Protecht

ISO 27001 certification usually takes 6-12 months. CBE Companies had 90 days. ISO 27001:2022 required auditable evidence, clear ownership and a documented information security management system that could stand up to external scrutiny. By using Protecht, CBE connected risks, controls, policies, assets and evidence in one place. That helped the team embed more than 30 recurring audit processes, map controls across frameworks and trace evidence from policy through to implementation. The result: certification in record time, and a stronger foundation for future audits and client assurance. Read the full story: https://bit.ly/4nDTRJ8 #RiskManagement #Compliance #GRC #CyberSecurity #RegTech

Cyber security is not just a technical discipline. It is what enables research, education and innovation to move forward safely. That is why Protecht is proud to sponsor the UNSW Cyber Security Summit 2026 on Tuesday, May 26 at the Roundhouse in Kensington. The summit brings together UNSW staff, students, cyber practitioners and industry partners to explore the risks shaping higher education today, from AI and identity risk to supply chain exposure, research data protection and emerging quantum considerations. We will be there with a booth throughout the day, and we are also pleased to be sponsoring the networking drinks from 4–5pm. Come and speak with the Protecht team about cyber risk, third-party risk, controls, compliance and how universities can build stronger resilience across distributed, complex environments. Find out more: https://bit.ly/4nz1noI #CyberSecurity #RiskManagement #GRC #HigherEducation #RegTech

Aged care oversight has changed. It’s no longer enough to show that policies exist or reports were produced. Providers now need to evidence what happened, who acted, and what changed as a result. That becomes difficult when incidents, complaints, workforce pressures, risks, and actions all sit in separate systems. The result? More reporting, but less confidence. Our blog explores why aged care providers need to rethink oversight, and how connected information can support clearer accountability and better decisions. Read more here: https://bit.ly/3PR4bRE #RiskManagement #Compliance #GRC #AgedCare #RegTech

And that's a wrap for our GRC Essentials For 2026 masterclass in Wellington. Tomorrow, we head to Auckland to meet a new group of governance, risk and compliance leaders. Across both sessions, the focus is practical: how GRC needs to evolve as organisations face growing complexity across AI, cyber and climate risk. That means moving beyond process-heavy risk management, building a working risk appetite, and connecting risk practices more directly to strategy, performance and outcomes. A huge thank you to everyone joining us in Wellington today, and to David Tattam, Michael Franklin (MScIT, CISM, CISA, CDPSE) and Shivali Kukreja for bringing such practical insight to the room. #RiskManagement #Compliance #GRC #RegTech #EnterpriseRiskManagement

AI is already moving faster than many governance models can support. APRA and ASIC are now pointing to the same problem from different angles: how organisations use AI, and how AI changes the threat environment around them. Boards need to know where AI is being used, who owns it, which controls apply, what third parties are involved, and whether assurance can keep pace. This means that AI risk needs to be connected to cyber, vendor risk, operational resilience, compliance, incidents, controls and assurance. Otherwise, risk teams are left managing a fast-moving enterprise risk through disconnected systems. The organisations that succeed with AI will not be the ones that avoid risk: they will be the ones that can evidence it is being managed. Find out more in our blog: https://bit.ly/42H74az #RiskManagement #GRC #Compliance #AI #RegTech

Healthcare boards do not need more reporting, they need clearer insight. Clinical governance, enterprise risk, cyber security, privacy, workforce pressure, aged care reform, digital health, AI and third-party risk are all reshaping the board agenda. But in many organisations, these risks are still reported through separate channels. In our fireside chat on Tuesday 16 June, Michael Howell speaks with Stewart Dowrick, experienced healthcare leader, advisor and former Chief Executive of Mid North Coast Local Health District. Together, they explore what healthcare boards really need from risk, compliance and clinical governance leaders, and how better data, clearer reporting and more connected governance can support better decisions. You’ll learn how to: • Understand what boards really look for in risk and governance reporting • Connect clinical governance with enterprise governance more effectively • Reframe cyber, privacy, AI and third-party risk as board-level governance issues • Turn fragmented reporting into clearer, more influential board insight. Register now: https://bit.ly/4dg7A5H #HealthcareRisk #ClinicalGovernance #RiskManagement #BoardReporting #Protecht

Cyber risk is already on the board agenda, but it’s not always embedded in how decisions are made. According to Gartner® research, How to Harmonize Cybersecurity Risk and Enterprise Risk Management: • 85% of CEOs say cybersecurity is critical for growth • 39% of directors link it to shareholder value • Only 21% of firms engage in strategic risk management/ We believe the research highlights a clear disconnect, where cyber risk is recognised as important but is not consistently integrated into enterprise risk practices. Download the report to explore where these gaps persist and how organisations are addressing them: https://bit.ly/4np9nIR #RiskManagement #CyberSecurity #GRC #SaaS #OperationalResilience

Cyber resilience gets harder when threat velocity outpaces change capacity. That was the focus of Michael Franklin (MScIT, CISM, CISA, CDPSE)'s roundtable at the Forefront Events Cyber Resilience Summit QLD 2026, where we joined cyber security, technology risk, and resilience leaders for a day of practical discussion in Brisbane. Threat actors can move faster, scale faster, and adapt faster. But many organizations still rely on slow governance cycles, fragmented controls, and manual reporting to understand whether they are ready. A big thank you to everyone who stopped by to speak with Mike, Vicki Nam and Paul Crawford about how Protecht helps cyber and risk teams connect risks, controls, incidents, obligations, assurance, and reporting in one place. Explore Protecht’s cyber risk management solution here: https://bit.ly/4u39SuB #RiskManagement #GRC #CyberResilience #RegTech #CyberSecurity

Legacy GRC systems rarely break overnight. They degrade until change feels harder than staying stuck. If your GRC environment is slowing reporting, fragmenting data, or making updates difficult, it may be time to rethink the approach. Don't forget to join our webinar on Thursday 28 May covering: • Recognising the tipping point • Deciding when to replace vs optimise • Reducing the risk of migration. Register now: https://bit.ly/4tYySmJ #GRC #RiskManagement #Compliance #DigitalTransformation

Operational resilience is no longer a documentation exercise. With the PRA’s PS7/26, UK firms are being pushed from “we have a framework” to “we can prove resilience under pressure.” That means faster incident reporting, stronger third-party visibility, and clearer evidence of who owns what when disruption hits. This is not just a template update. It requires connected data, tested workflows, clear ownership, and real-time reporting capability. Firms relying on fragmented systems and manual processes will feel the strain first. Read Gary Lynam's full article here: https://bit.ly/4dAYFM4 #OperationalResilience #RiskManagement #GRC #RegTech #FinancialServices