Case Study: Malaysian Oil and Gas Company achieves higher cyber risk and compliance maturity with MetricStream CyberGRC

Malaysian Oil and Gas Giant Elevates Cyber Risk And Compliance Management Program Maturity With MetricStream

A Malaysian oil and gas giant sought to modernize its risk and compliance program after COVID-19, with a renewed focus on agility, resilience, sustainability, and value creation. The company needed to replace manual Excel/Word processes with an automated, online system that would standardize risk nomenclature across 500 entities and provide a single, consolidated view of third‑party, cyber, and compliance risk for the entire group.

The organization selected MetricStream CyberGRC and deployed Third‑Party Risk Management and Policy Management to 20,000 users (Group Legal) and IT & Cyber Risk and Compliance modules to Group Cyber. The implementation automated and documented impact assessments for 5,000+ IT/OT assets, automated assignment of 1,000+ controls, centralized policy and document management, streamlined DPIAs, improved third‑party visibility, and raised the Cyber Maturity Risk Assessment from 2 to 3—strengthening overall cyber resilience and supporting insurance negotiations.