GRC resources

Discover blogs, news, events and more from CoreStream GRC’s experts.

Women in grc
ISO27001 Blog

  • Designing your dream GRC home part 4: wiring the house – making automation helpful, not burdensome 

    Lionel Matsuya

    ·

    Designing your dream GRC home part 4: wiring the house – making automation helpful, not burdensome 

    By Head of Client Solution Design, Lionel Matsuya If foundations set the purpose, and corridors shape the flow, wiring determines whether a house actually works in day-to-day life.  And just as modern homes are filled with smart devices, sensors and integrations, today’s GRC environments are increasingly wired with automation, clever logic and AI.  Here’s the central idea upfront:  Automation in GRC technology isn’t about throwing in every…

  • A practical step‑by‑step guide to the Third‑Party Risk Management lifecycle

    Ava Kernan

    ·

    A practical step‑by‑step guide to the Third‑Party Risk Management lifecycle

    Third parties keep modern businesses running. Vendors host systems, process data, deliver critical services, and sit inside day-to-day operations. That reality creates two truths at once: The problem is not that teams do not understand the risk. The problem is that a lot of third-party risk management (TPRM) programs were built for a simpler world.…

  • What CoreStream GRC is watching at the HCCA 2026: compliance trends to be aware of

    Esme Dyos

    ·

    What CoreStream GRC is watching at the HCCA 2026: compliance trends to be aware of

    The 30th Annual Compliance Institute is coming to Orlando April 27-30, 2026, with a virtual option April 28-30.   This is where healthcare compliance teams go to pressure-test what “good” looks like in practice. When enforcement risk is real, audits are relentless, privacy and security expectations keep shifting, and the business still has to move.  What is the Health Care Compliance Association (HCCA)?  HCCA is a US nonprofit that supports healthcare compliance…

  • Designing your dream GRC home part 3: security and access

    Lionel Matsuya

    ·

    Designing your dream GRC home part 3: security and access

    By Head of Client Solution Design, Lionel Matsuya In the first two articles of this series, I explored 2 foundational aspects of Governance, Risk & Compliance (GRC) solution design: understanding organizational needs and stakeholder expectations, and designing effective connectivity between risk, control and assurance functions.  In this 3rd blog, I focus on security and access: not in the narrow sense of cyber or technical controls, but as a core…

  • From compliance to confidence: a practical guide to a proactive always on data privacy program

    Ava Kernan

    ·

    From compliance to confidence: a practical guide to a proactive always on data privacy program

    Most large organizations say they have privacy covered. And on paper, they do. In practice, privacy often lives as disconnected work: documents, templates, and one-off reviews that prove something happened once, not a system that controls what happens next. That gap matters because privacy risk is created by change. A new analytics use case. A…

  • DORA just got a UK handshake: the EU – UK ICT oversight pact is a warning shot for third-party risk

    Corey

    ·

    DORA just got a UK handshake: the EU – UK ICT oversight pact is a warning shot for third-party risk

    If your business depends on a small set of shared providers like cloud, identity, payments, or data platforms, your operational resilience risk is no longer just a “your firm” issue. It’s a system wide dependency. Regulators are now shifting supervision to where that risk sits: at the provider level, not just inside each regulated company.…

Ready to chat with our experts?

Contact us today!

This form may not be visible due to adblockers, or JavaScript not being enabled.