Why We Built VRC1 OS: The Operating System for Compliance Artwork

VanRein Compliance Podcast

Learn how you can secure the future of your business with a clear plan to reduce your risk. We discuss all compliance and data security matters of SOC2, ISO27001, HIPAA, GDPR, CPRA, NYShield, Texas HB300, ISO27001, HiTRUST and include life stories as well. It's NOT just a boring BizCast. We also talk about our Family Business and how you can start your own Family Business that will reshape your future.

All Episodes

VanRein Compliance Podcast

Why We Built VRC1 OS: The Operating System for Compliance

June 17, 2026 • Rob & Dawn Van Buskirk

0:00 | 15:18

Send us Fan Mail

We’re launching VRC1 OS, our compliance operating system built to bring structure, clarity, and real visibility to programs that have become scattered across tools, email, and spreadsheets. We explain why compliance has to run like a business function, how AI can reduce friction without replacing judgment, and what growing teams should expect when they stop chasing audits and start operating compliance.

• why compliance feels fragmented across policies, training, evidence, risk, and audit communication
• why trust centers and “green lights” do not equal real security proof
• what VRC1 OS centralizes: tasks, evidence, policies, training visibility, risk readiness, audit prep, client communication, and framework alignment
• why compliance is ongoing and touches HR, IT, legal, leadership, operations, vendors, and client trust
• how a rhythm reduces fire drills and keeps accountability clear
• why humans still provide judgment while automation removes friction
• how AI governance, vendor oversight, and cyber insurance pressure raise the bar
• who VRC1 OS is for across HIPAA, SOC 2, ISO, HITRUST, and security readiness

If your company is ready or you want to dive a little bit deeper, stop chasing compliance and start operating it. We’d love to show you what we’re building and continue to invite you into the Van Ride family.

Thank You for Listening to the VRC Podcast!
Visit us at VanRein Compliance
You can Book a 15min Call with a Guide
Follow us on LinkedIn
Follow us on X
Follow us on Facebook

Welcome And The Mission

Rob 0:00

Welcome back to the Van Ryan Compliance Podcast. I'm Rob Van Buskirk, co-founder and CEO of Van Ryan Compliance.

Dawn 0:05

And I'm Don Van Buskirk, co-founder and CEO.

Rob 0:08

And the wife.

Dawn 0:08

Oh, COO. Sorry.

Rob 0:12

Well, kids, some days you're COO and most days you're CEO.

SPEAKER_00 0:17

That's a great way to start. Welcome to the Van Ryan Compliance Podcast with Rob and Don. We help growing teams reduce risks, build trust, and stay audit ready without the overwhelm.

Launching VRC1 OS

Rob 0:28

This week we are talking about something very new and something we have been very excited about to get going. We have been working on a new way to do compliance. It's not just a platform, it's not just client portals, not another check the box, not another compliance dashboard. We're this week, we're have launching the VRC1 OS, the operating system for compliance.

Dawn 0:51

Yes, we

The Fragmentation Problem

Dawn 0:52

are. And the reason this matters is simple. Compliance has become too fragmented. Companies are dealing with policies in one place, training somewhere else, evidence requests, another tool, risk assessments in a spreadsheet.

Rob 1:03

Oh yeah.

Dawn 1:04

Audit communication and an email, and leadership still saying, and the team members still saying, you know, are we okay?

Rob 1:11

And did you build the bot? Is the bot built? Is it going? Is it in compliance? It's fine, right? Well, that's the problem. And most companies don't need more noise. Definitely not here. That's something we focus on. It's a signal, not the noise. They need a system. They need structure. They need a clear place where compliance work actually gets done. So that's why we built and launched VRC1 OS.

Dawn 1:33

Absolutely.

Rob 1:34

So here's kind of some of our here's the problem, Don, that we've been talking about. We've struggled with our team, right? And we've struggled with our clients, is compliance has become too complicated. It's become too too many platforms, too many subscriptions, too many check the boxes, too many trust centers, which to me and to us at Van Ryan, the trust center with all the glowy green balls tells me nothing. What I want to see as an auditor and as an owner is I want to see your security. You could you just put a landing page, show me your certificates, show me your SOC 3 report, show me your ISO certification, show me, show me your HEPA attestation from a third-party auditor that's actually done anything. And that's that's what we're really looking at. There's a lot more audit expectations, there's more cyber insurance questions and more pressure from clients, understanding where the data is, especially in today's environment with AI.

Dawn 2:24

And then let's talk about this from the operational side, which is what I love. I love puzzles, I love figuring things out, I love processes. You know, I'm coming from the CEO, COO seat. Depends on the day, right? Today. Um so basically, clients, they they want organization. Now, internally, I'll be honest with you, I like things pretty. We like shiny things, but really the client, sure, they want it to look nice, but they really just want functionality. They need to know what they need to do, when they need to do it by, and who has to do it, and where they can pull their their evidence and reports from. That's it. It's pretty simple, actually, what they what they want. So the the fun, frilly stuff that we add to it just is probably just for ourselves. But that's really what people want. So, you know, it has to, it has to be somewhere. The compliance has to be somewhere, not just they have to, we have to have our clients understand to kind of get it out of their head, get it out of their spreadsheet, whatever, and put it somewhere. And that's where VRC One OS comes in.

Rob 3:26

It has to live in a system. That's where VRC 1OS really is able to gather all that information and um really clean it up and make it very precise and clean, very, very signal-oriented and then no noise. And there's a lot of platforms out there, I'm not gonna name them. You know, if you listen to the podcast long enough, everybody knows what what they are, right? Some are good, some are bad, most are built around just a narrow problem, collecting evidence, passing that audit, check a box, generate a policy. That's not compliance. That's not diving deep in what you need to do. The real compliance is not one event, it's not one audit, and it's not just one spreadsheet.

Dawn 4:00

Yep. It's ongoing. It touches HR, IT, legal leadership, operations, vendors, training, security risk, and client trust.

Rob 4:10

And that's the big difference. The RC1OS was not built on just as another check the box tool. It was built to help companies actually operate its compliance programs. Because compliance is not just a project anymore, it's a business function that leadership owns. That's the key piece. And if your compliance program only wakes up every 30 days before an audit or every six months before a mid-cycle checkpoints, then you don't have a compliance program, you just have a fire drill that you're just running things through.

Dawn 4:39

You're just being reactive. Yep.

Rob 4:41

Inside The Compliance Operating System

Rob 4:42

what is the VRC10 on? Should we unpack that? Okay. Well, you're the CEO today, so why don't you go?

Dawn 4:49

Not today.

Rob 4:49

Maybe tomorrow. Yeah. Well, VRC10S is a centralized operating system for managed compliance working across your business. It brings the key pieces together. It talks about the compliance tasks. We're doing the evidence collection, the policy management, the training visibility, which was a big piece we've needed to incorporate into VRC1, the risk and readiness, the audit preparation, the client communication, framework alignments, and ongoing accountability. That's we're putting together in one.

Dawn 5:18

And as we say accountability, I know our clients and people are saying, wait, does this mean I'm gonna get a billion notifications?

Rob 5:29

You're not. No. I don't even know if we're gonna get an email.

Dawn 5:33

I just, I'm just gonna put it out there. Just wait. And just as important, it gives uh the VRC1OS gives a client, you, a clear way to see what's happening. So you have a dashboard. Um instead of wondering where you are, are we ready? Uh, you can see the status, you can see uh the dashboard, the gaps, the progress. There's gonna be, you know, red action required, you know, there's gonna be those types of things, more visibility.

Rob 5:56

And like visibility matters because if you're going through our HIPAA compliance program track, and then there's SOC 2 or ISO or Hitrus, now you get to see everything. Like how are how compliant are you in all of those tracks? And it's not and it's not just another platform, it's like actually diving deeper into the evidence and actually making sure that everything is verified, and not just going, oh, this evidence for HIPAA will satisfy this part of SOC or this part of SOC will satisfy ISO. It's actually diving deeper into each of those areas and creating that confidence we need. Yeah.

Compliance As A Business Function

Rob 6:27

So we've also been talking a lot about, you know, founders and operators, right? People that have started their own businesses and people that that inherit generational businesses. And this is this is key because this is a big move for you as a business owner, as a founder. And if you're listening today, let me dive this in a little bit deeper for you. Um it's more about than passing the audit, it's about protecting the company you're building. It's about protecting the lives of the people that are on those paychecks every couple of weeks. It's about protecting the family, it's about protecting people that that are near near to you, dear to you, and uh everybody that's reliant on the business, right? Your clients are asking harder questions, your enterprise deals are getting more scrutiny. There's a lot of scrutiny now in all of the uh sales sales cycles I'm seeing now, which is which is kind of common, but it's a little bit more this year than I've seen in the past. We know the cyber insurance renewals are doubling, they're getting more detailed, and your strategic partners are becoming part of your risk profile. So any AI bot, any platform you use, a few hundred dollars a month of subscription, they are now part of your whole new governance issue. You cannot run modern compliance on a scattered document if that's in memory, right?

Dawn 7:36

Yep. Yep. And if you're running the business, I mean you're more of an operator than an owner, this will help reduce the burden. So chasing everything manually, there's a structure, there's a place to go, and there's a rhythm. Your IT partner is connected, can upload what they are required to upload on your behalf. So these are all things that it's important. But the the key is that that compliance officer is going to be the one that's going to be having that, having that leadership dashboard, knowing where their team is and if they need to engage additional team members in that. And the compliance officer may be the business owner, or it just may be an HR person, it may be a manager. It just depends on on the way the company is structured. But it this helps, this helps with the burden of gathering evidence, you know, pulling together those spreadsheets and that type of thing, putting it in one place.

Rob 8:28

It's about

Human Judgment Over Checklists

Rob 8:29

rhythm. We like rhythm. We write we like music. It's really about the rhythm of compliance and just being used to it every day. This is what we do. It's not just every six months when there's an incident or something like that. And and really what makes Van Ryan different, what makes VRC one in OS is and separating itself from other competitors in the space is we're not just handing out client platforms saying good luck. You know, that's never been our model. That's not what we do at Van Ryan. Uh we've always been founder-led, operator aware, and relationship driven. Uh, this is now with VRC One OS, it gives us a better system to deliver that work. But the human side still matters dramatic.

Dawn 9:06

Yep. Yep, absolutely. And that's the difference. Technology helps organize the work, but people still need judgment. We need to assess, right? They need interpretation. They need someone who understands the business and can help make decisions.

unknown 9:18

Yeah.

Dawn 9:19

So that's that's the difference there.

Rob 9:21

Yeah, we're not gonna have judgmental people though. So that's good. Yeah. But I don't know, maybe Emma gets judgmental, which is going through audits, but who knows?

Dawn 9:28

We're your accountability partner. Accountability partner. It's not too many notifications. I need to preface that.

Rob 9:36

There's no notifications at the point where you have to be responsible and get in there yourself. Uh and you know, it's not just about uploading those screenshots, knowing what matters. It's really about what matters and what does not matter, right? What creates risk, what clients you're going to ask for, the auditors expect, how to build a program that fits your company, and really um how VRC 10S brings a system and Van Ryan brings the judgment, right? This is how we tie it in together, or the accountability partner as Dawn speaks.

Dawn 10:04

Yeah, I don't like the I don't like judgment. Yeah, I know. Well, I shouldn't. I know why that came up. Okay.

Rob 10:08

Judgy Monday. So goodness.

AI Era Governance And Flexibility

Rob 10:12

You're funny. The key tier is really just focusing now kind of a little bit more on that AI angle, right? Is not only is VRC1 built in the age of AI, all right. We've used large language models to build out VRC1 to put a tremendous amount of automation in there. Security is a key piece. We got bots checking bots, but also massive flexibility. So now clients could, so can we do this? Can we do that? We can do a lot of that. We could do so much more now than we've ever been able to do because now we own everything in-house. We built everything, and now you as a client, you have something you want to try, an alert to a Slack channel, a Teams channel, whatever channel. We could do anything with that, right? We want to make it very seamless uh and very, very crisp. Governance and client expectations and data handling.

Dawn 11:00

Yep. Yep. And AI also changes how we deliver compliance and it allows us to move faster, organize better, and make uh information more clear, reduce some of the manual friction. So we're able to utilize that and really streamline and make things easier to understand, simplify them, but not overly simplifying it. Because again, you have to there definitely is compliance is not a simplified uh type of thing. So yeah.

Rob 11:24

Yeah, and AI is not replacing accountability, doesn't replace the leadership, does not replace the judgment, and it's it just removes the friction and makes it cleaner so that you can make better decisions faster. And uh it should never make the the clear compliance decisions because that's just too much noise. You as a human or our team, our auditors go through all that and uh put that all together. So now I'm gonna ask Dawn, who is VRC1OS for?

Who It Serves And Next Steps

Dawn 11:50

Yeah, it's for everyone. Uh VRC 10S is built for companies that are growing and need to mature their compliance program without creating unnecessary complexity. This is this is companies start from startups to companies that have been around for 30, 40 years, someone that just really needs some assistance in their compliance to be able to help them streamline it and make it uh easy to understand. So this could be this could be a company working through HIPAA, SOC2, High Trust, ISO, AI governance, vendor oversight, or security readiness in general.

Rob 12:21

Yeah, and especially companies where compliance matters to revenue. Those are key pieces as well that you've done I've talked about, Dawn. If your clients are asking security questions, if their contracts require proof, that's a big thing. Show me your reports, show me your accountability. Our leadership team is tired of reacting. This is why we built VRC 1OS. Compliance is starting to affect sales, your renewals, your client trust, operations. You need more than just a checklist. You need VRC 1OS.

Dawn 12:49

Yes.

Rob 12:51

So what should clients expect that? I'm asking you the question.

Dawn 12:54

Well, like we said, we're just gonna kind of recap uh more clarity, more visibility, more accountability with less notifications. I have to keep saying that. Less chasing, less confusion, less of a fire drill. It's more proactive and not reactive. Sure, we've got to do it. But something has to be done. But certainly we want the experience to not just be like, okay, getting through it. Oh my gosh. We want it to be a smooth process, something that's easy, something that's enjoyable, actually. Yes, compliance can be enjoyable.

Rob 13:24

It can be. Way more fun than insurance.

Dawn 13:26

And and you should know what's happening, what's happening next, where the program stands, what's the status. So that is very important.

Rob 13:33

Yep, that's the whole point. And that's what our clients, we want our clients to feel like their compliance program is not just floating around in the air that has a home, it has a structure, we have a team members, we have accountability partners that are not judgy, and it's a compliance operating system. And that's why we have built out VRC1OS. Yep. And then and the next step is making it real. So how we make that real and put that all together is launching it this week, is is putting it out there in the world and and kind of building in public and really putting all those bits and pieces together. And then we're going to continue to go ahead and send invites out to our clients where clients get to come into the VRC 1OS and how they get to interact with it. So we're very excited what it really looks like.

Dawn 14:15

Right. And it helps companies to stop treating compliance like a once-a-year scramble and treating it like a real business function. It is something they work on, maybe not every day, but kind of check in on, you know, every month. Maybe they have a new vendor, so they need to do some vendor vetting, maybe they have a new employee, so they need to add training, things like that. Yep.

Rob 14:32

Yep. And so that's the VRC 10S. We're very excited to launch it this week. Um the operating system for compliance. And if your company is ready or you want to dive a little bit deeper, stop chasing compliance and start operating it. Um we'd love to show you what we're building and continue to invite you into the Van Ride family. So I think this is a very exciting times in our little business here, Dawn. I know you're excited because you've been the bot builder.

Dawn 14:56

Yes. It's very fun.

Rob 14:57

Very fun. Did you name the bot?

Dawn 14:59

Not yet.

Rob 14:59

Okay. You don't want to name them, then it gets, you know, too too personal. No, no, no.

Dawn 15:05

Goodness.

Rob 15:06

Well, thank you all for joining us this week at the Van Ryan Compliance Podcast. Until next week, I'm Rob.

Dawn 15:11

I'm Dawn. Bye bye. Bye bye.