Enterprises typically use several applications to meet their business needs and this multitude of applications form their technology ecosystem. For a smooth functioning of this ecosystem, applications should be able to communicate with each other by exchanging data and using it internally for processing and performing business operations efficiently.
MetricStream’s GRC platform relies on data from various applications and business systems as inputs into various GRC activities. There are also requirements to bring in content from external content providers into MetricStream. Also being the primary source of GRC information, information captured in MetricStream is also relevant to be integrated with various other enterprise applications and systems.
Specific examples of data integration could range from pulling risk-related information from a third-party tool or to push incident details from MetricStream system to other Incident Management tools. B2B Application integrations can be classified as - Inbound and Outbound. Inbound Integration is when external applications request data from MetricStream products and Outbound integration is when MetricStream products request data from the external applications as shown in the diagram below:
MetricStream’s Content Integration Service (CIS) provides the capability of performing outbound integration by providing pre-configured Connectors which are programmed to connect with external systems (content providers) using REST APIs. These connectors can invoke GET, PUT & POST REST endpoints exposed by external applications based on the configured schedule as well as on-demand. These connectors can pull curated GRC content into MetricStream products which can then be used for managing the intelligent content libraries lifecycle or to take risk-informed decisions and can also push MetricStream data into those external systems for updates or processing. For example, BitSight offers risk intelligence in the form of security rating for a given vendor which can be vital in third-party assessment. Similarly, integration with Compliance.ai provides regulatory documents and their changes, which can then be monitored by Compliance professionals in the system so that the firm is on top of the latest regulatory changes.
Along with offering pre-configured connectors, CIS is an extensible framework and has the potential to simplify the development lifecycle of new connectors for various integration needs. The framework also follows the microservices architectural patterns and hence is designed for high reliability & scalability. The current offering of the Content Integration Service offers OOTB connectors for Compliance.ai, BitSight, Thomson Reuters, and RiskLens, which are being leveraged in products like RCM, TPM and IT & Cyber Risk for various business use cases.
Stay tuned for more information on our product enhancements coming soon.<