Send a text

We sit down with ISO auditor David Foreman to demystify ISO 27001, compare it with SOC 2, and unpack what auditors actually look for. We cover real breaches, the limits of compliance tools, the rise of 27701 and 42001, and how to win leadership buy-in.

• what an ISO certification body does and how audits work
• ISO 27001 governance plus controls vs SOC 2 opinions
• readiness and internal audit roles vs external certification
• why breaches accelerate third-party assurance demands
• scoping strategy and avoiding retrofit pitfalls
• platforms as helpers not replacements for ownership
• getting executive buy-in with clear pain and outcomes
• 27701’s privacy system and 42001’s AI management
• sectors driving demand: cloud, finance, healthcare, education, law
• partnership approach to deliver readiness and certification

Follow Mastermind on LinkedIn and email hello@mastermindassurance.com

Thank You for Listening to the VRC Podcast!
Visit us at VanRein Compliance
You can Book a 15min Call with a Guide
Follow us on LinkedIn
Follow us on X
Follow us on Facebook

Send a text

Thank You for Listening to the VRC Podcast!
Visit us at VanRein Compliance
You can Book a 15min Call with a Guide
Follow us on LinkedIn
Follow us on X
Follow us on Facebook

Send a text

We sit down with auditor and risk leader Bennie Cleveland to unpack how to make AI defensible in the real world. We cover governance, healthcare and privacy frameworks, modern attack patterns, and the playbooks that separate confident teams from lucky ones.

• defining AI ownership, approvals, data scope, monitoring and explainability
• building an AI inventory and supplier risk register
• mapping to NIST CSF, HIPAA, GDPR, SEC expectations
• deepfakes and social engineering expanding the attack surface
• darknet monitoring and proactive exposure checks
• running tabletops for ransomware, data loss and web compromise
• human in the loop and prompt discipline for high-impact decisions
• common audit gaps in IR, BCDR and communications
• vendor AI due diligence and data transfer controls
• buying fewer tools with clearer purpose and guardrails

Thank You for Listening to the VRC Podcast!
Visit us at VanRein Compliance
You can Book a 15min Call with a Guide
Follow us on LinkedIn
Follow us on X
Follow us on Facebook

Send a text

Thank You for Listening to the VRC Podcast!
Visit us at VanRein Compliance
You can Book a 15min Call with a Guide
Follow us on LinkedIn
Follow us on X
Follow us on Facebook

Send us a text

We roll out two new services—tabletop exercises and AI and automation governance—and dig deep into why tabletop drills prove readiness, resilience, and audit defensibility. From foundational policy walk‑throughs to enterprise war rooms, we map maturity levels and show how to turn SOPs into real action.

• what auditors expect from tabletop evidence
• foundational awareness, roles and policy validation
• ops drills that test detect, contain and recover
• executive crisis decision‑making and communications
• DR and BCP validation across cloud and on‑prem
• RTO and RPO targets, failover and manual workarounds
• audit defensibility, documentation and remediation plans
• cross‑functional alignment across HR, legal, IT and dev
• threat‑informed scenarios, red and blue team perspectives
• after‑action reports with owners and timelines
• annual cycles that raise difficulty and close gaps

“if you got an email from me, there’s also a coupon. so we offer 15% off a tabletop. respond to my email or just reach out to us and we’ll schedule a time”
“for the folks that aren’t clients, there’ll be more details down in the notes… or hello at vanright compliance.com”
“like or subscribe, it gets us into more people’s feeds”

Thank You for Listening to the VRC Podcast!
Visit us at VanRein Compliance
You can Book a 15min Call with a Guide
Follow us on LinkedIn
Follow us on X
Follow us on Facebook

Send us a text

We turn a deep freeze into a practical tabletop for households and businesses, building a clear plan for power, internet, people, and customers. From generators and Starlink to MFA bypass and recovery checks, we map decisions that turn chaos into continuity.

• prioritizing power layers with generators and UPS
• dual‑path internet and cellular failover testing
• handling school closures and quiet zones at home
• stocking food, water, heat, and plumbing protection
• roles, thresholds, and decision points for DR
• customer communication across email, web, and phone
• physical security, vendor contacts, and property access
• MFA backup codes and access overrides
• integrity checks and lessons learned after recovery

Like and subscribe because the more you like and subscribe, the more folks get to listen to us

We can help you here at Van Ryan if you're a current customer or you're just listening and you're like, oh, I want to know more about them. We can help you create business continuity, disaster recovery, instant response plan. And we can also help you kind of formulate a framework for tabletop exercises. That is a line of service that we offer here at Van Ryan

Thank You for Listening to the VRC Podcast!
Visit us at VanRein Compliance
You can Book a 15min Call with a Guide
Follow us on LinkedIn
Follow us on X
Follow us on Facebook

Send us a text

We compare NIST AI RMF and ISO 42001, explain why AI audits matter, and share practical steps to build trust with customers, regulators, and insurers. We lay out a simple path: write policies, assess risk, and choose the right level of assurance.

• everyday AI use cases and core risks
• why audits reveal bias, privacy gaps, and weak training
• EU AI Act context and US landscape
• NIST AI RMF governance, map, measure, manage
• ISO 42001 as a certifiable AI management system
• policy and procedure essentials for safe AI use
• vendor due diligence and trust centers
• competitive advantage through frameworks and certification
• stepwise path from policy to assessment to certification

Email us at hello@vancompliance.com or drop a question in the comments so we can help you choose the right path and get your AI program audit-ready

Thank You for Listening to the VRC Podcast!
Visit us at VanRein Compliance
You can Book a 15min Call with a Guide
Follow us on LinkedIn
Follow us on X
Follow us on Facebook

Send us a text

We draw a hard line between frantic resets and a steady compliance rhythm that proves readiness when it counts. Clear ownership, small cadences, and current evidence cut drama, reduce risk, and build trust with auditors, partners, and customers.

• defining readiness as proof not perfection
• event-based scrambling versus behavior-based cadence
• maturity signals auditors actually trust
• named owners and deputies for continuity
• weekly to annual review rhythms that stick
• avoiding tool creep and demanding real evidence
• aligning to HIPAA, SOC 2, ISO, HITRUST and privacy laws
• structure and measurement over willpower and heroics

Join Rob and Dawn for our “How To Do An AI Audit” webinar this week

Like and subscribe to help more people build a compliance rhythm

Thank You for Listening to the VRC Podcast!
Visit us at VanRein Compliance
You can Book a 15min Call with a Guide
Follow us on LinkedIn
Follow us on X
Follow us on Facebook