VanRein Compliance Podcast

Rob & Dawn Van Buskirk
  • 5.0 (11)
  • Entrepreneurship
  • Updated Weekly

Learn how you can secure the future of your business with a clear plan to reduce your risk. We discuss all compliance and data security matters of SOC2, ISO27001, HIPAA, GDPR, CPRA, NYShield, Texas HB300, ISO27001, HiTRUST and include life stories as well. It's NOT just a boring BizCast. We also talk about our Family Business and how you can start your own Family Business that will reshape your future.

  1. 1d ago

    Founder-Led Compliance for Founder-Led Companies

    Send us Fan Mail We talk about why founder-led and family-owned companies need to treat compliance as protection for trust, reputation, and long-term growth. We share the most common gaps we see as teams scale and how to build simple ownership so you stay audit ready without getting overwhelmed.  • why founder-led compliance feels personal and why reputation matters  • compliance as protection for clients, payroll, and the business foundation  • how client questionnaires and certifications drive trust and sales  • common gaps we see: outdated policies, weak training, inconsistent processes  • vendor and third-party risk, including where data flows downstream  • risk analysis as the backbone for finding vulnerabilities and audit readiness  • AI tools used without approval and the data security impact  • succession planning and access control for legacy businesses  • operational ownership of compliance, including HR compliance across states  • M&A due diligence beyond the P&L, focusing on breaches and security debt  reach out to us. Put us in the chat, send an email to hello at Van Ryan Compliance.com, and Shay will grab that and we'll schedule time to do a founder compliance review. Thank You for Listening to the VRC Podcast! Visit us at VanRein Compliance You can Book a 15min Call with a Guide Follow us on LinkedIn Follow us on X Follow us on Facebook

    16 min

  2. May 6

    Your GRC Platform is Fake. Here’s What Actually Builds Trust

    Send us Fan Mail The “trust center” trend is getting weird fast. If your security page is a glowing badge, a wall of green checks, or a portal that forces buyers into an access request black hole, we think you’re signaling the wrong thing and losing deals you should be winning. We break down why traditional GRC tooling often turns into compliance theater: lots of workflows and mapped controls, but very little proof when a customer asks for the last risk analysis, a HIPAA audit artifact, a SOC 2 report, an ISO 27001 result, or a penetration test. With HIPAA 2026 changes raising the bar, smarter SOC 2 and ISO buyers comparing vendors, and AI risk forcing real visibility into data flows and tool approvals, “we’re compliant” is no longer a convincing answer. We share a practical blueprint for building a real trust center backed by evidence. That means linking to the right reports (without dumping confidential data), publishing executive summaries for pen tests and vulnerability scans, showing MFA enforcement and encryption proof, and keeping dates, signatures, and update cadence visible so trust builds over time. We also talk about vendor oversight and risk visibility, including how to think about sharing risk in a way that shows maturity rather than perfection. If you want your compliance program to speed up sales instead of slowing it down, listen now, then subscribe, share this with your security or revenue team, and leave a review so more builders can move from checkboxes to real trust. Thank You for Listening to the VRC Podcast! Visit us at VanRein Compliance You can Book a 15min Call with a Guide Follow us on LinkedIn Follow us on X Follow us on Facebook

    11 min

  3. Apr 29

    AI Boom: Navigating the Compliance Minefield

    Send us Fan Mail AI is already inside your business, and the uncomfortable truth is you might not even know where. Copilot in Microsoft, Gemini in Google, bots layered on top of bots, and “quick tests” in personal accounts all create real compliance risk the moment sensitive data enters the mix. At the same time, regulation is tightening fast, which means the gap between how teams use AI and what auditors expect is getting more dangerous by the week. We walk through what’s changing globally with the EU AI Act and its risk-based tiers, then bring it home to the US reality with HIPAA compliance and the coming pressure on the HIPAA Security Rule. We talk plainly about what enforcement-ready security looks like: multi-factor authentication everywhere ePHI touches, encryption in transit and at rest you can prove, audit logging that shows who did what, and risk assessments that aren’t just checklists. We also dig into vendor accountability, why Business Associate Agreements still matter, and how to validate a partner’s security posture through trust centers, real certifications, and subprocessor transparency. Then we get practical about AI governance. We share the guardrails we rely on: mapping data flows, keeping an AI tool inventory on your supplier register, setting an AI usage policy your team can actually follow, and using a human-in-the-middle approach to reduce hallucination and patient-safety liability in healthcare AI. If you’re trying to stay audit ready for HIPAA, SOC 2, ISO 27001, or HITRUST while still moving fast with AI, this gives you a clear path forward. Subscribe for more compliance and security guidance, share this with your leadership team, and leave a review if it helped. What AI tool is already embedded in your workplace stack? Thank You for Listening to the VRC Podcast! Visit us at VanRein Compliance You can Book a 15min Call with a Guide Follow us on LinkedIn Follow us on X Follow us on Facebook

    21 min

  4. Apr 15

    AI + HIPAA: What Actually Matters (And What Doesn’t)

    Send us Fan Mail AI is already inside your healthcare workflows, your vendors, your phones, and your inbox. The hard part is not getting access to the tools. The hard part is using AI without quietly leaking PHI and waking up to a HIPAA breach you never saw coming. We break down the question most teams ask the wrong way: “Is AI HIPAA compliant?” HIPAA wasn’t written for large language models, but the law still applies, and the responsibility still lands on you. We walk through how AI fits into the HIPAA Privacy Rule (who can access PHI), the HIPAA Security Rule (encryption, access controls, audit logs, and evidence), and the HIPAA Breach Notification Rule (what you must do when something goes wrong). We also talk about why “HIPAA-ready” marketing claims mean nothing without a signed Business Associate Agreement (BAA) and a real vendor risk conversation. Then we get practical: shadow AI, staff copying PHI into chat tools, data leakage through model training defaults, and the basic governance moves that prevent all of it. You’ll hear our recommended AI acceptable use policy structure, how to build an AI inventory and risk register, what an AI risk assessment should evaluate, and why penetration testing and vulnerability scanning matter even more as regulations tighten. If you want to move fast without losing control, subscribe, share this with a teammate who’s rolling out AI, and leave a review. What AI tool is your organization using today, and do you have a BAA for it? Thank You for Listening to the VRC Podcast! Visit us at VanRein Compliance You can Book a 15min Call with a Guide Follow us on LinkedIn Follow us on X Follow us on Facebook

    16 min

  5. Apr 8

    Compliance Isn’t Enough Anymore—So We Built This

    Send us Fan Mail We launch new penetration testing and vulnerability scanning services and explain why passing audits still leaves hidden security risk. We lay out a practical testing cadence, how it maps to HIPAA, SOC 2, and ISO, and how proactive validation builds trust with clients before an attacker forces the lesson.  • compliance versus security, why policies do not stop attacks  • why 2026 attackers scan and exploit automatically  • vulnerability scanning as continuous monitoring with risk scoring and remediation tracking  • penetration testing as manual plus automated ethical hacking  • recommended cadence, monthly scans and annual pen tests  • when to retest, major changes and post-remediation validation  • mapping testing evidence to HIPAA risk analysis, SOC 2 controls, ISO 27001 requirements  • third-party reports for security questionnaires and deal credibility  • one-stop delivery to cut coordination time and reduce scrambling  If you go ahead and email us at hello at vanriancompliance.com, and you mention that, hey, Robin Don said I need a free t-shirt, we're gonna send you a free t-shirt. If you like and subscribe, and the more you do that, the better, the better the Van Ryan Compliance podcast can grow and reach more people  Thank You for Listening to the VRC Podcast! Visit us at VanRein Compliance You can Book a 15min Call with a Guide Follow us on LinkedIn Follow us on X Follow us on Facebook

    17 min

  6. Apr 1

    How Family Businesses Build Legacy And Trust

    Send us Fan Mail Most people say they want a legacy. Then they run their business like it only needs to survive the next quarter. Rob and Dawn come back from the NAEO conference in San Antonio with a clear question for every owner: are you building something that lasts, or something that just pays? We talk about what it looks like when a company actually makes it to 50 years, using Mtelco’s anniversary as a real-world case study. That opens up the bigger conversation around family business, multi-generational ownership, employee retention, and why “relationships over transactions” is not a slogan, it’s a strategy. We also get honest about the grind of small business life: work and life aren’t balanced, they’re woven together, and the only way it works is prioritisation, delegation, and building a team that believes in what you do. Then we bring it back to the risks that can end a legacy fast. Cybersecurity and compliance are no longer optional if you want to stay audit ready and keep customer trust. We break down why incident response plans, disaster recovery planning, vulnerability scanning, and penetration testing matter, plus how AI governance needs guardrails so new tools don’t create new exposure. We close with the often-avoided topic of succession planning: if something happens to you, who runs the business, who calls the attorney, and how does payroll continue? If you got value from this, subscribe, share the show, and leave a review. Are you building for decades or chasing the next deal? Thank You for Listening to the VRC Podcast! Visit us at VanRein Compliance You can Book a 15min Call with a Guide Follow us on LinkedIn Follow us on X Follow us on Facebook

    32 min

  7. Mar 11

    May 2026 HIPAA Changes: What Every Organization Must Do Now

    Send us Fan Mail We break down the largest HIPAA Security Rule update in 15 years and explain what it demands from healthcare, SaaS, and telehealth teams. Clear requirements replace ambiguity with MFA everywhere, stronger encryption, real testing, faster recovery, and rapid partner notices. • why HIPAA must modernize for cloud, AI and telehealth • how ransomware pressure shapes stricter controls • asset and data inventory as the foundation • MFA as a universal, required control • encryption across endpoints, transit and rest • security testing with scans, pen tests and AV • network segmentation to stop lateral movement • incident response tested annually with 72‑hour restore • 24‑hour notification to partners • evidence‑based audits and stricter access management • vendor due diligence and AI governance • timeline to effective and compliance dates • three actions to start now: risk analysis, MFA rollout, vendor inventory Need help with a risk analysis? We can get a report together so you can see your risk and plan forward Thank You for Listening to the VRC Podcast! Visit us at VanRein Compliance You can Book a 15min Call with a Guide Follow us on LinkedIn Follow us on X Follow us on Facebook

    18 min

  8. Mar 4

    Unlocking ISO Compliance with David Forman Founder of Mastermind Assurance

    Send us Fan Mail We sit down with ISO auditor David Foreman to demystify ISO 27001, compare it with SOC 2, and unpack what auditors actually look for. We cover real breaches, the limits of compliance tools, the rise of 27701 and 42001, and how to win leadership buy-in. • what an ISO certification body does and how audits work • ISO 27001 governance plus controls vs SOC 2 opinions • readiness and internal audit roles vs external certification • why breaches accelerate third-party assurance demands • scoping strategy and avoiding retrofit pitfalls • platforms as helpers not replacements for ownership • getting executive buy-in with clear pain and outcomes • 27701’s privacy system and 42001’s AI management • sectors driving demand: cloud, finance, healthcare, education, law • partnership approach to deliver readiness and certification Follow Mastermind on LinkedIn and email hello@mastermindassurance.com Thank You for Listening to the VRC Podcast! Visit us at VanRein Compliance You can Book a 15min Call with a Guide Follow us on LinkedIn Follow us on X Follow us on Facebook

    45 min
See All (84)

5
out of 5
11 Ratings

About

Learn how you can secure the future of your business with a clear plan to reduce your risk. We discuss all compliance and data security matters of SOC2, ISO27001, HIPAA, GDPR, CPRA, NYShield, Texas HB300, ISO27001, HiTRUST and include life stories as well. It's NOT just a boring BizCast. We also talk about our Family Business and how you can start your own Family Business that will reshape your future.

Information

  • Creator
    Rob & Dawn Van Buskirk
  • Years Active
    2021 - 2026
  • Episodes
    84
  • Rating
    Clean
  • Copyright
    © 2026 VanRein Compliance Podcast
  • Show Website
    VanRein Compliance Podcast