VanRein Compliance Podcast
Learn how you can secure the future of your business with a clear plan to reduce your risk. We discuss all compliance and data security matters of SOC2, ISO27001, HIPAA, GDPR, CPRA, NYShield, Texas HB300, ISO27001, HiTRUST and include life stories as well. It's NOT just a boring BizCast. We also talk about our Family Business and how you can start your own Family Business that will reshape your future.
VanRein Compliance Podcast
Compliance in Your Pocket: The Revolutionary VRC1 Platform
We unveil our groundbreaking VRC1 platform designed to revolutionize how businesses approach compliance. This single, centralized solution brings together all aspects of compliance management, from evidence collection and documentation to real-time communication with auditors.
• VRC1 creates one central place for all compliance activities, eliminating the need for multiple platforms and endless email chains
• Real-time chat functionality enables immediate communication with the Van Ryn team, reducing delays in compliance processes
• The mobile app puts compliance management in your pocket, allowing you to upload evidence and respond to queries from anywhere
• Customizable workflows guide you through specific compliance frameworks including HIPAA, SOC 2, ISO, and HITRUST
• Built-in meeting scheduling and video conferencing eliminates the need to switch between multiple applications
• Remediation workflows transform assessment findings into actionable tasks with clear deadlines based on criticality
• The platform automatically creates comprehensive audit trails, ensuring transparency and accountability
• All communications are centralized and searchable, making evidence collection and incident investigation more efficient
• VRC1 scales seamlessly as your compliance needs evolve, supporting multiple frameworks without starting from scratch
Look for your email invitation to onboard to VRC1 this week. We're excited to hear your feedback as we continue to enhance the platform and make compliance management simpler and more efficient.
Thank You for Listening to the VRC Podcast!
Visit us at VanRein Compliance
You can Book a 15min Call with a Guide
Follow us on LinkedIn
Follow us on X
Follow us on Facebook
Hello and welcome to VanRein Compliance Podcast. I'm your host, Rob.
Dawn:And I'm Dawn.
Rob:And today Dawn. Actually, this week we have some very, very exciting news, don't we?
Dawn:Yes, we do. Confetti cannons, drum roll Boom.
Rob:Yes, we are launching the Van Rein VRC1 Compliance Journey.
Dawn:Yes, there it is there. It is there, it is. It's here, it's here. You all have been seeing teasers about it and it is here and it's about time. Yes.
Rob:What is it Today? In today's podcast, we're actually going to unpack what VRC1 is and the value that it's going to bring to you as our clients.
Dawn:So what is?
Rob:VRC1, Dawn.
Dawn:VRC1 is a single, centralized solution for your compliance period. One place for your compliance evidence, one place for all your documents, one place to manage the tasks and the evidence associated with your compliance program, one place to find your training for really everything and, most importantly, a place to chat with anyone on the Van Rein team within VRC1, a place to find everything right there, right in front of you. You don't have to go out to multiple places and we are so excited to bring everything together under VRC1 to be the one place that you go, literally the one place to go.
Rob:That's why we named it VRC1. Yes, yes.
Dawn:And this helps you, as the compliance officer, the business owner, to focus on your company. Focus on making sure you're compliant and maintain your compliance. Focus on your company, focus on making sure you're compliant and maintain your compliance, focus on your employees, your clients, your business, and not all the back and forth and not the multiple meetings and this type of thing.
Dawn:So this, literally, is going to be all about time and all about staying compliant time, and and all about staying compliant, so we are so excited to share this with you, to have this, uh, this, this, this create this journey for you.
Rob:Yep, you're very excited because it's changing how compliance is done in the industry. We are setting one of our our here at the Van Rein Credo is is creating an, a product and a solution that's valuable for our clients. That nobody has ever done.
Rob:Something brand new. We are blazing the course. So, like Dawn had mentioned, our new VRC1 platform and app, which you get in the Apple App Store or Google Play Store, allows real-time communications to us here at Van Rein and our auditors. We don't have to wait for an email, we don't have to wait for a meeting. We don't have to wait for a meeting. We don't have to wait to schedule something. It is a quick boom, boom and done boom and done.
Rob:There you go and being able to have real-time compliance conversations, because we find everybody has not enough time right. Everybody is very busy with everything. So having something very streamlined to create, an experience that makes compliance simpler and really, really a joy to work with, because every business owner, compliance manager, team leader says it's either not in the budget, we don't have the tools, we don't have the time, and we've taken that burden off of you and built this, so we're very, very excited.
Rob:So, let's just let's kind of unpack a little bit of like why does this exist? Right, I always like the why. Our kid always rolls his eyes when I say Dad, you always talk about the why. He's like yeah, you start with the why. And Dawn, as you know, our lead auditor and ISO and even SOC what have you seen with our clients and why does this exist?
Dawn:The big thing is is we all have too many emails and too many meetings, and it's not that we don't want to meet with anyone and don't want to receive your emails or send out emails. It's just that we want to make this easier. So VRC1 exists to create one place and to chat with us. You can book meetings right in there. You click on book a meeting super easy. But you also don't have to wait for us. What does this mean? I have to upload my password, complexity, a screenshot of that. It means just that. But you could chat in real quick. Our team members will get back with you.
Dawn:This is an example. This is what you need. Great, I'm already in my Azure or my, you know, gcp or something. Okay, great, I found it. Good. Here you go and you can upload evidence, which is documents, policies, procedures, screenshots, images, whatever they are to each task, to each control, and it just is going to be very, very easy and seamless. No trying to figure out what folder to put it in, it's all right there, attached to the request. And if you have a team on your compliance team it's not just you then you can delegate, everyone can go in there. And oh, can you grab this task, grab that task, that type of thing. So it's really seamless and it really alleviates the back and forth emails, the back and forth meeting. Oh, we'll wait till next month till we meet, wait till next week till we meet. You don't have to wait, we can continue and go and not be a speed bump, if you will, in the process.
Rob:So very exciting, very exciting, exactly. And the things that I've noticed, too, is a lot of people have waited either to a quarterly check-in or weekly or monthly meeting, and sometimes they need answers now. And what we want is, you know, we want to be very proactive in compliance, not reactive.
Rob:Be proactive if there is a security incident. Be proactive when there's a business associate agreement to review. Be proactive when there's a security questionnaire that we've got to dive into. Be proactive when you want to make a change to your business right. What if you want to go for a SOC 2 or an ISO or a HITRUST? What do those look like? And we can map those all out in real time and not just waiting. You know, waiting for a meeting or waiting for an email, because our team is there to watch. Be the chat bot, if you will. With the chat environment that we've built, being able to have real-time conversations at any time is really huge.
Rob:It's a model that we built, yeah.
Dawn:And we can finally say there's an app for that. So we have an app that's coming out. It should be out.
Rob:It's out this week.
Dawn:It'll be out later this week and it'll be on Google Play and on Apple and when you log in you will see your client dashboard, your workflows with Van Rein Compliance and you can chat in with us and it is great and it's because we all are very mobile nowadays. We're all remote, we're on a plane, we're, we're doing something here or there, we're at the store and you can keep up to date with with things going on. So, um, we wanted it to be very user-friendly, um, very customer focused.
Rob:Yep, very, very simplified. Basically, it's in your pocket, um, and. And the mobile app is exciting. It's exciting that it mimics exactly like it should, right, like the website, and it has the same look and feel that you're used to in Android or iOS apps and it allows that real-time communication at all times. So we're really excited about that. It is all. Obviously it's fully secure because you know we are a compliance company, we need to know things are secure. So the back end, obviously everything is HIPAA compliant. We have a SOC 2 Type 2 on the backside, and so we're really excited to show the integrity of our environment and ensure that your data is secure, because that's what we've poured into that and put things together. So, yeah, when there is a question to the auditor, you're anywhere, you're being mobile, you're able to chat right through the app, right in the palm of your hand, or through the web browser, which either way works for you.
Rob:Yep, and one thing we've heard is a lot of folks, I hate to say we're always our heads buried in our phones, but it definitely seems like our phone is with us and maybe your iPads or tablets or MacBooks or PCs aren't as much, or Chromebooks, right, so being able to have. That's why we wanted to create an environment and create a journey so that is in the palm of your hand, so that it is simplified, that it is able to connect at any time and answer those questions and be able to take those screenshots as needed and get you through an audit and then maintain that, because compliance is not just a one and done. You have got to maintain it, just like you do right, like you do your car, just like you do your body not working out right. We all gain too much weight. You've got to maintain. Everything needs maintenance.
Dawn:Yep, yep. So let's talk about what you're going to see first.
Rob:Yeah.
Dawn:You probably already received it an email from us explaining this is coming and an invite to onboard to VRC1. Very simple there's an acknowledgement and then there is updating your client information so Kind of like when you go to a doctor's office, you're updating, making sure your name and address and company name and all that is right. So we are doing that. That's part of the process. It gets you put into VRC1. And then what you'll receive after that in a couple weeks we have everyone kind of sectioned out into depending on where you're at in your assessment. You know whether it be HIPAA or SOC 2, what journey you're in with your compliance, what milestone, I should say and then you'll be receiving your actual project workflow.
Dawn:So but to start out, simply, it's onboarding and you can go kind of click around, see what's out there. We've got our quick links for our training on our, on your dashboard. You'll see that You'll see lots of different things and you'll be able'll see that You'll see lots of different things and you'll be able to upload files. You'll see us putting your files in there. So you see some stuff going back and forth. You see some messaging and you can message us and ask us questions or if there is an issue, and so that's what you're gonna see right away is you're gonna onboard onto the VRC platform?
Rob:Yep, yep, and we really we call them flows. So now they're workflows. So we break out the workflows into streams, right? So you kind of you don't eat the elephant all at once, you eat it in small bites. So we have your like, your annual risk assessment, your risk audit workflow and then maybe a policy approval workflow where we'll we'll create a policy but then you as a customer have to approve it and then you as a customer have to implement that policy.
Rob:Evidence collection is a big one going out, getting the screenshots, because everything is evidence-based and auditing that's just how we do it. So you've got to have the evidence. You upload the evidence for the auditors. The big one I really like is the vendor due diligence. You know we're able to send out flows to even your vendors and you can do that and say, hey, I need you to complete this workflow kind of like a security questionnaire, same idea and provide the evidence, provide the information that we need to vet you to ensure that you're handling our data appropriately and that you have everything securely dialed in and put together.
Dawn:We've also built in forms, so specific forms yeah.
Dawn:So things like well, I see that I need a disaster recovery business continuity plan, but I don't really know what questions you need from me. We have a form for that, so it's all built in the workflow and you'll get that in your tasks and you'll fill it out just like a normal type of pop-up form. You'll fill it out and then from there we take that information and we create a framework for you. Um, there's also we also are doing, um, like an instant response, uh, or incident, sorry, incident incident reporting, excuse me, not response incident reporting to document Some customers are like how do I document and report?
Dawn:We had this happen. You know we had a complaint or some something happened. It wasn't a breach or anything, so we'll have we'll have forms to do that as well, and so we really just want to keep everything inside there to help you. Also, the vendor, vendor risk assessment, things like that will be in there. So look for more to come on that as we, as this evolves, but we really want this to be the one place you need to go and and that's why we created this- yeah, and the the audit prep is really big.
Rob:So we we work. How we've done it before is a lot of emails or a lot of meetings, a lot of those communication pieces. Now you'll have your own workspace, your own workflow, I should say, and that flow has the list of everything you need to do to prepare for your audit. You have your checklist, you have everything there and if there's questions on the checklist, you use the comment chat feature and then you talk to to our team and we go ahead and we help you with that.
Dawn:Yep.
Rob:Yep, and it's all customizable. That's what's really cool about it is we've done, we put all the hard work on the backend. So then the front end. It makes it easier for our team and for you as a client to uh to be really seamless in how you handle your uh, your auditing and your audits.
Dawn:And you don't have to wait. You don't have to wait for us, you don't have to wait. Oh well, I need it. You have to wait for the next meeting or the next call or whatever it is. You can just go through it. You can go through and say oh, you know what, I'm just going to do some stuff. It's after five or after four, whatever. Whatever your time, your timeframe is, it's before eight. You know, I can do a couple of these things. That's great. Just log in and there you go, you can start working on it. Um, and, and, and you know, and, like I said, you can chat with us anytime.
Rob:Yep, yep, why don't you, why don't we unpack that a bit more of the communications built in? So one thing we were very, Don and I, when we were in the team we were really focused on is how do we have real time conversation, cut down on the noise in Slack, cut down on the noise in email, centralize it, but also make it auditable, because we've all done this right. We've all had to dig through emails and phone calls and documents and audit logs and try to put together a story or find evidence, or maybe there's an incident we're trying to track down. Well, we want one place so that you have a full, seamless communication platform built in and it's all auditable, so every action is tracked, everything is audited, so we know exactly what's going on A real-time chat and task commenting right there in the system. So that way, when you have a question about a privacy policy or disaster recovery policy, we work through that together in the chat.
Rob:I think we all know how to do the chats on the text, right, but it's all there and, of course, there's even a button for meetings. So now the platform that we've built also includes live meetings, internally and externally. So it's internally in the application, in the platform, so if you are chatting and we're still not getting it, we can quickly hop onto a quick meeting within your workflow.
Dawn:Let's tell them how to do that. Let's tell them how to do that real quick, and you're going to be getting some great're going to be getting some great video videos from our great marketing guru, junie. He's going to be sending out a video on how to do this. So when you're in chat next, the next tab over is meeting. If you click on it, you can click on meet now or schedule a meeting, and it's just that simple. So it's right there inside of there. You don't have to go out to Google or go out to Outlook or anything like that. It's all right here. So, um, and, and it'll. It'll show up on your calendar. It's all connected, shows up on our calendar, um, and it's. It's just really, really, really seamless.
Rob:Yep, yep. Yeah, it's taken a lot of work to put all that together, but at least we've done everything and we've tackled it and items like that.
Rob:And even you know, I don't know. Sometimes you and I do this. You know, as business owners, we'll have ideas that brainstorm sessions at nine o'clock at night or before bed which you shouldn't do you should be quieting your brain right before you slumber work through in our tests. We just work through our, our platform, our VRC one, and just look at what's going on and and resolve some issues, or have that, some of that communication, and get that going. Yep, definitely the, the control and visibility is important too, you know, is making sure we have a very good, good visibility into who has what and by when. Um, those are the key, because if we don't have a true plan and we don't have knowledge of who's doing what, then audits fail We've seen that or they stall that's the worst. So-and-so is doing. You know the compliance officer was here and they have left, or they're on vacation for three weeks or whatever. That's nothing more. It's just very frustrating when things stall. Just tell us where to go and then having that, that communication.
Dawn:Absolutely, yep, definitely.
Rob:I you know, really high visibility within the team, I think is really important. So our clients is a client. There's a lot of transparency. So we've built on the, on the platform, the transparency where you can see where our team is. You see there's names, it's all timestamped, it's like a chat, it's like a Slack, it's like a Teams, it's all of that, and then we can see where you are and if we're waiting on you, we see that and we can notify you. If you're waiting on us, you see that and you can notify us. And it's a real-time communication that's built for speed and really built for you to make sure it's seamless and nice, tight, easy. Yep, definitely.
Dawn:Absolutely. That's what we're here to do. We're here to create a great customer experience, something that is easy, saves you time, and it's just a not friction. It's frictionless, and that's what we're here. But, like I said, if there's anything that you see kind of weird or something you have a question about, that's why you can chat right in.
Rob:Yep, yep, definitely. Those are the key pieces and kind of what you know. I think one thing that we're excited about is the scalability of it. So what we've noticed is when we have a client that maybe starts out with HIPAA compliance or a NIST even a NIST AI framework that performs the audit, they upload their evidence, they work through that, we get them compliant and then we maintain that over the next 12 months or so, and then all of a sudden they have a contract or they have a desire that says, hey, we want to be SOC 2 or we want to be ISO.
Rob:The platform can easily scale. For that, you know, I think a lot of other platforms that I've seen, especially in the GRC world, is they'll try to map controls and do this and do that, but no, it doesn't really map well for, like ISO, because it's very rigid and very particular. Soc has a little bit more flexibility and HITRUST is its own thing. So we're like what can we be kind of agnostic? Right, we can just create our own flows to any framework we want, put it all together and have everything very unique and tailored for SOC, hipaa, iso or HITRUST. Those are the key pieces.
Dawn:Yep, absolutely, it's very exciting.
Rob:Yeah, very exciting, so look for your invite.
Dawn:Look for your invite. Yep, we're rolling it out this week.
Rob:Yes, we're recording early in the week. This drops on Wednesdays and we're excited for it to be rolled out this week to you, our great clients, and get your feedback. Some of the feedback. We've already been doing some beta testing over the last few weeks and a lot of the feedback we've had is just just the simplicity and the polish. We're very particular on on the polish and the environment and how it looks. Does it look clean, does it look tight, does it look tidy? And we've really worked hard on all of that, putting that together. So yeah, so what's next, dawn?
Dawn:What's next? Look for an invite in your email to onboard onto VRC1 and then, uh, yeah, let us know what you think, chat in, send, send us a chat, let our team know what you think, any questions you have, and then, uh, the next step is going to be rolling it out to uh for your assessment. You may already have done an assessment, you may be in the middle of it, so we're going to transition. A few people. A few people are going to start off with not not the whole, the whole assessment. They maybe they've already completed it.
Dawn:The great thing about it is we're going to have a remediation workflow. So customers always say what do I need to do, what? Where are my tasks? I do I have to always just look at the report. Yeah, you can look at the report, but those report items are going to be now in a remediation workflow, so you're going to know what you need to do. They're also going to have dates on them we like to have, depending on the criticality of the remediation item. Could be 15 days, could be 60 days.
Dawn:It just kind of depends on what, what item that that needs to be remediated, what the criticality is. So that's that's a new thing, too, is that you'll you'll know exactly what you need to do. You'll have the report, but you'll have, you'll have tasks based on that and you'll know what to do and how to answer them. And if there needs to be anything uploaded, you'll have the opportunity to do that as well. So, and then there'll be maintenance. Then, after remediation is done, you'll go into maintenance mode and maybe that's when you know we decide on let's meet quarterly, maybe we still want to meet monthly, depending on the size of your organization, the amount of, you know, items that need to be taken care of during the year, and and we just, we just build it how you, how you want, we, we tailor it to to your needs and and this way this is very, very customizable and that's what we like it, because it's not just one company is does it.
Dawn:It's the same for everyone. Sure, it may be the same 64 controls for HIPAA but how you? You know you may all be remote, there may not be physical address there, so you're a little bit different, you know, it just depends. It depends on the type of business. As everyone knows, we work with dentists, eye doctors, that type of thing, but we also work with business associates uh, lawyers, um answer services, um. Application companies, uh, you know. Software companies, um. Startup companies, technology companies, um, you know, you name it. We, you know all different kinds of companies we work with, so, um, so that's why this is great, because we can customize this compliance journey for you, for you and your business.
Rob:Yep. And if you're not a customer just this is a very good point, don Um, if you're already as a current customer, it's all, you're automatically enrolled, right? There's no charges, there's no addition, there's no setup fees, there's no, nothing, um, you're automatically enrolled. If you're not if you're listening and you're not a client of Van Rein compliance, maybe it's time to ask yourself this. You know what's your time worth. You're responsible for compliance. You have a legal obligation. Uh, if you're within the healthcare space, for HIPAA compliance, also for first, data and privacy laws that are changing, ever changing, I should say, for each of your States, uh, our States as well. So the states are enforcing data privacy laws annually or they get refreshed. And as a business owner, a compliance officer, a manager, anybody in that space, what's your time worth to manage the complexities of compliance? Well, we've given this time back to you and we've really simplified how you manage your compliance journey through VRC1. We're very excited.
Dawn:Yep, this is very exciting. Yep, we're excited to be able to roll this out and it's going to evolve and we're going to add things to it, but it has so much already that's available to you and we're just excited to hear, hear about what you think and just chat with you within, you know, during your compliance journey, the VRC one.
Rob:Yes, well, wonderful, don, and thank you everybody for joining and if you know anybody else that could, could use this. You know, save time and and can listen to this podcast. Just like and subscribe and share, sharing your platform, sharing your media, share everywhere, cause we get big and better because you are better. Uh, when you grow with, van Ryan grows and we're excited to be able to serve the community and really take care of of everybody. So until next time, thank you for joining. I'm Rob, I'm Dawn, all right, we'll talk to you next time. Bye-bye, bye-bye.