory on Okta attack by Lapsus$


Reliability and Performance

MetricStream SaaS architecture foundation is a multi-instance global cloud with continuous focus on raising the bar on performance with every software release. Millions of GRC professionals are benefitting year on year with this design principle. We have clear service level agreements which we consistently meet and exceed.


  Reliability and Performance


Built on a R&D foundation of secure software development practices, MetricStream SaaS Applications are built ground-up for a secure cloud-based digitization journey for every customer. With a continuous focus and vigilance on a multi-layer security model we continue to be a trusted partner for all our customers. As we all know security, in cloud, must be a shared responsibility, and as such a good collaboration model is the basis for a successful journey year on year – not only for MetricStream but also the industry.

Click here to review details on Shared Responsibility and Cloud Security Assurance.

MetricStream is also audited by third-party security vendors to get an independent assessment of our security controls and practices.




MetricStream fundamentally values privacy of all the stakeholders involved. It is built on the well-known principles of privacy around accuracy, ask for and keep only what you need, keep it secure, and remove when not needed. This has helped us not only meet but also exceed expectations when new regulations such as GDPR and CCPA came about. MetricStream Infrastructure is designed with clear systems principles.

MetricStream is also shaping initiatives around global standards on data exchange that are risk managed and privacy preserving. See mprivacy.org for more details.




MetricStream, given its unique position in GRC, wholeheartedly embraces compliance. This is evident in the certifications, professional conduct of its employees, and training and awareness programs. From a customer perspective, the most important documentation to review for GRC SaaS are the certificates and our transparency on the software content.

MetricStream is also audited by third-party security audit firms to assess compliance with various standards.


  • customer-logo-1
  • customer-logo-2
  • customer-logo-3
  • customer-logo-4
  • customer-logo-5
  • customer-logo-6

Ready to get started?

Speak to our experts