Archives: Case Studies
-
Controls management: how to prove value, not just activity
Read more: Controls management: how to prove value, not just activityKey takeaways Introduction: why controls management needs to move beyond activity Most organizations have controls in place. That is not the hard part. The harder question is whether those controls are effective, current, owned by the right people, supported by evidence and connected to the risks that matter most. This is the proof burden now sitting behind…
-
8 risk and compliance leaders to follow and learn from on LinkedIn
Read more: 8 risk and compliance leaders to follow and learn from on LinkedInWe’re shining a spotlight on the people shaping the future of governance, risk and compliance. LinkedIn is one of the best places to find real conversations about risk leadership, compliance culture, internal audit, AI governance, operational resilience and the future of GRC. In this blog, we’ve curated 8 GRC leaders worth following on LinkedIn. Their work spans: From established analysts and community…
-
The Novo Nordisk breach shows cyber extortion now targets far more than personal data – what risk and compliance leaders can learn from this
Read more: The Novo Nordisk breach shows cyber extortion now targets far more than personal data – what risk and compliance leaders can learn from thisKey takeaways What happened at Novo Nordisk? Reuters reported that cyber extortion group FulcrumSec claimed it spent more than 2 months inside Novo Nordisk’s network and stole more than 700,000 files, equal to roughly 1.3 terabytes of data. The group also claimed Novo Nordisk refused to pay a $25m extortion demand. Reuters said it could not immediately verify the authenticity of the data…
-
Why risk and compliance leaders should attend #RISK Expo Europe 2026
Read more: Why risk and compliance leaders should attend #RISK Expo Europe 2026Introduction: why #RISK Europe 2026 should be on every risk leader’s radar Risk is moving faster, crossing more business functions and creating pressure than ever before. Cyber risk now touches third-party oversight. Operational resilience depends on supplier visibility. AI governance is becoming a compliance, security and board reporting issue. This means risk leaders and their teams have a lot to…
-
The Modern CISO’s Compliance Stack: Frameworks, Automation and AI webinar
Read more: The Modern CISO’s Compliance Stack: Frameworks, Automation and AI webinarIntroduction: What should a modern CISO compliance stack actually look like? CISOs are being asked to protect the business across more frameworks, more regulatory expectations and more third-party assessments than many compliance programs were built to handle. The pressure is not theoretical. PwC’s Global Compliance Survey 2025 found that 85% of respondents said compliance requirements have become more complex in the last 3…
-
Spotlight on Women in GRC: Chief Compliance Officer on accountability, crisis management & leadership
Read more: Spotlight on Women in GRC: Chief Compliance Officer on accountability, crisis management & leadershipIn the latest episode of CoreStream GRC’s Spotlight on Women in GRC podcast, Lucy Montague speaks with Grace Suleyman, Chief Compliance Officer at an asset management company servicing insurance clients. Grace’s role spans legal, company secretarial, enterprise risk and compliance, giving her a broad view of what modern compliance leadership now requires. The discussion explores why senior GRC roles…
-
Why easy login can create risk in GRC and Conflict of Interest systems
Read more: Why easy login can create risk in GRC and Conflict of Interest systemsBy Mike VidoniSenior GRC Client Executive & Customer Success, CoreStream GRC Key takeaways Introduction: When does convenience become a control weakness? GRC teams need people to use their systems. A Conflict of Interest process cannot work properly if employees, or board members struggle to complete disclosures because the process is unnecessarily complicated. But login design is not simply a usability decision. It…
-
What is ISO 27001? A practical guide to information security management
Read more: What is ISO 27001? A practical guide to information security managementAbstract ISO 27001 gives organizations a structured way to manage information security risk. But for many teams, the real challenge is not understanding the standard. It is maintaining the evidence, ownership and control visibility needed to prove the system works. This guide should explain what ISO 27001 is, why it matters, how certification works, what Annex A controls cover, and why…
-
World Cup stadium strike was narrowly averted: how resilient are your critical suppliers?
Read more: World Cup stadium strike was narrowly averted: how resilient are your critical suppliers?Key takeaways Introduction: What happened at the 2026 World Cup? Days before the World Cup began, a supplier issue at one of the tournament’s highest-profile venues was narrowly avoided. Reuters reported that a union representing around 2,000 food and beverage workers at SoFi Stadium reached a tentative agreement with Legends Hospitality only days before the tournament. AP described the agreement as averting a…
-
Is the vendor risk assessment dead?
Read more: Is the vendor risk assessment dead?Is the traditional vendor questionnaire still fit for purpose? Imagine beginning a vendor assessment without sending another 200-question form. Before contacting the third party, you already understand who the organization is, who sits behind it, and whether there are public risk signals that warrant closer attention. You can ask the vendor for the evidence it already holds, identify the gaps that…