Gaurav Kapoor COO MetricStream, Inc.

MetricStream, a market leader in Governance, Risk, and Compliance (GRC) solutions, and CRSI, a premier security, operational and compliance consulting firm, have partnered to help energy and utility companies strengthen and streamline compliance with NERC 693 and NERC Critical infrastructure Protection (CIP) standards.

MetricStream NERC Compliance Management Solution will now offer comprehensive content from CRSI, including NERC regulations, risk and control libraries, control tests and procedures, and reporting templates – all of which will be mapped to customers' organizational hierarchies and processes for optimal compliance transparency and efficiency.

"Traditional approaches to managing compliance tasks, control tests, and documentation are no longer effective, especially as new requirements continue to evolve and expand," said Michael Tibbs, COO at CRSI.  "CRSI's extensive work with utilities of all sizes across North America and globally has revealed a huge need for a sustainable compliance solution.  CRSI's best practice content and expertise along with MetricStream's end-to-end NERC compliance solution will help each company understand what they need to do and how they can effectively ensure that security and compliance controls are operating as designed."

CRSI has provided consulting services to hundreds of electric utilities across all eight NERC regions in North America and globally. MetricStream works with some of the nation's largest energy and utility companies, providing integrated solutions to help them unify and streamline enterprise-wide GRC processes, including NERC compliance. The two industry leaders are now combining their market knowledge and technological innovation to offer an energy and utilities GRC platform, as well as zaplets. Built on top of this platform is MetricStream NERC Compliance Management Solution which provides a one-stop destination for managing and monitoring NERC compliance, and consolidating risk and security intelligence from across the enterprise in real time.

The solution also offers pre-packaged content from both MetricStream and CRSI, including:

• NERC 693 and NERC CIP regulatory standards, requirements, citations, policies and procedures, and tasks and workflows to communicate policies, as well as manage exceptions
• Risk libraries with risk assessment and scoring mechanisms, and control libraries that are mapped to NERC requirements, risks, action items, business processes, and organizational hierarchies in a many-to-many manner
• Standard control test procedures, test plans and sample sizes, scoring methodologies, testing cycles, and control relationships
• Key Control Indicators (KCIs) linked to Key Risk Indicators (KRIs) to help customers look ahead and predict emerging risks
• Asset libraries and monitoring procedures across physical, IT, and virtual assets
• User roles, responsibilities, and access and security requirements
• Reports, dashboards, and reporting templates (e.g. RSAW)
• Integration with systems such as threat and vulnerability management applications, and configuration assessment systems to aggregate data

 "We are excited to team up with CRSI, and look forward to growing this partnership," said Gaurav Kapoor, COO at MetricStream. "Increasing regulatory oversight, million-dollar non-compliance penalties, thousands of frequently changing NERC requirements – these are some of the biggest worries keeping energy and utility executives up at night. The MetricStream-CRSI partnership is targeted at alleviating that pressure by empowering companies with all the information and tools they need to fully comply with NERC 693 and NERC CIP in a sustainable manner."

CRSI is a wholly-owned subsidiary security consulting firm of Corporate Enterprise Security, Inc.  CRSI specializes in NERC operational and CIP Compliance (693 and 706), as well as cyber, information and physical security solutions to the energy and government sectors. CRSI has provided consulting services to hundreds of electric utilities across all eight (8) NERC regions and globally, and is also under contract by NERC Regional Entities for Audit Support.

MetricStream is a market leader in Enterprise-wide Governance, Risk, Compliance (GRC) and Quality Management Solutions for global corporations. MetricStream solutions are used by leading corporations such as UBS, P&G, Constellation Energy, Pfizer, Philips, BAE Systems, Twitter, SanDisk, Cummins and Sonic Automotive in diverse industries such as Financial Services, Healthcare, Life Sciences, Energy and Utilities, Food, Retail, CPG, Government, Hi-tech and Manufacturing to manage their risk management programs, quality processes, regulatory and industry-mandated compliance and corporate governance initiatives, as well as several million compliance professionals worldwide via the www.ComplianceOnline.com portal. MetricStream is headquartered in Palo Alto, California.