GRC blogs

Explore our blogs for expert insights, industry updates, and practical guidance

Designed to challenge ways of thinking and help your enterprise excel in GRC.

linkedin page

grc 2020 blog

Blog

Designing your dream GRC home part 6: growth & adaptability that last

March 10, 2026

By Head of Client Solution Design, Lionel Matsuya Over the years advising organizations on risk and control design, I have seen a consistent pattern. GRC frameworks and solutions are implemented thoughtfully and with real commitment. For a time, they work well: reporting is clear, ownership is understood, and assurance has structure. Then the organization changes, and the GRC platform can’t keep up. Growth introduces…
Read more: Designing your dream GRC home part 6: growth & adaptability that last
Blog

How ISO 31000 makes your business faster, more confident, and more competitive

February 27, 2026

“ISO 31000 is an international standard that provides principles and guidelines for risk management. It outlines a comprehensive approach to identifying, analyzing, evaluating, treating, monitoring and communicating risks across an organization. “ International Standard on Governance of Organizations (ISO) ISO frames risk as the “effect of uncertainty on objectives.” That is a big shift from the traditional approach of asking “what…
Read more: How ISO 31000 makes your business faster, more confident, and more competitive
Blog

Designing your dream GRC home part 5: how thoughtful experience turns good design into real adoption

February 24, 2026

By Head of Client Solution Design, Lionel Matsuya So far in this series, I’ve talked about foundations, connectivity, security, and wiring. These are the things that tend to dominate conversations about GRC platforms: scope, features, controls, automation, and capability. But there’s another layer that quietly determines whether any of that effort delivers value: that layer…
Read more: Designing your dream GRC home part 5: how thoughtful experience turns good design into real adoption
Blog

Designing your dream GRC home part 4: wiring the house – making automation helpful, not burdensome

February 17, 2026

By Head of Client Solution Design, Lionel Matsuya If foundations set the purpose, and corridors shape the flow, wiring determines whether a house actually works in day-to-day life. And just as modern homes are filled with smart devices, sensors and integrations, today’s GRC environments are increasingly wired with automation, clever logic and AI. Here’s the central idea upfront: Automation in GRC technology isn’t about throwing in every…
Read more: Designing your dream GRC home part 4: wiring the house – making automation helpful, not burdensome
Blog

A practical step‑by‑step guide to the Third‑Party Risk Management lifecycle

February 16, 2026

Third parties keep modern businesses running. Vendors host systems, process data, deliver critical services, and sit inside day-to-day operations. That reality creates two truths at once: The problem is not that teams do not understand the risk. The problem is that a lot of third-party risk management (TPRM) programs were built for a simpler world.…
Read more: A practical step‑by‑step guide to the Third‑Party Risk Management lifecycle
Blog

Designing your dream GRC home part 3: security and access

February 10, 2026

By Head of Client Solution Design, Lionel Matsuya In the first two articles of this series, I explored 2 foundational aspects of Governance, Risk & Compliance (GRC) solution design: understanding organizational needs and stakeholder expectations, and designing effective connectivity between risk, control and assurance functions. In this 3rd blog, I focus on security and access: not in the narrow sense of cyber or technical controls, but as a core…
Read more: Designing your dream GRC home part 3: security and access
Blog

From compliance to confidence: a practical guide to a proactive always on data privacy program

January 29, 2026

Most large organizations say they have privacy covered. And on paper, they do. In practice, privacy often lives as disconnected work: documents, templates, and one-off reviews that prove something happened once, not a system that controls what happens next. That gap matters because privacy risk is created by change. A new analytics use case. A…
Read more: From compliance to confidence: a practical guide to a proactive always on data privacy program
Blog

Beyond the checkbox: A value‑based guide to enterprise conflict of interest management

January 23, 2026

The conflict-of-interest wake-up call Most organizations do have a conflict of interest (COI) policy. What they actually have, in practice, is this: Legacy GRC will tell you that’s “good coverage.” It isn’t. It’s paperwork. Conflicts of interest rarely blow up because they were hidden. They blow up because they were normalized, misunderstood, or never escalated until after a decision was made and challenged. If you’re trying to run effective value-based…
Read more: Beyond the checkbox: A value‑based guide to enterprise conflict of interest management
Blog

What a Head of Controls looks for in a GRC platform: A real-life case study and the common mistakes to avoid

January 13, 2026

At CoreStream GRC, we recently wrapped up a successful GRC implementation with Wickes, and it highlighted something we see time and again. The difference between a smooth GRC rollout and a painful one is rarely about features alone. It usually comes down to a handful of early decisions. Small choices that either remove friction or…
Read more: What a Head of Controls looks for in a GRC platform: A real-life case study and the common mistakes to avoid
Blog

Stop playing defense: The comprehensive guide to enterprise risk management for value-based GRC leaders

January 13, 2026

The enterprise risk management wake-up call Enterprise risk management (ERM) has been talked about for years. Yet, in practice, many programs still amount to little more than documentation and reporting. While, they may look reassuring on paper, they are rarely tested when it matters. In our conversation with our expert community, we have seen that…
Read more: Stop playing defense: The comprehensive guide to enterprise risk management for value-based GRC leaders

Ready to speak to our experts?

Request a demo

Discover our case studies

The success stories of flexible intuitive GRC technology

GUIDE : Value-based compliance culture

February 23, 2026

Practical guide to implementing value-based compliance for cultural change This is a practical guide to implementing value-based compliance for real cultural change. Not the “annual training and hope for the best” version. The kind where people make the right call when no one is watching, and you can prove it without a spreadsheet scavenger hunt.…
CASE STUDY: UNT Health

February 20, 2026

Conflict, clarity, and courageous integrity: How UNT Health streamlined compliance with CoreStream GRC About UNT Health The University of North Texas Health Science Center (UNT Health) formerly known as HSC, is a dynamic academic health center with a 50-year legacy. With 6 schools, including the newly added College of Nursing, and 4 research institutes focused…
GUIDE: COI sample questions

February 18, 2026

Conflict of Interest: sample questions to start the conversation Sample prompts from CoreStream GRC to support transparent, ethical governance. Disclaimer: This guide provides sample questions and considerations for discussion only. It is not an exhaustive list and should not be used as a compliance form. Always tailor your conflict of interest process to your organization’s…

Ready to upgrade your GRC tech?

Contact the team and request your demo today.

This form may not be visible due to adblockers, or JavaScript not being enabled.