ITSPmagazine Podcasts

Bringing a Consistent, Personable and Hands-On Approach to Compliance | 7 Minutes on ITSPmagazine From HITRUST Collaborate 2024 | A IS Partners Short Brand Innovation Story with Ian Terry and Robert Godard

Episode Summary

Join Sean Martin as he chats with Ian Terry and Robert Godard from IS Partners about making compliance fun and approachable for businesses, all while sharing insights from the HITRUST Collaborate event. Discover how IS Partners uses a collaborative and engaging work culture to navigate complex cybersecurity and compliance frameworks successfully.

Episode Notes

In this episode of 7 Minutes on ITSPmagazine from HITRUST Collaborate 2024, Sean Martin is joined by Ian Terry and Robert Godard from IS Partners to discuss the importance of compliance in modern corporations. Ian and Robert share their insights from the HITRUST Collaborate event, shedding light on their company's unique approach to cybersecurity and auditing.

Robert Godard explains that IS Partners was founded with a startup mentality, emphasizing collaboration and a fun work environment. This culture aims to make compliance efforts less daunting for both their team and their clients. Ian Terry adds that fostering an enjoyable work atmosphere is crucial for engaging and committed outcomes, especially in the dynamic world of information security.

One significant point discussed is the balance between fun and professionalism. Ian highlights that while the job can be stressful during cybersecurity incidents, the focus on industry changes and continuous learning keeps the work interesting and rewarding. The duo also touches on how IS Partners assists clients in navigating complex compliance frameworks. Their tailored approach ensures clients not only meet regulatory requirements but also achieve their business goals.

The episode concludes with a note on the importance of events like HITRUST Collaborate for networking and professional growth.

Learn more about IS Partners: https://itspm.ag/isparto2jk

Note: This story contains promotional content. Learn more.

Guests: 

Ian Terry, Principal, Cybersecurity Services, IS Partners [@ISPartnersLLC]

On LinkedIn | https://www.linkedin.com/in/ian-terry/

Robert Godard, Partner, IS Partners [@ISPartnersLLC]

On LinkedIn | https://www.linkedin.com/in/robert-godard-cpa-cisa-hitrust-ccsfp/

Resources

Learn more and catch more stories from IS Partners: https://www.itspmagazine.com/directory/is-partners

Learn more about 7 Minutes on ITSPmagazine Short Brand Story Podcasts: https://www.itspmagazine.com/purchase-programs

Newsletter Archive: https://www.linkedin.com/newsletters/tune-into-the-latest-podcasts-7109347022809309184/

Business Newsletter Signup: https://www.itspmagazine.com/itspmagazine-business-updates-sign-up

Are you interested in telling your story?
https://www.itspmagazine.com/telling-your-story

Episode Transcription

Bringing a Consistent, Personable and Hands-On Approach to Compliance | 7 Minutes on ITSPmagazine From HITRUST Collaborate 2024 | A IS Partners Short Brand Innovation Story with Ian Terry and Robert Godard

Please note that this transcript was created using AI technology and may contain inaccuracies or deviations from the original audio file. The transcript is provided for informational purposes only and should not be relied upon as a substitute for the original recording, as errors may exist. At this time, we provide it “as it is,” and we hope it can be helpful for our audience.

_________________________________________

Sean Martin: [00:00:00] And here we are ready for another seven minutes on ITSP magazine for a new short brand story. I'm thrilled to have Ian Terry and Robert Gattara with me from IS Partners. Thanks for joining me. Thank you. Thank you, Sean. Super excited to be here. We're at the HITRUST Collaborate event and learning all about the ways we can help corporations become more compliant. 
 

And you guys have an interesting take on this. Maybe if you could tell me a little bit about how I. S. Partners was founded. I think there was a part of the charter, at least the goal to have fun as part of what you do. So I don't know if you know that.  
 

Robert Godard: I mean, um, so, yeah, the firm started roughly 20 years ago. 
 

Um, you know, at the point in time, the founders of the firm. Um, they came from a bigger audit firms, you know, so your traditional more CPA type firms. So when they started the firm, um, you know, it was basically out of, um, necessity for SOC 1, SOC, well at the point in [00:01:00] time it wasn't SOC 1, but it was SSA 16s, um, and then morphed into the SOC 1s. 
 

Um. But it was, it was meant to be more of like a startup feel. So you come in collaborative. Yeah. Like, so you came in, um, when, when I joined the firm, um, you know, you come into the office and it was more collaborative, wide open, kind of what you would expect out of a, um, out of a startup, right? You're all kind of in there collaborating, making sure that, uh, the job is getting done. 
 

Um, and then it kind of morphed into, um, I. T. Compliance also. And then that's kind of when Ian, um, joined it on the farm and you can kind of go from your experiences.  
 

Ian Terry: Yeah, absolutely. And going back to your comment on the original charter, fun being a major element. I think that in my experience, certainly fun is a critical part of what we do in a lot of ways. 
 

Because, uh, when you're not having fun in the work that you're doing, or the industry you're a part of, it's really hard to feel engaged and committed, [00:02:00] uh, to positive outcomes. Right? And I think that focusing on the dynamics, the changes that exist in the industry and cyber security and the different standards, uh, actually makes the job itself fun. 
 

Especially for people like me and Rob, who enjoy challenges and enjoy learning and expanding our scope of knowledge. And, uh, and I think that that reflects in the quality of work and the outcomes associated with our clients. So how,  
 

Sean Martin: how do we get there? 'cause the, there, there's the funnel meter, right? , . So there, there is having fun, but the opposite is this is not fun. 
 

Sure. It's a lot of organizations do us. What are some of the challenges that you're trying to help overcome so you can start to move the needle on this becomes fun.  
 

Robert Godard: Sure. So I, I would say some of the, some of the challenges are when you, when an engagement does. or client comes on board. Um, it's to manage the expectations and to manage them through the, through the engagement. 
 

Um, a lot of times, especially if that's the first time engagement, they may be nervous, may not have an [00:03:00] understanding. So in order to take those complex aspects of an engagement and just bring it back and make them more comfortable, uh, I think we do a fairly good job at doing that.  
 

Ian Terry: Now, on the other hand, certainly there are a lot of times where you know, You know, it's not so much fun because ultimately, our impact on different industries and really on individuals is tangible and important. 
 

So, you know, certainly we're not really wisecracking many jokes when a seeshow gives us a call and there's a cyber security incident, certainly. But so I think, you know, balancing just awareness of the context serves us very well.  
 

Sean Martin: So what question What are some of the engagements like? Where do you, where do you start with them? 
 

Where do you take them to? How often do you kind of work with them?  
 

Robert Godard: So, um, it depends. Um, so if, um, most engagements start with a general kickoff call, the introductions to ourselves, um, and the team. Um, and then from there, whatever the audit may be, or the assistant that we may be [00:04:00] performing, we'll give a background information, um, on that. 
 

And then usually from there, create a schedule to work with the, um, with the client and the subject matter experts that we may be coordinating with internally. Um, Um, I think what we do from a perspective of making an easier assessment, especially if there's multiple ones. So, like, for instance, if Ian and I are, we're on two different sides of the audit, he does more technical IT stuff, um, while I'm on, like, the, the CPA high trust pieces of it. 
 

So, like, he's doing a PCI and I'm doing a, and doing a high trust, you know, we, uh, have the ability to coordinate with each other. Um,  
 

Sean Martin: and talk to me, how about, is that, I'm sure that's easier because high trust helps with. So talk to me about that.  
 

Ian Terry: Oh, absolutely. And that's what's awesome about high trust in general is that it maps so well to different frameworks that even go beyond just the health care specific context. 
 

So a lot of our entities want to present, they want to put their best foot forward with respect to, you know, their, their market that they're [00:05:00] trying to appeal to. High trust is certainly going to be a part of that, but maybe they want to expand into something like payment card industry, uh, data security standard or PCI DSS as one example, or even maybe some federal adjacent opportunities in the market where NIST 853 or CMMC might come into play. 
 

High trust as an anchor conceptually maps very well across all of those frameworks.  
 

Sean Martin: And what are some of the, The outcomes you're seeing working with clients, they let's come and maybe the raising the bar to the fundameter to the top level. Where, where do you hear them say that that was a great experience? 
 

Or what do you, what do you hear?  
 

Ian Terry: Yeah, I think I as partners in particular does a fantastic job of really understanding the idiosyncrasies of our clients. All of them have their own unique offering services and own markets. They're trying to appeal to and tap into. And I think that's a critical component to our service is really [00:06:00] understanding not only the, you know, their own security and privacy practices, but, uh, you know, their focus, their goals and their their business, uh, environment. 
 

Sean Martin: Expertise is a big thing. So, I don't know. How do you build your team to maintain the knowledge you have?  
 

Robert Godard: Um, so, so to maintain the knowledge, um, you know, I, I think for us, um, it's constant with going to CPEs with, um, making sure that we're fundamentally following where the industries are going. 
 

Uh, so, you know, we'll, we'll come to these events such as here at the, at the High Trust Conferences. We'll go to other events. I mean, other additional I. T. Or, um, compliance conferences to understand, Hey, where is the industry going and make sure we put those focuses in place internally on our end? 
 

Ian Terry: Yeah, there's so many opportunities to get out there and network and interact directly, not only with the market itself and potential clients and people we want to provide services to. 
 

But even, you know, it's all in the [00:07:00] name, right? High trust collaborate. And in this instance, we're able to kind of collaborate and interact with From a different perspective, maybe consider our competitors. But here, you know, we're all in the same purview. We're all trying to learn and better the industry itself. 
 

And that's what's super exciting and allows us to, you know, improve our subject matter expertise.  
 

Sean Martin: Collaboration is exciting. And that's 7 Minutes here on ITSB Magazine.