Send us Fan Mail

We launch new penetration testing and vulnerability scanning services and explain why passing audits still leaves hidden security risk. We lay out a practical testing cadence, how it maps to HIPAA, SOC 2, and ISO, and how proactive validation builds trust with clients before an attacker forces the lesson.
• compliance versus security, why policies do not stop attacks
• why 2026 attackers scan and exploit automatically
• vulnerability scanning as continuous monitoring with risk scoring and remediation tracking
• penetration testing as manual plus automated ethical hacking
• recommended cadence, monthly scans and annual pen tests
• when to retest, major changes and post-remediation validation
• mapping testing evidence to HIPAA risk analysis, SOC 2 controls, ISO 27001 requirements
• third-party reports for security questionnaires and deal credibility
• one-stop delivery to cut coordination time and reduce scrambling
If you go ahead and email us at hello at vanriancompliance.com, and you mention that, hey, Robin Don said I need a free t-shirt, we're gonna send you a free t-shirt. If you like and subscribe, and the more you do that, the better, the better the Van Ryan Compliance podcast can grow and reach more people

Thank You for Listening to the VRC Podcast!
Visit us at VanRein Compliance
You can Book a 15min Call with a Guide
Follow us on LinkedIn
Follow us on X
Follow us on Facebook

Send us Fan Mail

Most people say they want a legacy. Then they run their business like it only needs to survive the next quarter. Rob and Dawn come back from the NAEO conference in San Antonio with a clear question for every owner: are you building something that lasts, or something that just pays?

We talk about what it looks like when a company actually makes it to 50 years, using Mtelco’s anniversary as a real-world case study. That opens up the bigger conversation around family business, multi-generational ownership, employee retention, and why “relationships over transactions” is not a slogan, it’s a strategy. We also get honest about the grind of small business life: work and life aren’t balanced, they’re woven together, and the only way it works is prioritisation, delegation, and building a team that believes in what you do.

Then we bring it back to the risks that can end a legacy fast. Cybersecurity and compliance are no longer optional if you want to stay audit ready and keep customer trust. We break down why incident response plans, disaster recovery planning, vulnerability scanning, and penetration testing matter, plus how AI governance needs guardrails so new tools don’t create new exposure. We close with the often-avoided topic of succession planning: if something happens to you, who runs the business, who calls the attorney, and how does payroll continue?

If you got value from this, subscribe, share the show, and leave a review. Are you building for decades or chasing the next deal?

Thank You for Listening to the VRC Podcast!
Visit us at VanRein Compliance
You can Book a 15min Call with a Guide
Follow us on LinkedIn
Follow us on X
Follow us on Facebook

Send us Fan Mail

We break down the largest HIPAA Security Rule update in 15 years and explain what it demands from healthcare, SaaS, and telehealth teams. Clear requirements replace ambiguity with MFA everywhere, stronger encryption, real testing, faster recovery, and rapid partner notices.

• why HIPAA must modernize for cloud, AI and telehealth
• how ransomware pressure shapes stricter controls
• asset and data inventory as the foundation
• MFA as a universal, required control
• encryption across endpoints, transit and rest
• security testing with scans, pen tests and AV
• network segmentation to stop lateral movement
• incident response tested annually with 72‑hour restore
• 24‑hour notification to partners
• evidence‑based audits and stricter access management
• vendor due diligence and AI governance
• timeline to effective and compliance dates
• three actions to start now: risk analysis, MFA rollout, vendor inventory

Need help with a risk analysis? We can get a report together so you can see your risk and plan forward

Thank You for Listening to the VRC Podcast!
Visit us at VanRein Compliance
You can Book a 15min Call with a Guide
Follow us on LinkedIn
Follow us on X
Follow us on Facebook

Send us Fan Mail

We sit down with ISO auditor David Foreman to demystify ISO 27001, compare it with SOC 2, and unpack what auditors actually look for. We cover real breaches, the limits of compliance tools, the rise of 27701 and 42001, and how to win leadership buy-in.

• what an ISO certification body does and how audits work
• ISO 27001 governance plus controls vs SOC 2 opinions
• readiness and internal audit roles vs external certification
• why breaches accelerate third-party assurance demands
• scoping strategy and avoiding retrofit pitfalls
• platforms as helpers not replacements for ownership
• getting executive buy-in with clear pain and outcomes
• 27701’s privacy system and 42001’s AI management
• sectors driving demand: cloud, finance, healthcare, education, law
• partnership approach to deliver readiness and certification

Follow Mastermind on LinkedIn and email hello@mastermindassurance.com

Thank You for Listening to the VRC Podcast!
Visit us at VanRein Compliance
You can Book a 15min Call with a Guide
Follow us on LinkedIn
Follow us on X
Follow us on Facebook

Send a text

Thank You for Listening to the VRC Podcast!
Visit us at VanRein Compliance
You can Book a 15min Call with a Guide
Follow us on LinkedIn
Follow us on X
Follow us on Facebook

Send a text

We sit down with auditor and risk leader Bennie Cleveland to unpack how to make AI defensible in the real world. We cover governance, healthcare and privacy frameworks, modern attack patterns, and the playbooks that separate confident teams from lucky ones.

• defining AI ownership, approvals, data scope, monitoring and explainability
• building an AI inventory and supplier risk register
• mapping to NIST CSF, HIPAA, GDPR, SEC expectations
• deepfakes and social engineering expanding the attack surface
• darknet monitoring and proactive exposure checks
• running tabletops for ransomware, data loss and web compromise
• human in the loop and prompt discipline for high-impact decisions
• common audit gaps in IR, BCDR and communications
• vendor AI due diligence and data transfer controls
• buying fewer tools with clearer purpose and guardrails

Thank You for Listening to the VRC Podcast!
Visit us at VanRein Compliance
You can Book a 15min Call with a Guide
Follow us on LinkedIn
Follow us on X
Follow us on Facebook

Send a text

Thank You for Listening to the VRC Podcast!
Visit us at VanRein Compliance
You can Book a 15min Call with a Guide
Follow us on LinkedIn
Follow us on X
Follow us on Facebook

Send us Fan Mail

We roll out two new services—tabletop exercises and AI and automation governance—and dig deep into why tabletop drills prove readiness, resilience, and audit defensibility. From foundational policy walk‑throughs to enterprise war rooms, we map maturity levels and show how to turn SOPs into real action.

• what auditors expect from tabletop evidence
• foundational awareness, roles and policy validation
• ops drills that test detect, contain and recover
• executive crisis decision‑making and communications
• DR and BCP validation across cloud and on‑prem
• RTO and RPO targets, failover and manual workarounds
• audit defensibility, documentation and remediation plans
• cross‑functional alignment across HR, legal, IT and dev
• threat‑informed scenarios, red and blue team perspectives
• after‑action reports with owners and timelines
• annual cycles that raise difficulty and close gaps

“if you got an email from me, there’s also a coupon. so we offer 15% off a tabletop. respond to my email or just reach out to us and we’ll schedule a time”
“for the folks that aren’t clients, there’ll be more details down in the notes… or hello at vanright compliance.com”
“like or subscribe, it gets us into more people’s feeds”

Thank You for Listening to the VRC Podcast!
Visit us at VanRein Compliance
You can Book a 15min Call with a Guide
Follow us on LinkedIn
Follow us on X
Follow us on Facebook