Author: Lucy Montague
-
HF Sinclair’s CFO exits amidst a wave of prominent C-suite exits: breaking down the GRC trend behind the headlines
Read more: HF Sinclair’s CFO exits amidst a wave of prominent C-suite exits: breaking down the GRC trend behind the headlinesHF Sinclair’s CFO, Atanas Atanasov, took a voluntary leave of absence after concerns raised by the audit committee, one week after CEO Tim Go did the same. The internal review started after concerns were raised about the company’s 2025 disclosure process and “tone at the top,” and the audit committee ultimately reported no deficiencies in financial reporting controls or disclosure…
-
Director of Compliance & Information Governance, Sophie Lis included in Risky Women’s “Women to Watch”
Read more: Director of Compliance & Information Governance, Sophie Lis included in Risky Women’s “Women to Watch”CoreStream GRC is delighted to announce that Sophie Lis, our Director of Compliance and Information Governance, has been recognized as a Risky Women “Women to Watch”. This follows after her win as Innovator of the Year at the Women in GRC 2025 awards. Risky Women has been connecting, celebrating and championing women in governance, risk…
-
How ISO 31000 makes your business faster, more confident, and more competitive
Read more: How ISO 31000 makes your business faster, more confident, and more competitive“ISO 31000 is an international standard that provides principles and guidelines for risk management. It outlines a comprehensive approach to identifying, analyzing, evaluating, treating, monitoring and communicating risks across an organization. “ International Standard on Governance of Organizations (ISO) ISO frames risk as the “effect of uncertainty on objectives.” That is a big shift from the traditional approach of asking “what…
-
700+ passport scans exposed at Abu Dhabi Finance Week, reports say. Here’s the vendor mistake behind it
Read more: 700+ passport scans exposed at Abu Dhabi Finance Week, reports say. Here’s the vendor mistake behind itThis Abu Dhabi Finance Week leak is a vendor risk case study, not a cyber mystery The Financial Times and Reuters reported that a cloud environment linked to a third-party event vendor left scans of more than 700 passports and state identity documents accessible online via a web browser. The leak was discovered by security researcher Roni Suchowski, and the event reportedly hosted 35,000+…
-
Designing your dream GRC home part 5: how thoughtful experience turns good design into real adoption
Read more: Designing your dream GRC home part 5: how thoughtful experience turns good design into real adoptionBy Head of Client Solution Design, Lionel Matsuya So far in this series, I’ve talked about foundations, connectivity, security, and wiring. These are the things that tend to dominate conversations about GRC platforms: scope, features, controls, automation, and capability. But there’s another layer that quietly determines whether any of that effort delivers value: that layer…
-
Cyber Essentials tightens in April 2026: MFA and patching can now fail you fast
Read more: Cyber Essentials tightens in April 2026: MFA and patching can now fail you fastFrom April 2026, more organizations will fail Cyber Essentials. Not because the five controls are changing, but because the scheme is becoming far less forgiving of gaps between what you say you do and what is actually happening on systems day to day. Cyber Essentials has always been sold as baseline cyber hygiene. Baseline does…
-
Designing your dream GRC home part 4: wiring the house – making automation helpful, not burdensome
Read more: Designing your dream GRC home part 4: wiring the house – making automation helpful, not burdensomeBy Head of Client Solution Design, Lionel Matsuya If foundations set the purpose, and corridors shape the flow, wiring determines whether a house actually works in day-to-day life. And just as modern homes are filled with smart devices, sensors and integrations, today’s GRC environments are increasingly wired with automation, clever logic and AI. Here’s the central idea upfront: Automation in GRC technology isn’t about throwing in every…
-
A practical step‑by‑step guide to the Third‑Party Risk Management lifecycle
Read more: A practical step‑by‑step guide to the Third‑Party Risk Management lifecycleThird parties keep modern businesses running. Vendors host systems, process data, deliver critical services, and sit inside day-to-day operations. That reality creates two truths at once: The problem is not that teams do not understand the risk. The problem is that a lot of third-party risk management (TPRM) programs were built for a simpler world.…
-
What CoreStream GRC is watching at the HCCA 2026: compliance trends to be aware of
Read more: What CoreStream GRC is watching at the HCCA 2026: compliance trends to be aware ofThe 30th Annual Compliance Institute is coming to Orlando April 27-30, 2026, with a virtual option April 28-30. This is where healthcare compliance teams go to pressure-test what “good” looks like in practice. When enforcement risk is real, audits are relentless, privacy and security expectations keep shifting, and the business still has to move. What is the Health Care Compliance Association (HCCA)? HCCA is a US nonprofit that supports healthcare compliance…
-
Designing your dream GRC home part 3: security and access
Read more: Designing your dream GRC home part 3: security and accessBy Head of Client Solution Design, Lionel Matsuya In the first two articles of this series, I explored 2 foundational aspects of Governance, Risk & Compliance (GRC) solution design: understanding organizational needs and stakeholder expectations, and designing effective connectivity between risk, control and assurance functions. In this 3rd blog, I focus on security and access: not in the narrow sense of cyber or technical controls, but as a core…