How Enhesa and CoreStream GRC GRC help you turn EHS and sustainability pressure into a joined up, defensible GRC program
If you want to see how leading organizations are folding EHS and ESG into their core GRC framework, this is the place to start.
1. Integrating Environment, Health & Safety (EHS), Environmental, Social, and Governance (ESG) and Governance, Risk and Compliance (GRC)
Sustainability and EHS used to sit in their own corner of the business. Now they are front and center in board conversations, investor Q&As and regulatory inspections.
This joint Enhesa and CoreStream GRC webinar digs into a simple question:
What happens when you treat EHS and sustainability compliance as a core part of your GRC framework, instead of a separate workstream?
Hosted by Jill Newberg (Go-to-Market Lead, Enhesa EHS Intelligence), the session brings together:
- Michael Rasmussen, GRC analyst at GRC 20/20
- Paul Cadwalader, GRC Strategy Director, CoreStream GRC
- Mary Foley, Expert Services Strategy Director, Enhesa
Over the hour, they explored several topics including.
- How fast ESG and EHS regulation is moving
“Our team identified almost 1,200 new ESG-related regulatory developments in the first six months of this year alone.”
Mary Foley, Expert Services Strategy Director, Enhesa
- Why boards are suddenly paying attention
“Boards are very involved in ESG… this isn’t something to approach tactically but strategically.“
Michael Rasmussen, GRC analyst at GRC 20/20
- How to build a joined-up technology and content stack that can stand up to scrutiny
“You need a defensible system of record that shows what policy was communicated when, what ESG control was monitored, assessed and by who.”
Michael Rasmussen, GRC analyst at GRC 20/20
Want a preview? Watch below to see the conversation in action.
2. Why to watch this conversation on sustainability, EHS and GRC
If you are feeling the pressure from EU Corporate Sustainability Reporting Directive, Corporate Sustainability Due Diligence Directive (CS3D), International Financial Reporting Standards Sustainability Disclosure Standard S1and S2 or emerging climate and human rights rules, you are not alone.
This webinar is worth your time if you want to:
- Stop firefighting spreadsheets
Michael describes many EHS and ESG programs as a “Winchester Mystery House” of point solutions, local tools and manual work. The panel shows how to move from that chaos to a designed, integrated GRC model. - Connect outside risk with inside controls
Enhesa tracks hundreds of regulatory change events each business day in EHS and sustainability. The discussion shows how that content flows into CoreStream GRC so you can map laws to policies, risks and controls, then prove what happened and when. - Give your board the view they are asking for
With CSRD and similar rules, boards are now directly accountable for ESG reporting. The panel explains how to build a defensible system of record that links strategy, risk, third parties and day to day controls in one place. - Treat ESG as strategic resilience, not just reporting
Several examples show how leading organizations are using ESG as a lens on strategic resilience, not a box ticking exercise.
3. What you will learn about EHS and sustainability
a. The new reality of ESG and EHS in GRC
- Why ESG risks such as climate, biodiversity, supply chain labor practices and pandemics are rising to the top of global risk reports.
- How many firms still over focus on cyber risk while underestimating environmental and social exposure.
- Why are regulators, investors, customers and employees pulling ESG and EHS into the same conversation.
“Environmental and social risks dominate global risk reports, yet many organizations still treat them as secondary.”
Michael Rasmussen, GRC analyst at GRC 20/20
b. How boards and C-level leaders are engaging in sustainability governance
- How EU CSRD and CS3D force direct board oversight of sustainability strategy and reporting.
- Why global firms headquartered outside the EU still fall into scope.
- How some companies now describe ESG as their “strategic resilience program” rather than an add on.
“We’re seeing significant board level attention on ESG. Regulations like CSRD demand strategic oversight, not a side activity.”
Michael Rasmussen, GRC analyst at GRC 20/20
c. Navigating the complexity and volume in global ESG and EHS regulations, CSRD requirements and sustainability compliance obligations
Enhesa data shows:
- Almost 1,200 new ESG related regulatory developments in just 6 months.
- Hundreds of EHS related regulatory change events every business day across the globe.
You will see why it is no longer realistic to track this only with local teams and manual monitoring.
d. Why technology and content have to work together for ESG, EHS and compliance automation
The webinar walks through a practical split:
- Enhesa provides the regulatory intelligence
- Coverage of EHS and sustainability regulations across 400 plus jurisdictions and almost 40 languages.
- Interpreted and translated into actionable requirements for operations and supply chains.
- CoreStream GRC provides the governance, risk and compliance platform
- A configurable, no code GRC platform that acts like a box of Lego bricks so you can build the processes you need.
- Mapping regulatory obligations to policies, risks, controls, assessments, issues and third party oversight.
- Creating a defensible audit trail that shows what you knew, what you did, and when.
Together, they support a 360-degree view of ESG and EHS within your wider GRC program.
e. How to use your existing GRC framework for CSRD compliance, sustainability reporting and ESG risk management
The speakers outline how to:
- Reuse existing GRC building blocks such as policy management, risk assessment, controls and assurance for ESG topics.
- Map Enhesa regulatory content to your current policies and identify gaps.
- Extend mature financial reporting controls to cover sustainability metrics, rather than reinventing everything from scratch.
f. A step by step ESG and EHS compliance realistic roadmap for building a mature, integrated GRC framework
You will hear a step-by-step view of the journey:
- Define your ESG and EHS strategy and who owns it.
- Map the current state: tools, data, processes, overlaps and gaps.
- Design a target operating model that brings EHS, sustainability, finance, compliance, audit and procurement together.
- Choose an agile GRC platform that can adapt to ESG and EHS, not just IT or financial risk.
- Deliver in phases with clear milestones, rather than aiming to “boil the ocean”.
- Keep space for change as new rules and expectations emerge.
Ready to learn more?
If you want to move from siloed ESG and EHS activity to a joined up, auditable GRC approach, this webinar is a good place to start.
Condensed transcription of the EHS ESG GRC webinar
The Role of EHS and Sustainability Compliance in GRC
Introduction GRC EHS
Jill Newberg:
Welcome to today’s webinar on the role of EHS and sustainability compliance in GRC.
I’m Jill Newberg, go-to-market lead for Enhesa EHS Intelligence and your host today.
This is a joint webinar with CoreStream GRC. Joining me are Mary Foley from Enhesa, Paul Cadwallader from CoreStream GRC, and Michael Rasmussen of GRC 2020.
You can submit questions through the Q&A function, and we’ll answer as many as we can at the end. We’ll also share the recording and slides after the session.
I’ll hand it over to Paul for a brief introduction to CoreStream GRC.
CoreStream GRC introduction
Paul Cadwallader:
Thank you very much, Jill.
CoreStream GRC is a no-code, next-generation GRC platform that helps organizations manage governance, risk, and compliance in an integrated way.
It helps organizations achieve objectives, manage risk, and support compliance with a flexible, 360-degree view of GRC.
Enhesa introduction
Jill Newberg:
Thank you, Paul. To briefly introduce Enhesa: our mission is to help businesses create a safer and more sustainable future through actionable EHS and sustainability intelligence.
Our legal analysts translate global regulations into practical guidance so companies can understand current requirements, prepare for what is coming, and act confidently across jurisdictions.
We cover more than 400 jurisdictions in nearly 40 languages, supporting companies with EHS intelligence, product intelligence, sustainable chemistry, and corporate sustainability solutions.
With that, I’d like to bring in Michael Rasmussen to set the context for GRC and explain why EHS and sustainability compliance are becoming central to it.
Michael, we’re hearing from clients that disclosure and sustainability reporting are putting much more attention on EHS and sustainability compliance. Can you frame what that means in GRC terms?
We’d love to kick off today’s webinar by hearing from you. Please provide our audience with some context for GRC, what it is, what it does, and how it helps companies build a framework for governance, risk management, and regulatory compliance.
Michael Rasmussen: GRC, ESG and EHS
Michael Rasmussen:
Thank you so much.
I research governance, risk, and compliance challenges, including ESG and EHS, and how companies address them through strategy, process, and technology.
We’re facing what I call a tale of two futures: a more resilient, sustainable future, or a far more unstable one. The decisions governments, companies, and individuals make now will shape that outcome.
Too many GRC programs still focus heavily on cyber and IT risk, while environmental, health, safety, and broader ESG risks remain underrepresented, even though they are clearly material.
The environment is changing fast: regulations are accelerating, risk conditions are shifting, and businesses themselves are constantly evolving through operational change, acquisitions, and new third-party relationships.
The modern organization is chaotic. It is changing minute by minute and second by second.
The modern organization is an extended enterprise. Your suppliers, contractors, and partners can create environmental, health and safety, social, and governance risks that become your risks too.
That is why trust, integrity, and a coordinated operating model matter so much.
Too often, EHS and ESG programs have grown piecemeal over time, like the Winchester Mystery House—lots of additions, but no single design.
Organizations need to step back, define what good looks like, and design EHS and ESG into GRC intentionally rather than reacting issue by issue.
I like to define ESG as doing the right thing. It is about being the bastion of integrity.
At its core, ESG is about values put into practice. Policies, culture, and day-to-day decisions all have to align, or the organization creates risk for itself.
That is where GRC comes in. GRC helps organizations set objectives, understand the risks to those objectives, and act with integrity in how they respond.
EHS and ESG are not side issues. They need to be managed as part of the broader GRC framework, with clear ownership, shared processes, and coordination across functions.
To do that well, companies need reliable regulatory intelligence, clear workflows, and a defensible system of record. Enhesa provides the intelligence, and CoreStream GRC helps operationalize it inside a broader GRC program.
Together, that gives organizations a more agile way to monitor change, manage controls, resolve issues, and improve resilience.
Those are my opening thoughts.
CoreStream GRC’s technology role
Jill Newberg:
Thanks, Michael. Paul, how does CoreStream GRC support that in practice?
Paul Cadwallader:
CoreStream GRC is built to be flexible. Organizations can map regulatory intelligence into policies, risk assessments, controls, workflows, and reporting in a way that fits how they already operate.
The goal is to standardize and digitize key GRC processes, connect them end to end, and create a clear line of sight from regulatory change to action and assurance.
Enhesa’s content role
Jill Newberg:
Thanks, Paul. Mary, where does Enhesa’s content fit in that framework?
Mary Foley:
It starts with knowing what applies to you. Enhesa’s role is to provide the regulatory intelligence companies need across jurisdictions, operations, and supply chains.
The pace of change is significant. We are seeing large volumes of new and updated ESG-related requirements, including major developments such as the CSRD, CSDDD, and IFRS sustainability standards.
That creates compliance, reporting, supply chain, and reputational risks. When that intelligence is integrated into CoreStream GRC, companies can connect EHS and ESG compliance more directly to their wider GRC processes.
Panel discussion – common questions of EHS and ESG
Are EHS and sustainability becoming more important at C-level?
Jill Newberg:
Let’s move into our panel discussion. First question: are EHS and sustainability becoming more important at the C-level?
Michael Rasmussen:
Yes, definitely. In many organizations, these issues are now getting board-level attention, especially as regulations such as the CSRD and CSDDD raise expectations around oversight, reporting, and accountability.
Those are some opening thoughts.
Paul Cadwallader:
I agree. Regulation is a major driver, but so are stakeholder and customer expectations. Executives want more integrated information so they can make better strategic decisions and use ESG and EHS as part of competitive positioning.
Mary Foley:
Yes. The reporting standards themselves make that clear. Environmental and social disclosure requirements increasingly rely on data that many companies already hold somewhere in the business, which is why leadership attention is growing.
How can companies use their existing GRC framework to meet new reporting requirements?
Jill Newberg:
Our second question: how can companies use their existing GRC framework to meet new reporting requirements?
Michael Rasmussen:
First, remember that a GRC framework is bigger than technology. It includes strategy, process, ownership, and continuous improvement. Companies should use what they already have to learn, align, perform, and improve rather than treating sustainability reporting as a separate exercise.
Paul Cadwallader:
I would build on what already exists. Many companies already have policies, controls, reporting processes, and governance structures in place. The opportunity is to connect and extend those capabilities rather than reinventing them.
Mary Foley:
I agree. Collaboration is key. Look at what data, controls, and structures you already have, make sure you can access them efficiently, and then identify the real gaps.
What is the best-case future state for sustainability and EHS as part of GRC?
Jill Newberg:
For our final panel question: what is the best-case future state for sustainability and EHS as part of GRC, and how do companies get there?
Michael Rasmussen:
The future state is an integrated model with a clear strategy, defined ownership, aligned processes, and the right technology foundation. To get there, organizations need to understand their current state, define the target state, build a roadmap, and break the work into manageable phases.
Paul, from your point of view, the same question.
Paul Cadwallader:
Today, most organizations still manage these areas in silos. The future state is integrated capability across ESG, EHS, GRC, and the supply chain, supported by executive buy-in and aligned to broader business and transition objectives.
Mary Foley:
I would emphasize integration and transparency. Sustainability reporting is becoming more connected to financial reporting, and companies need infrastructure that can support traceable, report-ready data over time.
Jill Newberg:
Thank you all. The discussion makes it clear that EHS and sustainability compliance are becoming essential parts of GRC, and that companies need stronger data, reporting infrastructure, and cross-functional coordination to keep up.
How do you build a business case for investing in technology for GRC and compliance?
Jill Newberg:
Our first audience question: how do you build a business case for investing in GRC and compliance technology?
Michael Rasmussen:
Start with the gap between your current state and your target state. Then build the case around four areas: efficiency, effectiveness, resilience, and agility.
The third angle is resilience: improving the organization’s ability to find EHS and ESG issues and contain them while they are still small, before they become big issues for the organization.
If technology reduces manual effort, improves control execution, helps contain issues earlier, and enables the organization to keep up with change, the value becomes much easier to demonstrate.
ESG involves many roles across the company. How do we get them all working together?
Jill Newberg:
Next question: ESG spans many roles across the company. How do you get them working together?
Michael Rasmussen:
First, identify the roles involved across environmental, health and safety, supply chain, HR, compliance, controls, and reporting. Then make ownership clear and ensure whoever leads the effort can work collaboratively across functions.
Without that collaboration, ESG and GRC efforts stay fragmented.
What practical steps should we take if we have not begun integrating ESG and GRC?
Jill Newberg:
Next question: what practical steps should a company take if it has not yet started integrating ESG and GRC?
Paul Cadwallader:
Start with the regulatory requirements you need to understand. Map that intelligence into your existing policies and processes, identify the gaps, and then prioritize the actions needed to close them.
Just as importantly, connect those practical steps to your wider business objectives so the work supports a longer-term strategy rather than becoming a standalone exercise.
Where is the regulatory environment going next?
Jill Newberg:
Final question: where is the regulatory environment going next?
Mary Foley:
We will continue to see major sustainability regulations mature, supported by more guidance and increasing interoperability across reporting frameworks. At the same time, more jurisdiction-level ESG compliance requirements are likely to emerge.
Final close
Jill Newberg:
That is all the time we have today. Thank you to Michael, Paul, and Mary, and thank you to CoreStream GRC for co-hosting.
Thank you all for joining us.
Speakers:
Goodbye, and thank you!
FAQ on ESG, EHS and GRC Integration
This webinar is designed for anyone responsible for managing sustainability, EHS, risk or compliance inside their organization.
It’s especially relevant for Heads of Risk, Compliance and Internal Audit who want ESG and EHS to sit inside their existing GRC framework. It’s also built for ESG and sustainability leads who need a repeatable, tech enabled reporting process, EHS leaders whose operational data now feeds mandatory disclosures, finance teams preparing for integrated reporting, and GRC owners looking to connect regulatory intelligence with workflows, metrics and controls.
It means treating environmental, health and safety compliance and sustainability reporting as part of your core governance, risk and compliance framework instead of separate workstreams. This lets you align regulations, risks, controls and reporting in one place.
Regulations like the EU CSRD and CS3D require direct board oversight of sustainability strategy and reporting. Boards are now accountable for ESG disclosures, risk management, supply chain due diligence and internal controls.
Technology reduces manual work, automates evidence gathering, centralises controls and creates a defensible audit trail. Platforms like CoreStream GRC help you map regulatory obligations, assign owners, run assessments and prove adherence.
CoreStream GRC centralizes data, workflows and evidence so you can manage ESG controls, map regulatory obligations, run risk assessments and demonstrate compliance. It’s no code flexibility lets organizations adapt quickly as regulations evolve.
Risk leaders, ESG and sustainability professionals, EHS managers, finance teams preparing for integrated reporting, and GRC owners looking for real examples of how to operationalise ESG within their compliance framework.
