Author: Richard Eddolls
-
From compliance to confidence: a practical guide to a proactive always on data privacy program
Read more: From compliance to confidence: a practical guide to a proactive always on data privacy programMost large organizations say they have privacy covered. And on paper, they do. In practice, privacy often lives as disconnected work: documents, templates, and one-off reviews that prove something happened once, not a system that controls what happens next. That gap matters because privacy risk is created by change. A new analytics use case. A…
-
DORA just got a UK handshake: the EU – UK ICT oversight pact is a warning shot for third-party risk
Read more: DORA just got a UK handshake: the EU – UK ICT oversight pact is a warning shot for third-party riskIf your business depends on a small set of shared providers like cloud, identity, payments, or data platforms, your operational resilience risk is no longer just a “your firm” issue. It’s a system wide dependency. Regulators are now shifting supervision to where that risk sits: at the provider level, not just inside each regulated company.…
-
Beyond the checkbox: A value‑based guide to enterprise conflict of interest management
Read more: Beyond the checkbox: A value‑based guide to enterprise conflict of interest managementThe conflict-of-interest wake-up call Most organizations do have a conflict of interest (COI) policy. What they actually have, in practice, is this: Legacy GRC will tell you that’s “good coverage.” It isn’t. It’s paperwork. Conflicts of interest rarely blow up because they were hidden. They blow up because they were normalized, misunderstood, or never escalated until after a decision was made and challenged. If you’re trying to run effective value-based…
-
Saudi sports law sets a new benchmark for governance, risk, and compliance in the Middle East
Read more: Saudi sports law sets a new benchmark for governance, risk, and compliance in the Middle EastAcross the Middle East, governance, risk, and compliance are undergoing a quiet but consequential shift. What was once treated as a supporting function is increasingly becoming a core driver of credibility, investment, and long-term resilience. This change is not being led by speeches, slogans or strategy documents. It is showing up in how regulation is…
-
CoreStream GRC 3.3 Release Notes
Read more: CoreStream GRC 3.3 Release Notes1.0 Document Purpose This document provides a summary of the highlights of the CoreStream GRC Release 3.3 release. Major Platform releases are finalized every 2-3 months, depending on client and strategic priorities. These release notes are part of CoreStream GRC’s approach to keeping clients and partners informed of the improvements we are delivering. This document…
-
The latest cyber shocks and impact every business leader needs to know
Read more: The latest cyber shocks and impact every business leader needs to knowOver the past year, cyber-attacks have stopped looking like technical failures and started behaving like prolonged business crises. Retailers, airlines, manufacturers, healthcare providers and media organizations have all been headline news for their cyber incidents. In many cases, the initial breach was only the beginning. We witnessed; operations were disrupted, supply chains stalled, customer services faltered and leadership teams were forced into crisis mode long after systems…
-
What a Head of Controls looks for in a GRC platform: A real-life case study and the common mistakes to avoid
Read more: What a Head of Controls looks for in a GRC platform: A real-life case study and the common mistakes to avoidAt CoreStream GRC, we recently wrapped up a successful GRC implementation with Wickes, and it highlighted something we see time and again. The difference between a smooth GRC rollout and a painful one is rarely about features alone. It usually comes down to a handful of early decisions. Small choices that either remove friction or…
-
Stop playing defense: The comprehensive guide to enterprise risk management for value-based GRC leaders
Read more: Stop playing defense: The comprehensive guide to enterprise risk management for value-based GRC leadersThe enterprise risk management wake-up call Enterprise risk management (ERM) has been talked about for years. Yet, in practice, many programs still amount to little more than documentation and reporting. While, they may look reassuring on paper, they are rarely tested when it matters. In our conversation with our expert community, we have seen that…
-
US AI risk regulation and compliance explained: what the fragmented legal landscape means for businesses
Read more: US AI risk regulation and compliance explained: what the fragmented legal landscape means for businessesFor teams who follow AI policy in the United States, the missing American equivalent to the EU AI Act is easy to misunderstand. Many readers assume this signals hesitation or a light touch approach. From a distance, the US model can appear unclear and even permissive. That view gets the story wrong. Regulation is already here, just…
-
UK to regulate crypto by 2027: What it means for global crypto and fintech firms
Read more: UK to regulate crypto by 2027: What it means for global crypto and fintech firmsThe UK’s decision marks the end of crypto’s regulatory grey zone. At CoreStream GRC, we’re seeing global crypto and fintech teams move from asking if regulation will land, to working out how to prepare for it in a way that does not slow the business down. In this piece our team at CoreStream GRC breaks…