GRC blogs
Explore our blogs for expert insights, industry updates, and practical guidance
Designed to challenge ways of thinking and help your enterprise excel in GRC.
-
Designing your dream GRC home part 5: how thoughtful experience turns good design into real adoption
Read more: Designing your dream GRC home part 5: how thoughtful experience turns good design into real adoptionBy Head of Client Solution Design, Lionel Matsuya So far in this series, I’ve talked about foundations, connectivity, security, and wiring. These are the things that tend to dominate conversations about GRC platforms: scope, features, controls, automation, and capability. But there’s another layer that quietly determines whether any of that effort delivers value: that layer…
-
Designing your dream GRC home part 4: wiring the house – making automation helpful, not burdensome
Read more: Designing your dream GRC home part 4: wiring the house – making automation helpful, not burdensomeBy Head of Client Solution Design, Lionel Matsuya If foundations set the purpose, and corridors shape the flow, wiring determines whether a house actually works in day-to-day life. And just as modern homes are filled with smart devices, sensors and integrations, today’s GRC environments are increasingly wired with automation, clever logic and AI. Here’s the central idea upfront: Automation in GRC technology isn’t about throwing in every…
-
A practical step‑by‑step guide to the Third‑Party Risk Management lifecycle
Read more: A practical step‑by‑step guide to the Third‑Party Risk Management lifecycleThird parties keep modern businesses running. Vendors host systems, process data, deliver critical services, and sit inside day-to-day operations. That reality creates two truths at once: The problem is not that teams do not understand the risk. The problem is that a lot of third-party risk management (TPRM) programs were built for a simpler world.…
-
Designing your dream GRC home part 3: security and access
Read more: Designing your dream GRC home part 3: security and accessBy Head of Client Solution Design, Lionel Matsuya In the first two articles of this series, I explored 2 foundational aspects of Governance, Risk & Compliance (GRC) solution design: understanding organizational needs and stakeholder expectations, and designing effective connectivity between risk, control and assurance functions. In this 3rd blog, I focus on security and access: not in the narrow sense of cyber or technical controls, but as a core…
-
From compliance to confidence: a practical guide to a proactive always on data privacy program
Read more: From compliance to confidence: a practical guide to a proactive always on data privacy programMost large organizations say they have privacy covered. And on paper, they do. In practice, privacy often lives as disconnected work: documents, templates, and one-off reviews that prove something happened once, not a system that controls what happens next. That gap matters because privacy risk is created by change. A new analytics use case. A…
-
Beyond the checkbox: A value‑based guide to enterprise conflict of interest management
Read more: Beyond the checkbox: A value‑based guide to enterprise conflict of interest managementThe conflict-of-interest wake-up call Most organizations do have a conflict of interest (COI) policy. What they actually have, in practice, is this: Legacy GRC will tell you that’s “good coverage.” It isn’t. It’s paperwork. Conflicts of interest rarely blow up because they were hidden. They blow up because they were normalized, misunderstood, or never escalated until after a decision was made and challenged. If you’re trying to run effective value-based…
-
What a Head of Controls looks for in a GRC platform: A real-life case study and the common mistakes to avoid
Read more: What a Head of Controls looks for in a GRC platform: A real-life case study and the common mistakes to avoidAt CoreStream GRC, we recently wrapped up a successful GRC implementation with Wickes, and it highlighted something we see time and again. The difference between a smooth GRC rollout and a painful one is rarely about features alone. It usually comes down to a handful of early decisions. Small choices that either remove friction or…
-
Stop playing defense: The comprehensive guide to enterprise risk management for value-based GRC leaders
Read more: Stop playing defense: The comprehensive guide to enterprise risk management for value-based GRC leadersThe enterprise risk management wake-up call Enterprise risk management (ERM) has been talked about for years. Yet, in practice, many programs still amount to little more than documentation and reporting. While, they may look reassuring on paper, they are rarely tested when it matters. In our conversation with our expert community, we have seen that…
-
What the team has learnt in 2025: 6 quick fixes for GRC
Read more: What the team has learnt in 2025: 6 quick fixes for GRC2025 has been a revealing year for Governance, Risk and Compliance teams. Across CoreStream GRC’s community events in London and New York, industry events like #RISK Europe, our design workshops and hundreds of conversations with clients and experts, one interesting theme kept surfacing. Many of the most common GRC challenges are not structural failures. They…
-
Why public sector teams choose CoreStream GRC for information asset management
Read more: Why public sector teams choose CoreStream GRC for information asset managementPublic sector organizations are under constant pressure to manage complex information environments and stay compliant with GDPR, the DSP Toolkit and internal information governance standards. A reliable information asset register is no longer a nice-to-have. It is the baseline for safe data processing, confident audits, and accountable governance. This is where CoreStream GRC stands out. Public sector teams choose…
Ready to speak to our experts?
Discover our case studies
The success stories of flexible intuitive GRC technology
-
CASE STUDY: UNT Health
Conflict, clarity, and courageous integrity: How UNT Health streamlined compliance with CoreStream GRC About UNT Health The University of North Texas Health Science Center (UNT Health) formerly known as HSC, is a dynamic academic health center with a 50-year legacy. With 6 schools, including the newly added College of Nursing, and 4 research institutes focused…
-
GUIDE: COI sample questions
Conflict of Interest: sample questions to start the conversation Sample prompts from CoreStream GRC to support transparent, ethical governance. Disclaimer: This guide provides sample questions and considerations for discussion only. It is not an exhaustive list and should not be used as a compliance form. Always tailor your conflict of interest process to your organization’s…
-
CASE STUDY: Shell Energy
Unlocking time and efficiency: Shell Energy’s success with CoreStream GRC’s Risk Management solution About the client First Utility Group is a challenger energy and broadband provider, operating as a wholly owned subsidiary of the Shell Petroleum Company Limited (Shell). Challenge The growing pains of a rapidly expanding business As First Utility’s business expanded quickly, its…
Ready to upgrade your GRC tech?
Contact the team and request your demo today.
This form may not be visible due to adblockers, or JavaScript not being enabled.