Episode 1

July 29, 2025

00:37:08

Compliance Risk Management

Hosted by

Dan Bergeron
Compliance Risk Management
SkyTerra Podcast
Compliance Risk Management

Jul 29 2025 | 00:37:08

/

Show Notes

Join new host Deborah McIsaac and her co-hosts for this episode, Darren and Valerie, as they discuss Compliance Risk Management and how it can benefit your business. 

View Full Transcript

Episode Transcript

Deborah: Welcome to the SkyTerra Podcast, where we are empowering your business to do more. I’m your host, Deborah McIsaac. Every other week we’ll explore the world of technology: what has changed, how it might impact your business, and why it matters to you. We will bring you interviews with business and industry leaders, and discuss how technological advances impact your business and our lives. Whether you’re a tech enthusiast, a professional in the field, or just curious about the future, this podcast is for you. So grab your headphones and join us on this exciting journey into the world of technology. Let’s get started. Deborah: Hey, thanks for joining us today with SkyTerra. I have a couple of members from our compliance team joining me today, Darren Shrever and Valerie Rogers. And we're gonna be discussing a little bit about compliance, risk management. Sounds like a hot topic, don't you think? Darren: Yeah, thanks for having us, Deborah. Happy to be here. Valerie: Yeah. Excited to be here today with you, Deborah. Deborah: Wonderful. So we're usually known for our security, right? You know, security runs in our DNA is a tagline that I hear all the time going through our hallways. And so with that, compliance risk management is something that really is foundational with how we approach, a lot of our projects. But compliance has a nice spin, doesn't it? It has a little extra layer, don't you think, Valerie? Valerie: I do. It's funny, compliance, you think of it in different facets in business. So, an accounting person may think of one thing when it comes to compliance versus the CFO or COO has a different version of what compliance is. And then you get down to the IT staff and they have a different version of what compliance is. And, at the end of the day. All those systems do integrate and are all in subject of compliance risk management. Deborah: So tell me a little bit about why is compliance so crucial? It seems obvious, but I think that there's some underlying secrets and things that should be taken into consideration, especially from your point of view. Darren: When you think of compliance risk management, what it really is, is you're dealing with, identifying, assessing and mitigating risks that arise from being non-compliant. Now, how that applies to your company or your organization is you may fall under certain framework requirements that you either are aware of or are not aware of, or, we'll be falling under that tomorrow that you're not under today. Things like GDPR, HIPPA, PCI, SOC 2, CMMC, the list goes on and on. Companies that used to not be required to fall under these frameworks are now being asked to adhere to them more than ever before. A lot of this comes from just the fact that we are a litigious society and personal information has become more valued over time. And with the, adoption of things like AI and other, methods of really gaining lots of access to people's private information or business information, how you govern that information becomes more important than it ever has before. So for the example of SkyTerra we fall under SOC 2 compliance. This is something that when we first started, SkyTerra wasn't even an issue. No one ever asked us about that. It wasn't even a conversation point. But now it's more often than not, we are asked that question very early in the conversation. When we're developing a new relationship with the customer, they're saying, are you SOC 2 compliant? 'Cause if you're not, we don't wanna do business with you. So more and more. The requirement to be under some sort of a framework that you have to adhere to is becoming very prevalent in the world. Deborah: You know, you make a really good point, Darren, because, frameworks are definitely something that we operate in on a daily basis. So if someone in an organization realizes, "Oh no, I'm going to be subject to this compliance stuff, or maybe they've been subject to compliance for a while and they're just wrapping their hands around it, there's a lot of tools out there. That help you with compliance, right? It doesn't have to be just this rote manual process. Valerie: Yeah, absolutely. When you think about, compliance risk management, you're trying to put in, tools and processes and procedures to manage this daily so that first of all, you're prepared, to either deal with a breach or mitigate, the risk of having a breach and having all these systems and policies in place. It does take work. It takes some effort to get it going. And that's really where you get into the compliance risk management, is you're doing the legwork to prepare yourself , and then at the same time, monitor yourself continuously. So you may be, new to this process and you're getting up to speed and you're working towards meeting a specific compliance framework. And there's a lot of underlying things that has to be done. You have to have written policies, you have to make sure your technical solutions are actually meeting these written policies that you're adhering to it. And then the last part that people don't think about, you know, they may think about the audit and the paperwork involved with the audit. But what you need to also think about is maintaining it. You need to be maintaining it all the time because if you're compliant for one isolated part of the year, that's not really managing the risk. You need to be continuously managing it and monitoring it and improving it as new risks appear because as we all know cyber threats, there's new ones every day. So there are always new risks out there and we have to get ahead of those. And having a good compliance risk management program, supports that. Darren: And if I could just jump on what Valerie said for a second. Gone are the days of rubber stamp compliance. I spent the bulk of my professional career falling under some sort of a compliance framework. I was lucky or unlucky, however you view it, to be under, Sarbanes Oxley for years, well before anybody else was doing compliance, we were doing Sarbanes Oxley. I moved to a company that was under PCI compliance and another one that had HIPAA compliance. So I was always under some sort of a framework. And it used to be and days gone by, you would say you were compliant. You would turn in all your policies and your paperwork, and like Valerie said, you were maybe compliant ish and maybe you were compliant at the time. You went through the audit, but you weren't living in compliance. All you were doing was satisfying some requirement to pass an audit. Now we have tools that we work with and systems that we put in place that make it so that you're not only compliant on paper, but you're actually living that compliance every day. And quite honestly, that's something that helps me sleep a lot better at night knowing that we have all of these controls in place that govern how we operate at SkyTerra and I know for a fact that we are living by them and we actually have these protections in place. And when something doesn't comply or we fall out of compliance in an area, we are notified right away and we are right on top of it because we have a system in place to manage that ongoing. So that's the difference between 10, 15 years ago compliance and 2025 compliance. Deborah: So what you're saying is when it comes to compliance risk management, we really do eat our own dog food here at Sky Terra. Darren: We live it, we breathe it every single day. Deborah: I love how you guys are positioning this, and this really is great for me to wrap my hands around it as well because compliance, risk management is kind of self-defining. Compliance is the motivator. You know, we have to remain compliant. Risk is what we're trying to avoid. Right? We're trying to minimize the risk and management is how do you handle the behemoth amount of information? Because you're tracking endpoints, you're tracking documentation, you're tracking, you know, security. There's all different pieces of information into Val's point. You're also looking at it through the lens of many windows of the same house. How do you manage the amount of information? Valerie, I remember you telling me stories about doing this manually, then it would take you weeks and weeks And spreadsheets and spreadsheets and files and spreadsheets and screenshots and spreadsheets. And did I mention spreadsheets? Trying to keep everything in line and current. And also you made the point that it's not something you can do once and walk away. It's a continuous process. How have we at Sky Terra evaluated this internally and then made an evaluation that this is something we can help our clients with? Valerie: Sure. So what you have to understand, when you're talking about, a compliance framework. All these compliance frameworks list various set of controls that they're calling the standards, that you're going to be audited on. And you have to understand it. It's not a hard, fast, and true guidelines on exactly how you have it configured. It is guidelines on what the requirements would be to meet a control standard. It's very similar to, gap general, accepted accounting principles, right? So there are guidelines on what the best practices are and what you should be doing from an accounting standpoint, but it doesn't actually tell you how to build out your general ledger or, or do your exact your books in your accounting system. Compliance frameworks are very similar. Where they're guidelines and you're sitting and you're trying to meet these controls. And even when we, worked with our engineers, years ago when we were getting our SOC two type two certification for the first time, we had to sit and explain how it works and what they're looking for, and then how do you produce the evidence to get that? The challenge is. Like you said, with the spreadsheets, all those spreadsheets and the screenshots, and this is, there are many, many controls and it's a lot of work to keep track of it. It's almost a full-time job for an organization if you are doing this manually. The advantage when Sky Terra went through to get our first SOC two, type two is we decided we can't do this manually. Darren and I spearheaded it, with our roles in the organization and we have full-time other jobs here and we didn't have time to make a full-time job of getting a SOC two type two. So we found, a GRC tool that helped us in automated. More than 70% of the work, and also helped us map out and reevaluate our written policies that needed to be adjusted, modified, enhanced, so that we were going to meet these controls, and those served as a roadmap for us to make any technology changes that we needed to make. Deborah: So what I'm hearing is that in your evaluation and trying to keep us compliant and trying to, make sure we're doing best practices in-house, you all found basically a compliance risk management shaman. Valerie: Yeah. Darren and I felt it extremely valuable. So we were able to integrate, our various technology systems and, when people sometimes think about, frameworks like this, when it's coming to IT, security, it's not just, you know, your IT, it's not just your Microsoft tool, it's your HRIS system. It's your Human Resources information system. It's your cybersecurity awareness training program. These are all integrated as part of meeting, compliance risks and mitigating compliance risks. So to bring these really kind of disparate systems that aren't interconnected, it's not like you can go into one report or one dashboard and get all the evidence you need. To prove that you are meeting the standards across the board of SOC two, type two. You need to integrate and map all these different systems and maybe different technology providers that you're using and using a good, GRC tool. It brings it all together so that then you're taking these unrelated systems and you're bringing it into one view where you can go and manage the risks. And map these systems to the controls as well as automation. Where it does work in the GRC tool, it'll actually go in and grab a lot of the evidence or grab a lot of the, compliance, standards for you. And it drastically reduces the time it takes to do this, monitor it, and maintain it because you are automating it. Darren: That's right. So really what it does is it's taking all these disparate systems that Valerie mentioned that don't normally talk to each other, through read only API calls to get technical for a second. It's gonna hook into those, is going to gather information. It already knows what information to look for and has mapped it to a certain amount of those controls already. So it's going to automatically go in there and read the data and tell you whether you are or not compliant with that particular control. If you're not compliant, it's gonna tell you exactly where you're not compliant and why, and it'll give you instructions and the high level, you know, on direction on how to go and actually try and address that. What's interesting is, you mentioned spreadsheets and supplying all kinds of evidence. So, I'll go back to the 10, 15 years ago again, or 20 years ago. I can't tell you how many trees I cut down by printing out reams and reams of evidence. I don't do that anymore at all, but all the evidence that we supply is either through those API calls that are automatically are measuring your controls or having a hook into this system is the auditors themselves. The auditors see this data real time on the back end of the GRC system. And they'll go in there and say, Hey, I need you to find me this piece of information, supply this evidence. And it just pops up on our dashboard as a task for us to do. My auditor says this controls a little weak, I need a little bit more supporting information. We can go in there and just manage it from a task management point of view and go through and just, bang out those controls till we're green. Valerie and I love it because it's, if you have OCD and you like organization, it's very friendly to that because it's a dashboard with traffic lights on it and if everything's green then we're happy. When we see red pop up, oh, you go and you attack that red. You and you figure it out and you know, we meet regularly, but we spend very little time on it. That regular meetings really is just to kind of care and feed the environment, to make sure we maintain that daily compliance. Valerie: We're actually, in our audit, period right now, so we're continuously under review, for SOC two, type two. You never really stop being in review. You're always in a review cycle and towards the end of the review cycle, your auditor comes in and it's time to do that extra evidence collection. So, we actually ironically kicked it off last week, and we're working through our cycle and our auditor has come back with. About 10 controls they needed evidence on. It's annual stuff. Checking to make sure that we did deliver, employee performance evaluations this year. And they will list our employees and give me a sampling of names and I have to go produce the evidence that we did it or new hires with background checks, just as an example. It's so simplistic. So we had our kickoff meeting with our auditor. It was, more of a friendly conversation 'cause we've been working with them for years and we know what the process is gonna be and we know what to expect. And, you know, they're starting to send me evidence requests and I get an email through the GRC tool, sends me an email right to my Outlook and says, "Hey, your auditor is looking for this." I jump in the tool, I actually get to look and see what I did last year. 'cause occasionally we have new controls. The framework might change. And there'll be new controls and it's net new evidence that you haven't produced before, but for the majority of the time, you've produced it year over year. I get to go in, I get to look at what I did last year to refresh myself because there's a lot of controls to memorize. I go produce the new evidence. I pop it right in the tool. I'm not emailing this. It's all securely stored in our tool. And our auditors have an auditor access view into my tool. So nothing's leaving my environment, nothing's leaving the control of SkyTerra. It's all there. It's maintained. For data governance purposes, it's secure. And then my auditor gets the evidence. And they send me little messages back and forth if maybe I didn't provide it correctly this year, like I did last year, and they'll correct me. And they communicate through us right through the tool and it makes it so during our audit period, it typically runs about two months. And we'll have biweekly meetings with them. We get towards the end, our biweekly meeting is 15 minutes, on just maybe any next steps. And it makes that audit period. It's really a breeze. It is not a stressful time for Darren and I, where you go to other audits and you, hear clients who maybe don't have a program like this in place and their audit season is very, very stressful for them. It's taking away from their day job. It's really been time consuming and Darren and I cruised through the audit last year at maybe collectively between Darren, myself, and some of our technical resources. If we put more than 20 hours in, I'd actually be surprised. Darren: Most of that time was in meetings, just reviewing and ensuring that we didn't have any gaps and having those, I think the auditors like to have conversations with us just to justify that they're still doing something. 'cause, our auditor likes us a lot because we are probably the most boring client to audit. 'Cause we have our collective stuff together. We know what we're doing. Our controls are always compliant. When they're not, they never have a chance to reach out to us to tell us we're not compliant 'cause we fix it before they even do it. So this is really the importance of having that GRC system and then the management program on top of that to maintain it and care and feed for it. Because something Valerie hit on earlier is once you are in the review period, you're always in the review period. So SOC two, type two, the difference between type one and type two, type one is a point in time report. You were compliant on this day. Type two means you were compliant for a period of time. For us, that compliance period is 365 days. So as soon as one period closes, the next one starts. We are never not under a review period, and most of our clients are the same way. Everybody, if you are under PCI, you're never not under PCI. If you're under HIPAA, you're never not under HIPAA. So once you start and attest that you are compliant, it is forever forward. So having that GRC system and that management program to help you care and feed for it is super, super important. Valerie: Yeah. Another advantage of having, a compliance risk management system, in these processes in places, nothing is worse than being a vendor. And your client asks you for your SOC two type two certification. They get a copy of it. It's very common request, and you have to sit there and say, "Well, I have a bridge letter, meaning." We're still working on our audit or we're still working through some stuff and we actually don't have a current SOC two type two certification. Like that's not a great feeling and it doesn't instill confidence, , with the program that SkyTerra has developed internally and then also we've now developed and made this something we can actually offer and support with our clients. We've never had to have a bridge letter. We've never had an exception on any of our soc two type two reports, which is really, it actually says something. It's a testament to, to the work we put into it. It makes, a very. Good level of trust for our clients and it's actually part of the review when we go to deal with our cybersecurity insurance every year. You know, that's a big thing. Every organization, regardless if you're IT organization or you're an accounting firm you own a shop down the street, everybody, has a risk. And more and more people need cybersecurity insurance. And when we went to our assessment through the insurers again this year, because we have our SOC two type two, because we have a compliance risk management. We flew through that process and our rates actually went down this year for the second year in a row for our cybersecurity insurance. Deborah: Wait a minute, you're saying that our cyber security insurance rates went down two years in a row? Valerie: Yep. Deborah: That's not normal, is it? Valerie: It's not. That, , that's a probably a whole nother podcast, but, you know, , yes, we, we haven't had an increase in our rates in over two years. We're definitely an MSP, so we're a technology provider. So that makes us a riskier, , investment for an insurance company. But because we have a good, compliance risk management program in place, and we do have our SOC two, type two, we are able to get a good rate on a cyber insurance policy because we are considered lower risk than maybe, you know, a, a industry peer of ours. Deborah: I love that. So our listeners, they're listening to us and they're listening to how we've approached this internally. We've listed off the benefits, saving trees, saving mental health, saving, time with the auditors in all of the benefits of this. If, someone was wondering if this is something for them, what would be like the common compliance frameworks that might be able to be a good fit for how we've approached it and how they may want to consider working with us. Let's start with common compliance frameworks that would be a good fit for this? Valerie: Yeah. So, SOC two, type two for sure. It is a common one. We definitely have a lot of clients who are under, , HIPAA regulations. GDPR is something that affects a lot of businesses. If you do anything internationally, , and it's also being adopted, different versions of it, throughout the United States. Massachusetts has one, California has one. Canada has guidelines similar to GDPR, ISO 27 0 0 1. I wanna say there's over. 35 frameworks. Darren's correcting me. 40 frameworks. They keep adding them. The benefit of SkyTerra is it actually doesn't matter which compliance framework you have, we can support your journey for any of them because it's all reading the controls, mapping the controls. Darren: And one thing to point out too is, a lot of clients are subject to more than one framework. Or if it's one framework now, but in the coming years, they know they're gonna have to layer on more frameworks. CMMC is a good one. A lot of vendors who, uh, deal with the government or maybe they'd work with a government vendor, so they're a tier two supplier to the government. They now are gonna fall under a new compliance they never did before. The good news here is that this is all very incestuous if you are compliant and one framework. A hundred percent. So for, I'll use Sky Terra as the example. SOC two. We are a hundred percent compliant in SOC two. If we decided tomorrow we wanted to do a NIST framework or CMMC framework, which you've already started by the way, or ISO or any of those, what you're gonna find is day one, you're already 27, 48, 56% done. And that's something that our GRC tool tells us. If we're interested in going " hey, maybe we wanna look into this other framework that we don't have today." Just by the fact that we have it and we have one framework that we're managing, it tells you, "Hey, most of these controls are very similar." You're already 56% of the way there. For example, I can tell you right now, just looking at SkyTerra's dashboard, ISO 27 0 0 1, the 2022 standard, we're 50% of the way there. We don't. We don't care about that, but you know, if we did, we'd be pretty close. HIPAA we're over 70% of the way to HIPAA. Not saying we're not HIPAA compliant, but just managing and supplying the evidence for the controls we're already three quarters of the way there before we even started. So one gets you a lot closer to others and that's really another piece of the value of having a good GRC system and having a good program to manage it is you can do this, it scales and there is an economy of scale when your frameworks exceed one. Valerie: Absolutely. And you go back , to Darren's killing of trees Point, right? You're not entering the evidence twice because maybe you are under, NIST 800 and you also need to do GDPR. Guess what? The evidence collection. Is once, and it'll map across multiple frameworks if it applies or it fits. So it's a beautiful thing where you have these disparate systems that you're bringing in together into one dashboard. You're actually bringing multiple frameworks into one dashboard as well, and one system to do your evidence collection. And you know, feasibly, if your auditor can do multiple, compliance framework audits. Some can, some can't. It depends on what the framework is. But they only have to go into one tool. You're only giving them access to one tool. And, the systems really marry well together. , And it makes it so much easier to, like Darren said, hit multiple compliance frameworks at the same time and makes it manageable. Deborah: This tool is really a hub tool that it sounds like it integrates with all sorts of different systems. It tracks all the different frameworks of the different, compliance requirements that out there, there's security, triggers in place to make sure that everything is, centralized and it is, secure within your own environment. It sounds like there's a lot of really great benefits to this technology package that we have discovered. So why SkyTerra? Why would a company, say, "Hey SkyTerra, I want you to help me with this." Can't they just go get the tool and use it themselves? Valerie: Yep. They absolutely can. , Anybody can go through and get a GRC tool. The advantage of partnering with SkyTerra and I say partnering 'cause we are working side by side with your team, your IT team. Maybe someone from your accounting team, maybe someone from your human resources team. We're partnering and we're supporting you through the tool and how to use the tool and how to get the controls up and running and do the integration to the various, disparate systems. We're helping you classify your employees, for different types and what requirements you have for the different employees. Additionally, when it gets into the technology side, you go and you integrate it , and you've integrated your, Microsoft O 365 and it's gonna automatically tell you whether you're passing certain controls or not. Through that API call that it's able to gather the evidence, automated and. Well, you know what? You are a smaller practice and you only have a one person IT team, in-house. And what the advantage of SkyTerra is you get our bench of subject matter experts across, many different technologies. And we will sit and we will go through and we will either walk you through what needs to be changed on a technical aspect or make the changes for you to get that control to being in a passing status. Deborah: The tool we use is the Work Mule and SkyTerra is actually the shaman then. Or get or get them up the mountain, you know. Darren: If you think of it that way. One other thing to think of is if you happen to be already a customer of Sky Terra or maybe you're considering being a managed services customer of Sky Terra, our skill sets naturally align to satisfying controls and what we do for every customer. If you were to say, Hey, we need to be SOC two, and I'm already the SkyTerra Managed Services client, you're 80% of the way there, right outta the gate because all of the things that we do and have done for years. You started this by saying, "Security is in the DNA of everything that we do." It truly is. And everything we do has that in the back of our heads the whole time. So, if you're a SkyTerra customer, you're already almost there anyways. And it just so happens that even if you're not, we have all the skills in the house easily to handle all these controls. 'Cause this is where we live. We live in these softwares. We live in this, world of trying to maintain compliance and security and managing risk. We do it even outside of the frameworks. We've been doing it for years. So the fact that we're just saying, Hey, let's help you map that, what we already do to a compliance framework is really just a natural extension of what we're already doing for our customers. Deborah: So Sky Terra as a tier one certified Microsoft partner really does, help you navigate these compliant risk management issues because it's a natural state that we live in. Valerie: Absolutely. Another thing to note is while our GRC tool has 300 plus, API integrations where it's gonna call the data. You can actually go in and make your own custom controls, or custom links, and you can import access reviews. So we have, a system that we use heavily at SkyTerra to support our clients. And it currently doesn't have an integration into our GRC tool, but I do quarterly access review audits on our members of our team who have access to this, technology that we use. I'm able to still run an access review just like I run my Microsoft, O 365 access reviews, my. Azure Access reviews. I'm still able to run an access review and have the evidence that I performed this access review, and I went through each and every account and made sure it still needed to be there. It was the right level of access. To the tool and even though it's not integrated, I'm still able to upload information and work within my GRC tool to meet the controls, for my systems, my custom systems or systems that aren't integrated. And that could be a challenge for someone who's not. IT proficient or, really proficient in the GRC tool, that's another advantage of having SkyTerra as your partner in your compliance risk management program is we're gonna help you with that. We're gonna help you navigate it and we're gonna help you maintain it all year long. Deborah: So we've done the research, we've done the testing, we've done the heavy lifting, we found the best product out there on the market. We've learned how to use it. We know how to do the APIs. We can help connect, you know, products that do, seamlessly through a predefined API of the tool. But we can also help you with custom APIs, should you have something else that you use. We understand compliance, we understand risk, and we also understand how to manage this. And so if somebody wants to save some trees, save their sanity, you know, and they wanna go to their C-suites and say, "Hey, you know, we've been doing this manually. We've been spending hours and hours, you know, we wanna get started with SkyTerra." Where do they go? What do they do? Darren: So reach out to SkyTerra. The quickest way to get this going is to have a conversation with us. Schedule a call with one of our team members. We'll walk you through. Process. We'll figure out what frameworks apply to you. You may be surprised at what may apply to you that you know already know. You may think you have something in mind, and we may determine that it's more or less , or you or don't have to do that framework. And then, you know, really it's an information gathering process to figure out. Your state. And once we get there, it's just a matter of plugging in the program and, getting you onboarded and running through the first few months of any of this is gonna be more labor intensive than the ongoing care and feeding. And we structured our program accordingly to do that. So, you know, we'll spend a lot more time with you upfront to get this off the ground to tie in those APIs. To manage the controls, to get the controls that are easily under control, under control to assign ownership. 'cause it, like Valerie said, it's a partnership. Some of these controls SkyTerra can handle for you. Some of these controls squarely belong with the customer's team. We're not gonna write HR policies for you, for example, but we certainly can make sure that you have multifactor authentication in place. So you know, we have our place where we sit in this formula very well. So start a conversation with us and we see where it goes. Deborah: Choosing Sky Terra then could be your magic pill to cure your audit anxiety. Darren: Boy, that's cheesy, Deborah: Isn't it? I thought you'd really appreciate that. Audit, anxiety, cured stamp. Done. Valerie: And the other thing to note is that one advantage of the partnership with SkyTerra with this is, yes, we do get you up and running that first, few months that are a bit more labor intensive to get you in the program, but then we're there for your monitoring and maintenance mode. So if you think back to what Darren and I said earlier you get your. Always in a review period, right? That's continuing monitoring and maintenance. Things change, your environment changes. You have a new connection to a new tool. You have a new pc, and we'll sit and we'll help you monitor and keep you, under a maintenance where you're continuously doing this. We're checking in with you. We're having regular occurrences. We're supporting you through this journey. It doesn't have to end. It's not a get your project going, set you up and then good luck to you. We really are your partner every month. We are going to be working this program with you ongoing for as long as you wanna have the engagement with us. Deborah: Valerie, that really speaks to how SkyTerra does business anyway, we've never really been a one and done Microsoft Partner. We've always been very invested in long-term relationships with all of our customers and I think this compliance risk management is just another testament to that of how we partner with our customers and make sure that we learn and grow with them and for them and help them achieve the goals that they need to so they can focus on their business and we can focus on their IT. Is there anything other final thoughts that you guys would like to add? Darren: I'll leave you with this and I've mentioned this earlier on, but just to kind of drive the point home. It's the difference between saying you're compliant and actually being compliant, and that's where SkyTerra can really help you. If you want the rubber stamp on the piece of paper and that's good enough for you, and you hope that you never get called to the carpet on that, great. If you actually wanna sleep well at night, knowing that you're living day in and day out in that compliance framework, and that you have those controls in place, and that it actually does lessen your risk and mitigate bad things that can happen, then SkyTerra is definitely the place for you. Valerie: I'd say my final thoughts are, are really on responsibilities, right? You hear a lot about data governance and cyber risk, and at the end of the day, for an organization, the leaders, you know, or the board of directors for organizations, they need to put an emphasis on compliance risk management. And they need to prioritize it. They have fiduciary responsibilities to either their organization. Stakeholders in their organization and not having, risk management or data governance under control. You're putting the organization and those stakeholders at risk. If you are not prioritizing these efforts, it is important. It's not going away. Cyber security, and risk management. It's a real thing. It's only becoming realer and realer every single day. So you do have a fiduciary, responsibility to look at this stuff and consider it and make it a priority in your organization. Deborah: Well, Darren, Valerie, I'm so glad that you took the time today to explain the compliance risk management tools that we use at SkyTerra and how we think it brings value to our clients. Valerie: Thanks. Darren: Thank you. Deborah: Thank you for your time today. We appreciate you listening to the SkyTerra Tech Podcast. For further information, you can find us on LinkedIn or at SkyTerraTech.com. Have a great day.

Other Episodes