Webinar
-
AI is redefining third party risk: why your “approved” vendors may no longer be safe storage for data
Read more: AI is redefining third party risk: why your “approved” vendors may no longer be safe storage for dataFor years, vendor risk was treated almost exclusively as a procurement event. You assessed a new provider, negotiated terms, signed the contract and moved on to monitoring. However, that model is starting to break. The real issue now is not just new vendors entering your business ecosystem. Existing vendors are changing underneath you, in unprecedented…
-
Provision 29 compliance, explained: how boards can turn internal controls into a business advantage
Read more: Provision 29 compliance, explained: how boards can turn internal controls into a business advantageProvision 29 has changed the conversation for UK boards. This is no longer about showing you have policies, frameworks and good intentions on paper. It is about whether the board can stand up and say, publicly and with confidence, that the company’s material controls were effective at the balance sheet date, and explain how that conclusion was…
-
Conflict of interest software Request For Proposal template: questions and scoring
Read more: Conflict of interest software Request For Proposal template: questions and scoringEnter your details and we’ll email you the COI RFP template: For a lot of teams, the search for a Conflict of Interest management solution starts because the current process is no longer holding up. Maybe the business has no dedicated system and disclosures are being managed in spreadsheets, email chains, shared folders, or forms that were never designed for sensitive compliance workflows.…
-
Managing third party risk: what modern, risk based due diligence really requires
Read more: Managing third party risk: what modern, risk based due diligence really requiresHow VinciWorks and CoreStream GRC help you build a risk-based, defensible third-party risk management program. If you want a practical, easy to follow walkthrough of how to get third-party risk management right, this webinar is a great place to start. What this webinar is about: connecting Governance, Risk and Compliance (GRC) with smarter third-party due…
-
The new EU Cyber Resilience Act guidance is out. Here’s the business risk for compliance and risk teams
Read more: The new EU Cyber Resilience Act guidance is out. Here’s the business risk for compliance and risk teamsThe European Commission published draft EU Cyber Resilience Act guidance on March 3, 2026, and opened feedback until March 31. The draft focuses on the exact implementation knots teams have been struggling with: remote data processing, free and open-source software, support periods, and how the CRA fits with other EU laws. That means this is…
-
Designing your dream GRC home part 6: growth & adaptability that last
Read more: Designing your dream GRC home part 6: growth & adaptability that lastBy Head of Client Solution Design, Lionel Matsuya Over the years advising organizations on risk and control design, I have seen a consistent pattern. GRC frameworks and solutions are implemented thoughtfully and with real commitment. For a time, they work well: reporting is clear, ownership is understood, and assurance has structure. Then the organization changes, and the GRC platform can’t keep up. Growth introduces…
-
HF Sinclair’s CFO exits amidst a wave of prominent C-suite exits: breaking down the GRC trend behind the headlines
Read more: HF Sinclair’s CFO exits amidst a wave of prominent C-suite exits: breaking down the GRC trend behind the headlinesHF Sinclair’s CFO, Atanas Atanasov, took a voluntary leave of absence after concerns raised by the audit committee, one week after CEO Tim Go did the same. The internal review started after concerns were raised about the company’s 2025 disclosure process and “tone at the top,” and the audit committee ultimately reported no deficiencies in financial reporting controls or disclosure…
-
Director of Compliance & Information Governance, Sophie Lis included in Risky Women’s “Women to Watch”
Read more: Director of Compliance & Information Governance, Sophie Lis included in Risky Women’s “Women to Watch”CoreStream GRC is delighted to announce that Sophie Lis, our Director of Compliance and Information Governance, has been recognized as a Risky Women “Women to Watch”. This follows after her win as Innovator of the Year at the Women in GRC 2025 awards. Risky Women has been connecting, celebrating and championing women in governance, risk…
-
How ISO 31000 makes your business faster, more confident, and more competitive
Read more: How ISO 31000 makes your business faster, more confident, and more competitive“ISO 31000 is an international standard that provides principles and guidelines for risk management. It outlines a comprehensive approach to identifying, analyzing, evaluating, treating, monitoring and communicating risks across an organization. “ International Standard on Governance of Organizations (ISO) ISO frames risk as the “effect of uncertainty on objectives.” That is a big shift from the traditional approach of asking “what…
-
700+ passport scans exposed at Abu Dhabi Finance Week, reports say. Here’s the vendor mistake behind it
Read more: 700+ passport scans exposed at Abu Dhabi Finance Week, reports say. Here’s the vendor mistake behind itThis Abu Dhabi Finance Week leak is a vendor risk case study, not a cyber mystery The Financial Times and Reuters reported that a cloud environment linked to a third-party event vendor left scans of more than 700 passports and state identity documents accessible online via a web browser. The leak was discovered by security researcher Roni Suchowski, and the event reportedly hosted 35,000+…