GRC blogs
Explore our blogs for expert insights, industry updates, and practical guidance
Designed to challenge ways of thinking and help your enterprise excel in GRC.
-
The Modern CISO’s Compliance Stack: Frameworks, Automation and AI webinar
Read more: The Modern CISO’s Compliance Stack: Frameworks, Automation and AI webinarIntroduction: What should a modern CISO compliance stack actually look like? CISOs are being asked to protect the business across more frameworks, more regulatory expectations and more third-party assessments than many compliance programs were built to handle. The pressure is not theoretical. PwC’s Global Compliance Survey 2025 found that 85% of respondents said compliance requirements have become more complex in the last 3…
-
Spotlight on Women in GRC: Chief Compliance Officer on accountability, crisis management & leadership
Read more: Spotlight on Women in GRC: Chief Compliance Officer on accountability, crisis management & leadershipIn the latest episode of CoreStream GRC’s Spotlight on Women in GRC podcast, Lucy Montague speaks with Grace Suleyman, Chief Compliance Officer at an asset management company servicing insurance clients. Grace’s role spans legal, company secretarial, enterprise risk and compliance, giving her a broad view of what modern compliance leadership now requires. The discussion explores why senior GRC roles…
-
Why easy login can create risk in GRC and Conflict of Interest systems
Read more: Why easy login can create risk in GRC and Conflict of Interest systemsBy Mike VidoniSenior GRC Client Executive & Customer Success, CoreStream GRC Key takeaways Introduction: When does convenience become a control weakness? GRC teams need people to use their systems. A Conflict of Interest process cannot work properly if employees, or board members struggle to complete disclosures because the process is unnecessarily complicated. But login design is not simply a usability decision. It…
-
What is ISO 27001? A practical guide to information security management
Read more: What is ISO 27001? A practical guide to information security managementAbstract ISO 27001 gives organizations a structured way to manage information security risk. But for many teams, the real challenge is not understanding the standard. It is maintaining the evidence, ownership and control visibility needed to prove the system works. This guide should explain what ISO 27001 is, why it matters, how certification works, what Annex A controls cover, and why…
-
Is the vendor risk assessment dead?
Read more: Is the vendor risk assessment dead?Is the traditional vendor questionnaire still fit for purpose? Imagine beginning a vendor assessment without sending another 200-question form. Before contacting the third party, you already understand who the organization is, who sits behind it, and whether there are public risk signals that warrant closer attention. You can ask the vendor for the evidence it already holds, identify the gaps that…
-
Spotlight on Women in GRC: Former Head of Internal Financial Controls on AI, leadership & work-life balance
Read more: Spotlight on Women in GRC: Former Head of Internal Financial Controls on AI, leadership & work-life balanceTo countdown to the Women in GRC Awards on 2 July 2026, we are running a podcast series, “Spotlight on Women in GRC”. In this episode, CoreSream GRC’s Head of Marketing, Lucy Montague sits down with Nikki Absolom, Tax Technology and Transformation Lead at IVC Evidensia, former Head of Controls at Pets at Home, and an Independent Board…
-
Third-Party Risk Management software RFP template: questions and scoring
Read more: Third-Party Risk Management software RFP template: questions and scoringEnter your details and we’ll email you the Third Party Risk RFP template: For a lot of organizations, the search for Third-Party Risk Management software starts when the current process stops giving the team a reliable view of risk. Maybe supplier onboarding still runs through email chains, spreadsheets, shared folders, and disconnected questionnaires. Maybe due diligence happens before…
-
Spotlight on Women in GRC: Senior Risk Officer from the banking sector on AI, risk reporting & TPRM
Read more: Spotlight on Women in GRC: Senior Risk Officer from the banking sector on AI, risk reporting & TPRMIn advance of the Women in GRC Awards on 2 July 2026, we are running a podcast series, “Spotlight on Women in GRC”. In this episode, CoreStream GRC Head of Marketing Lucy Montague sits down with Rita Parmar, a Senior Risk Officer with vast experience across the finance sector. As well as Sarbanes-Oxley compliance, governance, regulatory reporting, and non-financial risk. The discussion explores; Rita also shares her…
-
Policy Management software RFP template: questions and scoring
Read more: Policy Management software RFP template: questions and scoringEnter your details and we’ll email you the Policy RFP template: Why do organizations invest in Policy Management software? For many organizations, policy management starts with shared drives, document repositories, spreadsheets, and email-based approvals. While these approaches may work initially, they often become harder to manage as the business grows and compliance requirements increase. The challenge is…
-
Michael Rasmussen podcast with Richard Eddolls: why CoreStream GRC focuses on value-based GRC technology
Read more: Michael Rasmussen podcast with Richard Eddolls: why CoreStream GRC focuses on value-based GRC technologySpeakers: Michael Rasmussen, GRC 20/20, and Richard Eddolls, Co-Founder and Chief Product Officer, CoreStream GRC In this episode of The Hitchhiker’s Guide in the GRC Technology Galaxy, Michael Rasmussen returned to CoreStream GRC’s London office to speak with Richard Eddolls, Co-Founder and Chief Product Officer at CoreStream GRC. The conversation explored the origins of CoreStream GRC, why flexibility and usability still matter in enterprise…
Ready to speak to our experts?
Discover our case studies
The success stories of flexible intuitive GRC technology
-
CASE STUDY: Implementation success story
Raising the bar on Conflict of Interest management: CoreStream GRC’s high quality implementation services success story Everyone’s heard the horror stories of GRC implementations that drag on for months, sometimes years, with personnel moving in and out as people leave before the project is done. It’s no wonder risk and compliance teams cling to the devil they know. The fear of scope creep, decision paralysis, slipping timelines, and sheer…
-
CASE STUDY: Wood Group
Simplifying global audit management with CoreStream GRC Key takeaways Wood is a global engineering and operations business with around 35,000 people across 60 countries. After a major acquisition, its assurance, action tracking and non-conformance processes were spread across around 45 different systems: “We found we had somewhere in the region of 45 action tracking systems. They ranged from HTML to SharePoint…
-
CASE STUDY: COI GRC 2020 solution perspective
The client stories behind Michael Rasmussen’s Conflict of Interest Management solution perspective for CoreStream GRC Introduction Michael Rasmussen, globally recognized GRC thought leader and former Forrester analyst who originally defined the Governance, Risk, and Compliance market, recently drafted his perspective on CoreStream GRC’s conflict of interest solution. For this analysis, Michael engaged with 3 organizations actively using the CoreStream GRC platform to manage conflicts of interest. While operating in…
Ready to upgrade your GRC tech?
Contact the team and request your demo today.
This form may not be visible due to adblockers, or JavaScript not being enabled.