Send us a text

Thank You for Listening to the VRC Podcast!
Visit us at VanRein Compliance
You can Book a 15min Call with a Guide
Follow us on LinkedIn
Follow us on X
Follow us on Facebook

Send us a text

We explore why vendor oversight is a critical yet often overlooked aspect of compliance programs, examining how third and fourth-party vendors present the greatest risk to your company's data security. Our conversation dives into strategies for building effective vendor management systems that go beyond superficial checkbox activities.

• Third and fourth-party vendors create cascading risk levels for your business and customer data
• Vendor oversight requires continual relationship maintenance, not just initial vetting
• Security certificates like SOC 2 must be verified for currency and validity
• Companies frequently fail in vendor management during staff transitions
• Documentation is essential: maintain a supplier register with contracts, certifications, and contacts
• Track artifact expiration dates for compliance certificates, insurance, and penetration tests
• Proper offboarding procedures are crucial when ending vendor relationships
• Homework: review your top five vendors, confirm their compliance posture, and document relationships

Take these items back to your organization and dive into examining your vendor oversight program. Simple steps like documenting relationships, tracking certifications, and establishing clear escalation paths will significantly strengthen your compliance posture.

Thank You for Listening to the VRC Podcast!
Visit us at VanRein Compliance
You can Book a 15min Call with a Guide
Follow us on LinkedIn
Follow us on X
Follow us on Facebook

Send us a text

The episode emphasizes the importance of maintaining a compliance program as an ongoing effort rather than a one-time task. It covers the evolving nature of regulations, risks of neglecting compliance, implementation best practices, and the critical role of vendor management.

• Compliance is an ongoing commitment, not a one-time task
• Regular audits and updated policies are crucial for effectiveness
• Employee training must be continuous to mitigate risks
• Neglecting compliance can result in severe financial and reputational damage
• Vendor management is essential to safeguarding sensitive data
• Technology can aid compliance efforts, but human oversight remains key
• Staying vigilant ensures preparedness for evolving legal requirements

Thank You for Listening to the VRC Podcast!
Visit us at VanRein Compliance
You can Book a 15min Call with a Guide
Follow us on LinkedIn
Follow us on X
Follow us on Facebook

Send us a text

Unlock the secrets of ISO compliance with us as we sit down with David Forman, a seasoned ISO auditor and the co-founder of Mastermind Assurance. David pulls back the curtain on the unique role of ISO auditors and how their work stands apart from other assurance programs like SOC 2 and HITRUST. With his vast experience, David provides a clear breakdown of ISO standards, particularly focusing on governance requirements and control sections within management systems like ISO 27001. This episode is essential for anyone looking to understand the ISO certification process and its global impact.

Explore how data breaches, from the early 2010s to the pandemic era, have fundamentally altered consumer awareness and corporate security practices. David and our hosts delve into major incidents like the Equifax breach, discussing their profound influence on security compliance. We dive deep into the intricacies of SOC 2 and ISO 27001 certifications, highlighting the paths from SOC 2 Type 1 to Type 2 and ISO's Stage 1 to Stage 2 certifications. If you’re curious about how companies can transition between these frameworks to enhance their security credentials, this segment is a must-listen.

Navigating multiple compliance frameworks can be a challenging task, but David shares invaluable strategies for making this transition smoother, from HIPAA to ISO 27001 and beyond. The importance of a flexible governance program, stakeholder buy-in, and addressing pain points like GDPR and AI-related risks are all covered in detail. We also touch on emerging standards such as ISO 27701 for privacy management and ISO 42001 for AI management. Don't miss this treasure trove of insights and practical advice for anyone involved in the world of compliance.

Thank You for Listening to the VRC Podcast!
Visit us at VanRein Compliance
You can Book a 15min Call with a Guide
Follow us on LinkedIn
Follow us on X
Follow us on Facebook

Send us a text

Unlock the mysteries of SOC 2 compliance with Kate Williams, our expert CPA and certified SOC 2 auditor from Maxwell Locke & Ritter. Kate turns what could be a tedious topic into an accessible and engaging affair. We cover the ins and outs of the SOC 2 framework, its inception, and why tech companies big and small need to sit up and take notice. Kate's unique blend of humor and deep industry knowledge illuminates the audit process and the strategic value of SOC 2 reports, leaving no stone unturned in this critical discussion.

The tech landscape is evolving, and with it, the pressures faced by startups to achieve SOC 2 compliance. In a candid conversation with Kate, we dissect the nuances between SOC 1 and SOC 2 audits, and the difference between Type 1 and Type 2 reports. The insights offered go beyond mere compliance; they're about seizing opportunities and navigating the challenges of resource allocation for early-stage companies. This chapter reveals the true value of compliance investments and when it might be wise to challenge the status quo.

We wrap up with a deep dive into the darker side of tech – data breaches, their repercussions, and the subtleties of off-boarding processes. By sharing stories of security slip-ups and the importance of structured documentation, Kate emphasizes the need for robust cybersecurity measures. She also clarifies the distinctions between SOC 2 and ISO certifications, ensuring our listeners are armed with the knowledge to protect their companies from becoming another cautionary tale. Tune in for a conversational, yet enlightening session that's anything but a dry lecture on compliance.

Thank You for Listening to the VRC Podcast!
Visit us at VanRein Compliance
You can Book a 15min Call with a Guide
Follow us on LinkedIn
Follow us on X
Follow us on Facebook

Send us a text

Jen and James Schultz of Answer Midwest join us to share the rhythms of their 30-year marriage, both at home and at the helm of their family-business. Imagine intertwining the threads of romance and entrepreneurship, crafting a tapestry of mutual respect, defined roles, and shared visions. Our guests recount their transition from college sweethearts to business co-pilots, offering listeners a real-life roadmap to blending love with livelihood.

We crack open the playbook on maintaining individuality while sharing a common goal, discussing how to preserve personal space amidst a shared professional landscape. Jen and James, along with my own experiences with my spouse Rob, provide insights into setting boundaries and respecting the professional-personal divide. We delve into the nuanced choreography of couple-run businesses, the importance of independence, and the delicate art of not letting shop talk overtake pillow talk.

Rounding out our conversation, we celebrate the legacy of Answer Midwest, where family, support, and wisdom intertwine to foster growth and innovation. We applaud the Schultz's for mastering the 'Space and Grace' mantra within their enterprise, and we encourage you, our dear listeners, to draw inspiration from their journey. Join us for a heartening look at the power of partnership in business and life, and perhaps find the spark to ignite your own story of success and togetherness.

Thank You for Listening to the VRC Podcast!
Visit us at VanRein Compliance
You can Book a 15min Call with a Guide
Follow us on LinkedIn
Follow us on X
Follow us on Facebook

Send us a text

Ever wondered how the pumpkin spice latte you love so much could possibly lead to a profound conversation about data privacy? Your hosts Rob and Don, are here to make that transition smooth! In this episode, we'll be sharing tales from our lives, dabbling in band competitions, football games, and even our views on the overpowering pumpkin spice craze. But the real kicker comes when we shift gears to unbox the intricate world of privacy policies, cookie policies, and Data Processing Agreements (DPAs).

Does the legal jargon in these policies make your head spin? Fear not! We simplify these essential terms, highlighting the crucial aspects every organization needs to consider - data usage, possible sales, and even advertising methods. We walk you through the maze of global and state privacy laws, helping you craft a policy that perfectly fits your needs. Learn why ignoring cookie banners could land you in hot waters legally, and why accepting all cookies should never be an option. Let’s unravel the complexities of data privacy together and make sure our personal information stays safe. Join us for this peculiar blend of fun and function - it's a ride you won't want to miss!

Thank You for Listening to the VRC Podcast!
Visit us at VanRein Compliance
You can Book a 15min Call with a Guide
Follow us on LinkedIn
Follow us on X
Follow us on Facebook

Send us a text

Ever thought about how to build an unshakeable trust with your vendors? Ready to harness AI without fearing the risk of breaching data security compliance laws? That's exactly what we'll be uncovering in this latest episode. We kick things off with a nostalgic trip down memory lane, reminiscing about the delightful Texan tradition of crafting homecoming mums. We also share our experiences from the HITRUST Collaborate Conference in Dallas and discuss the importance of community support in events like the big band competition.

Nothing says trust like a reputable certification. In this chat, we unravel the intriguing aspects of High Trust certification, guiding you through the journey towards achieving it. Get familiar with the E1 audit, a cornerstone in building the fundamentals of HITRUST, and its application across businesses of different sizes. From control mapping to vendor risk management, our discussions navigate you through crucial conversations that could help mitigate risks vendors may pose to your business.

AI is changing the world - but at what cost? We tackle the often murky waters of AI usage, discussing the evolving landscape of certifications like SOC2, ISO, GDPR, and HIPAA. As we examine the High Trust AI Assurance Program and SOC2 auditors, we explore how your organization can use AI responsibly and securely. From assessing the cost of ransomware attacks to considering the potential benefits of becoming self-insured, we leave no stone unturned. Before we sign off, we reflect on the importance of having AI policies and discuss potential consequences of not having one. So, tune in, engage, and don't forget to connect with us on LinkedIn!

Thank You for Listening to the VRC Podcast!
Visit us at VanRein Compliance
You can Book a 15min Call with a Guide
Follow us on LinkedIn
Follow us on X
Follow us on Facebook