Onspring

Houston tech leaders: you can’t manage risk if you can’t see it clearly. When GRC lives across too many systems, visibility breaks down and decisions slow to a crawl. Onspring connects your programs in one place so your team can see more, respond faster and stay focused on what matters. Join us at the ElevateIT: Houston Technology Summit 2026 to learn more. Save your spot: hubs.la/Q04f14Jx0 #HoustonTech #GRC #Cybersecurity #RiskManagement

A third-party tool. Over-permissioned access. One employee login. That’s all it took to expose internal systems at Vercel. This incident is a sharp reminder that third-party risk isn’t just about vendors on paper. It’s about how tools are actually used across your environment, especially as AI apps expand the attack surface. Key takeaways: • OAuth permissions are becoming a primary risk vector • “Allow all” access can quickly escalate impact • Shadow use of AI tools can bypass traditional controls • Third-party risk now includes employee-level tool adoption As AI tools become more embedded in daily workflows, governance needs to extend beyond procurement into real-time visibility and control. Worth a read: hubs.ly/Q04dz3wX0 #IndustryNews #ThirdPartyRisk #CyberSecurity #AIrisk #GRC

As compliance expectations shift toward continuous compliance, many teams are adopting AI to keep pace without adding headcount. But in compliance, automation has to do more than move faster. It must protect sensitive data, maintain audit-ready traceability and hold up under regulatory scrutiny. This article breaks down what secure AI should include in compliance management, where it delivers real value such as evidence collection, audit trails, control monitoring, and early issue detection, and why governance must come first. Read the article: hubs.la/Q045LwqX0 #ContinuousCompliance #GRC #RiskManagement #ComplianceManagement #AIinGRC #Governance #OperationalResilience

Final day of ISACA Geek Week. It’s been a great couple of days connecting with the community alongside Black Kite. If you haven’t joined yet, there’s still time to be part of the conversation. We’ll see you there ➡️hubs.la/Q04cyzSv0 #ISACA #GRC #CyberSecurity #RiskManagement #InfoSec

GRC Day Phoenix is one month away. Join us May 28 for an afternoon of practical insights, real-world perspectives and honest conversations with GRC leaders working through today’s toughest challenges. This is time well spent if you’re looking to sharpen your approach to risk, compliance and third-party oversight. Free to attend, includes lunch, and you’ll receive a Certificate of Completion eligible for CPE credit. Save your spot while seats are still available. hubs.la/Q04c1zC00 #GRC #RiskManagement #Compliance #TPRM #CyberSecurity

GRC program maturity is measured by visibility, consistency and the ability to respond when something changes. When teams have continuous insight into how controls are performing, they can identify gaps earlier, strengthen accountability across the organization and maintain stronger alignment with regulatory expectations. Continuous compliance monitoring helps transform compliance from a periodic activity into an ongoing operational capability. In this article, we explore how continuous monitoring strengthens GRC maturity, improves risk visibility, and supports better decision-making across governance, risk, and compliance programs. Read the full analysis: hubs.la/Q045LkBX0 #GRC #RiskManagement #Compliance #ContinuousCompliance #Governance

ISACA Geek Week kicks off today. We’re excited to join Black Kite and the broader community for conversations around cybersecurity, risk and what’s next for GRC. If you’re attending, we’re here and ready to connect. Learn more: hubs.la/Q04cyg8d0 #ISACA #GRC #CyberSecurity #RiskManagement #InfoSec

We’re excited to welcome a new face to the team! Please join us in welcoming Nicole Stevson, our new Pre-Services Program Specialist. Nicole brings a strong track record of building customer relationships and delivering solutions that improve operations and outcomes, and we’re looking forward to the perspective and experience she’ll add to the team. Welcome aboard, Nicole. We’re glad you’re here. #TeamOnspring #NewHire #GRC #GrowingTogether

Boston, we’re bringing GRC Day your way! Join us on June 4 for an afternoon of real conversations around AI governance, emerging threats and how GRC leaders are navigating what’s next. You’ll hear from experts across cybersecurity, legal and risk, plus connect with peers facing the same challenges. Reserve your seat: hubs.la/Q04dftpq0 #BostonGRCDay #GRC #RiskManagement #Cybersecurity #AI

We’re excited to continue growing the team. Join us in welcoming Tony Golden as our new Senior Professional Services Consultant. Tony brings experience working across systems, processes, and teams to deliver solutions that drive better customer outcomes. We’re looking forward to the experience and perspective he’ll bring to the team. Glad to have you here, Tony! #TeamOnspring #NewHire #GRC #GrowingTogether

Security dashboards look better than ever, but that doesn’t mean risk is going down. This piece shared by ISACA featuring insights from Ali Nouman challenges a common assumption: improving metrics equal improving security. In an AI-driven environment, that gap is growing. While traditional metrics track activity, AI introduces dynamic, autonomous risk that those metrics weren’t built to measure. That results in a false sense of progress. A few takeaways worth considering: • AI is changing the unit of risk from infrastructure to model behavior, data lineage and machine identity • Activity-based metrics can mask growing exposure • Visibility, governance and decision traceability matter more than ever Read the full article: hubs.la/Q04dbm6W0 #Cybersecurity #RiskManagement #AI #GRC #SecurityMetrics

We’re heading to ISACA North America Conference 2026 in Las Vegas. Join us for a session from Jeff Ladner, Chief Product Officer at Onspring: AI-Powered GRC: Navigating Innovation, Risk and the Future of Governance. You can also find us at booth 513/612. If you’re looking for ways to reduce friction, connect your data and make GRC actually support your workflow, come talk to us. We’ll show you what the YES! of GRC can look like in practice. Learn more➡️ hubs.la/Q04cMf0h0 #GRC #ISACA #RiskManagement #AI #Cybersecurity

After a full day of sessions, we’re looking forward to a different kind of conversation. Onspring is sponsoring the cigar rolling experience at the closing beach party. If you’re attending, stop by, grab a hand-rolled cigar, and come say hello. And while you’re at the conference, visit us at Booth 212 to connect with the team. Learn more: hubs.la/Q04bnDqs0 #CyberSecurity #GRC #RiskManagement #Compliance #Innovate

Executive teams know compliance is getting more complex. The hesitation around a new GRC platform is not about importance. It is about business value. In this article, we outline how to address common leadership objections and connect GRC modernization to outcomes executives care about, including risk visibility, operational efficiency, and regulatory alignment. Strengthen your case and move from reactive compliance to strategic resilience. Read more: hubs.la/Q045ghqN0 #GRC #RiskManagement #Compliance #OperationalResilience #Governance #CyberRisk

Healthcare cybersecurity is at a turning point. The proposed HIPAA Security Rule updates introduce stricter, more operational requirements, including mandatory asset inventories, continuous risk analysis, and MFA. For healthcare leaders, this is more than compliance. It is about strengthening resilience, improving risk visibility, and protecting patient care in an evolving threat landscape. In this article by Onspring's Product Marketing Manager Ryan Redman, learn how to prepare your organization for what’s next. hubs.la/Q04c2jJ10 #HealthcareCybersecurity #HIPAA #RiskManagement #Compliance #CyberResilience

Onspring v36 is officially here! 🚀 With the new Set Text Outcome, you can automatically update formatted data across your apps and keep your source of truth accurate in real time without manual effort or custom work. Now you can automate your policy updates and regulatory mapping with enhanced multi-line text outcomes and AI-driven recommendations. Keep your documentation professional, your data connected and your team focused on what matters. Take a look at what’s new ➡️hubs.la/Q04bcbTP0 #LaunchDay #OnspringV36 #TechUpdate #SoftwareRelease

We’re proud to co-sponsor ISACA Geek Week alongside Black Kite. Join us April 28–29 for two days of insight, discussion and practical perspectives on today’s most pressing cybersecurity and GRC challenges. If you’re attending, we’d love to be part of the conversation. Learn more: hubs.la/Q04cyvP50 #ISACA #GRC #CyberSecurity #RiskManagement #InfoSec

We’re getting close. Omaha GRC Day is right around the corner, and if you’ve been thinking about joining, now’s the time to grab your spot. We’ll cover third-party risk, AI in GRC and what leading teams are doing differently right now, all in one afternoon. Come for the insight, stay for the conversations (and the happy hour). #GRC #RiskManagement #Compliance #ThirdPartyRisk #AIinGRC

AI in GRC is now mainstream, but not every “AI-powered” feature delivers measurable value. If you’re evaluating GRC platforms, the real test is whether AI improves outcomes you can defend: clearer risk prioritization, faster regulatory response, stronger third-party oversight, and audit-ready traceability. In this post, we break down how to separate practical AI from “vanity AI,” what to look for in explainability and evidence, and why strong AI governance matters for accountable decision-making. Read the full analysis: hubs.la/Q045fqvW0 #AIinGRC #GRC #RiskManagement #cybersecurity #ThirdPartyRisk #AIgovernance

Stop spending hours copying and pasting and fixing formatting just to keep your GRC documentation current. It’s tedious, and it’s where mistakes creep in. On April 18th, Onspring v36 is introducing a better way to move your most important data without code. Stay tuned for a smarter way to work. #OnspringV36 #GRC #Automation #NoCode