GRC resources

Discover blogs, news, events and more from CoreStream GRC’s experts.

Women in grc
ISO27001 Blog

  • The Modern CISO’s Compliance Stack: Frameworks, Automation and AI webinar 

    Esme Dyos

    ·

    The Modern CISO’s Compliance Stack: Frameworks, Automation and AI webinar 

    Introduction: What should a modern CISO compliance stack actually look like? CISOs are being asked to protect the business across more frameworks, more regulatory expectations and more third-party assessments than many compliance programs were built to handle.  The pressure is not theoretical. PwC’s Global Compliance Survey 2025 found that 85% of respondents said compliance requirements have become more complex in the last 3…

    ,
  • Spotlight on Women in GRC: Chief Compliance Officer on accountability, crisis management & leadership

    Ava Kernan

    ·

    Spotlight on Women in GRC: Chief Compliance Officer on accountability, crisis management & leadership

    In the latest episode of CoreStream GRC’s Spotlight on Women in GRC podcast, Lucy Montague speaks with Grace Suleyman, Chief Compliance Officer at an asset management company servicing insurance clients.  Grace’s role spans legal, company secretarial, enterprise risk and compliance, giving her a broad view of what modern compliance leadership now requires. The discussion explores why senior GRC roles…

  • Why easy login can create risk in GRC and Conflict of Interest systems 

    Mike

    ·

    Why easy login can create risk in GRC and Conflict of Interest systems 

    By Mike VidoniSenior GRC Client Executive & Customer Success, CoreStream GRC  Key takeaways  Introduction: When does convenience become a control weakness?  GRC teams need people to use their systems. A Conflict of Interest process cannot work properly if employees,  or board members struggle to complete disclosures because the process is unnecessarily complicated.  But login design is not simply a usability decision. It…

  • What is ISO 27001? A practical guide to information security management 

    Esme Dyos

    ·

    What is ISO 27001? A practical guide to information security management 

    Abstract  ISO 27001 gives organizations a structured way to manage information security risk. But for many teams, the real challenge is not understanding the standard. It is maintaining the evidence, ownership and control visibility needed to prove the system works.  This guide should explain what ISO 27001 is, why it matters, how certification works, what Annex A controls cover, and why…

    ,
  • World Cup stadium strike was narrowly averted: how resilient are your critical suppliers? 

    Corey

    ·

    World Cup stadium strike was narrowly averted: how resilient are your critical suppliers? 

    Key takeaways Introduction: What happened at the 2026 World Cup?   Days before the World Cup began, a supplier issue at one of the tournament’s highest-profile venues was narrowly avoided. Reuters reported that a union representing around 2,000 food and beverage workers at SoFi Stadium reached a tentative agreement with Legends Hospitality only days before the tournament. AP described the agreement as averting a…

  • Is the vendor risk assessment dead?

    Esme Dyos

    ·

    Is the vendor risk assessment dead?

    Is the traditional vendor questionnaire still fit for purpose?  Imagine beginning a vendor assessment without sending another 200-question form.  Before contacting the third party, you already understand who the organization is, who sits behind it, and whether there are public risk signals that warrant closer attention. You can ask the vendor for the evidence it already holds, identify the gaps that…

Ready to chat with our experts?

Contact us today!

This form may not be visible due to adblockers, or JavaScript not being enabled.