How CoreStream achieved ISO27001 certification

01 Oct

CoreStream is proud to announce that we have had our ISO27001 certification approved for another year. ISO 27001 accreditation means that our customers and their end users are assured that their information assets are secure and managed in accordance with the strictest international standards. “ISO 27001 certification assures our customers that CoreStream has robust controls, processes and formal documentation in place, that we manage risk appropriately, and that we have the necessary controls and documentation to ensure the physical and logical security of assets and personnel” states Sophie Lis, Head of Operations. “We use the CoreStream Platform internally to manage the end to end ISO27001 process, meaning we have a complete audit trail of policies, processes, risks, controls, control assessments, deficiencies and incidents”. If you would like further information on how the CoreStream Platform can help you achieve ISO27001 certification then please contact us at


New CoreStream website launched

23 Jun

CoreStream is proud to announce the launch of our new, improved website ( We are confident that it reflects our company values; delivering innovative, intuitive and user focussed technology solutions.

CoreStream is a Crown Commercial Service (CCS) supplier

25 Feb

CoreStream is proud to announce that we have recently become a Crown Commercial Service (CCS) supplier.

The Crown Commercial Service (CCS) works with both departments and organisations across the whole of the public sector to ensure maximum value is extracted from every commercial relationship, and to improve the quality of service delivery. The CCS goal is to become the “go-to” place for expert commercial and procurement services.

CoreStream to attend the ICO Data Protection Practitioner Conference 2015

12 Feb

CoreStream is proud to announce that we will be attending the ICO Data Protection Practitioner Conference at Manchester Central Convention Complex on 2nd March 2015. You can follow the event on Twitter at #dppc2015

The conference will provide an opportunity for data protection practitioners to raise questions, hear presentations on a range of topical issues, subscribe to relevant seminars and meet others engaged in similar roles across all sectors.

CoreStream will be running a stand at the event, to provide information on our Information Asset Manager module (and our other modules) and answer any questions delegates may have. We hope to see as many of you there as possible!

What we have been up to and what there is to look forward to…

10 Feb

It was an extremely busy 2014 for all at CoreStream. We successfully implemented our Platform at a number of clients including First Utility, NHS England, and the BBC.

In addition to client engagements we continue to develop the core platform and during 2014 we have:

  • Launched 2 new modules – Workflow Manager and Information Asset Manager;
  • Launched a new document management feature as part of our Policy Manager; and
  • Continued to evolve our Risk Manager module to include;
      • Enhanced reporting including heat maps and historical comparison charts;
      • A flexible risk register with the ability to link to other GRC content such as mitigating action plans, processes, policies and controls; and
      • Advanced download function to export risks and linked content to Excel.

During 2015, in addition to client engagements we will be publishing a number of thought pieces, continuing to enhance our core platform AND releasing our new Regulation Manager. Please look out for further announcements!

All the best,

The CoreStream team.

Version 2 of the CoreStream Platform is launched!

23 Feb

Version 2 of the CoreStream Platform has been successfully launched during January 2014.  The new version has integrated several new features, including:

  • A flexible workflow component that can be rapidly configured to support all manner of worklow processes from business case or marketing asset approval to reporting supplier nonconformities and approving holiday or expense requests.  All your worklow processes in one place!
  • The ability to disseminate GRC content (policies, risks, processes/procedures) to relevant stakeholder groups, creating a tailored portal for each user.  No search time and demonstrable proof that GRC content is being consumed by relevant groups.
  • Automating the creation of review tasks to ensure that content owners (e.g policy authors) are set tasks to periodically review their content and ensure it is remains relevant.

To arrange your free demonstration, please contact CoreStream on or 020 7100 4378.

Operational Risk and Regulation Magazine’s GRC Special Feature

12 Nov

The recent article written by CoreStream on fostering a desirable Governance, Risk and Compliance (GRC) culture was part of a wider GRC special edition in the Operational Risk and Regulation Magazine.

This free download is the full PDF version of this special edition.

Please download Op Risk & Reg – GRC Special Edition

A cultural guide to GRC

01 Nov

CoreStream offers a set of considerations when implementing or refining a practice, be it integrated governance, risk & compliance (GRC) or a single risk or compliance area, with the primary aim of fostering the right culture. There isn’t a one-size-fits-all approach to effective GRC, but there are common threads that will have a significant impact on the likelihood of success.

This article was published in the November 2013 edition of the Operational Risk and Regulation Magazine and is available as a PDF download: CoreStream – Fostering a GRC Culture.

To discuss this article, anything else GRC related or to arrange a demonstration of our latest version of the CoreStream Platform which now includes a flexible, user friendly workflow engine, please contact CoreStream on or 020 7100 4378.

How CoreStream achieved ISO27001 certification in just 6 weeks (Casestudy by The British Assessment Bureau)

26 Sep

The fast track to ISO 27001: How CoreStream achieved certification in just 6 weeks (Casestudy by The British Assessment Bureau)

CoreStream recently achieved ISO 27001 certification with BAB. Very much a natural step for the company, CoreStream themselves provide software products based around Governance, Risk and Compliance (GRC). Here, we talk to Richard Eddolls who was responsible for implementing the information security management standard, learning how their GRC Platform helped them achieve certification in just 6 weeks.

Identifying an opportunity in the market for a solution that helps organisations cope with increasing regulatory and ethical obligations, CoreStream developed their GRC Platform to help customers clearly document and manage their policies, risks, processes and controls. ISO 27001, therefore, gave CoreStream an opportunity to walk the talk, whilst certification would give the added credibility from being checked by a third-party. Moreover, they would gain insight from using their software as one of their own clients would.

Initially, CoreStream were visited by BAB for their Stage 1 audit. This visit is intended to establish what organisations already have in place, leaving the client with a Gap Analysis and an action plan to move forward with. Richard Eddolls at CoreStream explained how their preparation began;

“The Stage 1 visit from BAB showed us what deficiencies we had when it came to meeting ISO 27001’s requirements. Whilst we had much in place already, there were some tweaks here and there which would clearly lead to improvements. It was then we used our software, which gave us the functionality to record non-conformities and set actions. It meant nothing could be missed, so we could approach our formal Stage 2 audit with confidence.”

Any thriving business will suffer from growing pains at some stage. As a result, knowing who does what, when and how can become difficult, which is when issues can creep in. These could be from small problems that affect efficiency, to more serious problems that will ultimately upset clients and damage reputation. CoreStream take their reputation seriously so this was a big driver for them.

A successfully implemented management system such as ISO 27001 gives back confidence, minimising mistakes and the associated re-work from addressing them. No wonder then, at a time when there are regular information security blunders hitting the headlines, ISO 27001 has grown in popularity.

Once ready, it was time for CoreStream to be visited again by an auditor, this time for the formal Stage 2 audit. Richard shared his thoughts;

“Despite a number of us working in risk and compliance for several years, we were a little nervous about being the focal point of an audit ourselves. We needn’t have been concerned. As with the Stage 1 audit, the auditors were incredibly helpful and went beyond merely looking for non-conformities by discussing with us ways in which we might improve our management system. Our GRC platform also made the audit process more efficient, being able to access a single system containing all our policies, processes, risks and controls.”

Successfully achieving certification ISO 27001 first time round without any issues was testament to Richard, his colleagues and, of course, their GRC Platform. He explained how CoreStream were keeping on top of things moving forward;

“As our Information Security Management System (ISMS) has matured, our platform is used to build a policy library, providing a permission-controlled online repository for all interested (and authorised) parties to access. Our risk assessment programme is also managed by our platform, supporting the identification, categorisation and scoring of risks to information security. Simply put, the people that need access, can access the right things with a clear picture of where we are overall; it saves us an enormous amount of time.”

He added;

“Fully populated, our platform now supports our operational ISMS. Audit assessments, issue and remedial action management and policy and processes reviews are all conducted using a single platform, avoiding the complexity of using disparate systems. Our Senior Leadership team is able to monitor performance of our ISMS via a reporting dashboard which provides real-time information on the state of compliance at any point in time. In addition, all business processes documented in the system are now ready for reuse, effectively accelerating the management of other internal or regulatory requirements.”

The elimination of needless duplication will stand CoreStream in good stead, as they’re planning to implement other ISO standards – which all share a common structure – in the future.

Richard commented;

“Implementing ISO 27001 with our platform was a great way of practicing what we preach! Better yet, it helped us achieve certification from scratch in only 6 weeks. Now, we’re delighted to be able to show our clients that we meet an internationally recognized standard; hopefully reminding them that they made the right choice in choosing us.

From an internal point of view, we can now take on the other standards safe in the knowledge that the impact of doing so is reduced. Our longer-term aim is to ensure that all controls implemented within our business (possibly as a result of regulation or legislation) are documented and assessed in the same way, increasing the value of having a single, collaborative system.”

CoreStream are offering a free demonstration to fellow BAB clients of their GRC platform to show how it can save time and hassle in managing ISO certification and other regulatory or ethical requirements. You can contact CoreStream directly on 020 7100 4378 or email

Effective Enterprise Risk Management

13 Sep

Another interesting article from Guy Carpenter on effective enterprise risk management (ERM).  It is primarily focused on the insurance industry but a number of the suggestions apply to other industries.!

Interestingly from our perspective, there is no specific reference to risk management software or any form of technology solution.  Whilst we do not profess that technology is the solution (it is more of an enabler), it is an important one none-the-less.  Selecting the right technology for the scope intended is critical to ensuring that it is adopted effectively, satisfies requirements and is not a drain on ERM budgets without delivering the intended benefits.

1 2 3 4