Compliance Unfiltered is TCT’s tell-it-like-it is podcast, dedicated to making compliance suck less. It’s a fresh, raw, uncut alternative for anyone who needs honest, reliable, compliance expertise with a sprinkling of personality.
Show Notes: Solving Compliance Needs for the Hospitality Industry
Quick Take
On this episode of Compliance Unfiltered, the CU guys are serving up hot, fresh takes on compliance for the Hospitality space can be a five-star experience with the plan in place.
Wondering why compliance can be so tricky in the hospitality space? Curious how adopting technology can ease your pain? Just hoping to discover a better way?
Well, you’re in luck! All this answers and more on this week’s Compliance Unfiltered!
Read The Transcript
So let’s face it, managing compliance sucks. It’s complicated. It’s so hard to keep organized and it requires a ton of expertise in order to survive the entire process.
Welcome to Compliance Unfiltered, a podcast dedicated to making compliance suck less. Now here’s your host, Todd Coshow with Adam Goslin.
Well, welcome to another edition of Compliance Unfiltered. I’m Todd Coshow alongside the smoky-to-your-compliance bandit, Mr. Adam Goslin. How the heck are you, sir?
I’m doing good, Todd, how about yourself?
I can’t complain. I really can’t. Today, we’re going to talk about solving compliance needs for the hospitality industry. Now, why is compliance management for these folks particularly challenging?
Well, if you think about it, PCI DSS has been around for decades and the hotel hospitality industry has been taking credit cards during the birth of PCI DSS. In those early days, it almost harkens back to my initial experience in the compliance space is that there has not been a lot of help in those early days at all. There weren’t compliance management systems, there weren’t a plethora of people that could go help. It was really knowledge that was relegated to this select, delete, view type of thing and there were nowhere near the dearth of capability that exists today, for sure.With a lot of the folks that have been in the hospitality arena, they had no choice. We got to be able to manage this stuff somehow. They had to end up basically forging their own path for how the hell do we keep track of this stuff, manage it, etcetera. There was a lot, there has been a lot of heavy lifting, etcetera, the go-to for many organizations for many years, is, was, even today remains, excel. It’s just like, man, there is a better way, but it’s almost like the folks that started in that arena, well, we did it this way last year, so we’ll do it again that way this year. It’s almost like, I’ve referred to it as a pain that they’re used to. They’ve become numb to the amount of just absolutely wasted time that they blow on their engagements when they look at the alternatives, almost like they don’t know they should ask or don’t know about the other ways to go about doing it. This is the way they’ve done it, and it’s gotten them across the finish line each year.In many ways, they’ll look at the notion of putting dollars or investment into a compliance management system as, it’s wasted money, it doesn’t cost us, quote, doesn’t cost us anything to do it the way we’ve been doing it, and now we have to spend money, but it’s bigger than that. Whenever you’ve got an organization, especially those in the hospitality arena, with astoundingly complicated compliance engagements, it’s usually some conglomeration of homegrown tools or ridiculously complicated spreadsheets and file share drop zones and stuff coming at them through email and text messages and phone calls and, and, and, and, and, and, and then the worst part about having this, you know, kind of manual backdrop of system is that every time compliance season comes around again, then, oh, now we’re spent, now we’re, now we’re making it, making it even worse by having to blow time going in and recreating all of our storage mechanisms for this year and, you know, evidence repositories or everybody go put their stuff into, etcetera, you know, but it’s almost like, you know, it’s almost like you can hear the circus music queuing up again and, and these folks just go in and do what they did the last go around, but, you know, there’s a, there’s definitely better way.
No doubt about it. Now, how can TCT’s technology help?
Well, we literally built from the ground up something we affectionately call the TCT portal. And its entire goal in life is to make managing compliance suck less. You look at these organizations and just ask them to contemplate. Imagine that your compliance management was streamlined and efficient and because of the way you were doing it, saving you hundreds of man hours a year, possibly tens of thousands of dollars in otherwise usable funds or lost profits. And if you can focus on, instead of blowing your time on managing your compliance, but instead you could recoup that time and be able to spend it on meaningful efforts internally for the organization instead of just evaporating all these hours, imagine what that would feel like.The reality is that we help these, especially the large-scale global hotel organizations, to free themselves from that manual compliance hell. The transition is easy to make. You can go ahead and even integrate your current vendors, current assessors, etc. And one of the most interesting parts about the TCT portal is that the PCI QSAs, many of them are literally some of our biggest fans in the grand scheme of things. It’s definitely a tool that will provide some assistance and help to these organizations.
Let’s talk about what a pain it is to maintain compliance status.
Well, you know, days have gone by, right? I mean, I can, I can, I can say this to the listener, you know, just think about how long, how long it’s taking you to figure out the status of your, you know, PCI compliance engagement, just in advance of each status meeting, you know, is it, you know, couple hours, maybe two to four hours, something along those lines? Well, how many times a week do you need to go and figure out the status? You know, you know, and the sad reality is that when you’re in this manual compliance management arena, the time that you’re spending, in the time you spend updating that status. So let’s say for the sake of this discussion, we’ll average it to three hours it takes to go get the status updated and look in all the, all the spots and all the places and update your Excel spreadsheet. Well, in that three hour block, you know, what are the chances that somebody was actively submitting evidence while you were making the update, made a change that you happened to miss, you know, etcetera, because you didn’t, because you weren’t looking at live data. It’s damn near impossible to get accurate status updates, especially when, you know, when you’re going through that manual process, it’s human nature, right?Oh crap, I got a meeting coming. So I need to go ahead and make, you know, make all my updates and block it. I don’t want to show up at the meeting and be sitting there with nothing done. So when do these people typically go ahead and launch a whole ton of crap right before the damn meeting? So during this like three hour window, you’re trying to update status, you’re getting a deluge of updates coming in from the team. And it’s almost like an exercise in futility, uh, to go through and do it, you know, and, and the big, the big difference between, you know, how, how it normally works and leveraging technology to your benefit is that the TCT portal literally, it gives you a live view. So instead of me spending three hours going in and, you know, laboring all of these status updates, only to realize that several of them are outdated by the time I get to the meeting. Um, instead, when you’re leveraging the technology to your benefit, I hit the refresh button on the, on the interface and it’s, it’s completely up to date.If three minutes ago, you know, five people submitted items up, etcetera, I can tell that just by hitting the reload button. And now all of a sudden, you know, that three hours that you put into it, you know, that one status update that three hours now is time reclaimed. Um, you know, when you think about it, like how many times a week do, uh, how many times a week do you have to, you know, figure out the status for most engagements, you’re figuring it out once internally and you’re figuring out again for your interaction with your assessor. Um, so it’s at least a couple of times a week. And depending on where you’re at in the continuum, you may have a daily status update. You may have a twice, two or three times a week status update internally, just so you can kind of stay on top of it.
You know, the other, the other added bonus of, you know, leveraging the technology to your benefit is that the system is the one that is going to do the sending of reminders to your team members about what things that they have do, um, nagging them when they haven’t submitted their stuff and reminding the assessors that they’ve got things that are in their hands, you know, etcetera. So, you know, instead of, and I know that the folks listening are chuckling because they know exactly what I’m talking about, which is sitting there, laboring over your three hours to make your status update, only to have to turn around and, you know, be the one on the keyboard.So launching the emails, Hey, Bob, you got these three things and Mary, you got these five things and, you know, and, and, and, and, um, you know, so, you know, all of a sudden both the status updates and the nag reminders, etcetera, it all just goes away. Um, you know, we’ve got a lot of organizations that, you know, they report man our reduction by literally as much as 65% on their engagements. So, you know, you look at somebody in the hospitality industry, you know, and, uh, and it just is, uh, it’s an arena where they’ve got the capability to save themselves just a ton of time. Um, you know, one of the tools that we’ve got, um, that we put together, if you go to the, uh, to TCT’s website, so it’s, uh, gettct.com. And when you get there, if you go under resources, ROI calculators, um, then it will, uh, the, the, the website has an ROI calculator for, you know, for applicants so that you can, you know, go through, look at that, um, you know, run the numbers, etcetera. It’ll give you kind of a guideline for, you know, for, uh, you know, how to go about saving, you know, you and your team a ton of pain.
Hmm. What about simpler evidence submission assistance?
Well, in that arena, you know, one of the big complexities is you often have to collect up, you know, the same information from multiple, you know, of the hotel sub-entities. So, you know, hundreds of requirements are going to ask for your information, overall information security policy. And, you know, typically that means then taking that policy and attaching it to all these hundreds of items.You know, when you’re when you’re talking about configuring your engagement and having the technology do the work for you, the TCT portal has the capability to load up a we call a document request list. So it just bypasses all of that effort. When you set up a document request list, it’s going to ask you for each individual piece of evidence once and then automatically go and populate it to all of the places where it needs to go. So, you know, with that information security policy that’s attached to north of 100 different requirements, you can go load up the policy once and poof, it shows up on your hundred plus requirements instantly. So, you know, and additionally, you know, instead of, you know, kind of combing through your line items, you know, within every single compliance framework, if your organization is subject to more than one, you know, more than one standard or or compliance framework. You can use the document request list, not only to populate to the multiple sub-entities, but also to populate across the multiple security certifications and standards that your organization, you know, has to go up again. So, you know, all the way around the majority of the heavy lifting, you know, is taken care of once you once you go in and kind of get the system, you know, set up for your for your engagement.You know, one of the interesting things about the hospitality industry is that they’re, they’re often doing, it depends on how they’ve structured their engagement, but they’re often doing one of two things, either the kind of corporate, you know, parent entity is rolling down common pieces of evidence to each of the sub-entities because every sub-entity fills out its own compliance paperwork, which is then supplemented with the information from that individual sub-entity or alternatively, each of the sub-entities will provision their evidence and it’s kind of rolling up to corporate with, I don’t know, we’ll call it a one engagement to rule them all for the entire company. Either way, either way, it doesn’t matter which way you’re going about doing it.You know, you, the, the, the technology, the TCT portal can help either roll evidence down or roll evidence up. And the, you know, the, the cool part is that with, with the leveraging of the technology to do the work, then it’s easy to track which locations provided which pieces of evidence. Do they have all of their evidence and how many pieces still remain? And, you know, if I got a, you know, when I’m busy and just to put this in perspective for those that may not be in the hospitality arena, in some cases, you can literally be talking about a corporate entity and north of a hundred sub-entities, in some cases, it’s hundreds.
So imagine you’ve got that many sub-entities, all of which are pushing evidence, etcetera. When you’re using the technology to do the tracking. Now I know exactly who provided this piece of evidence. When did they submit it? What exactly did they submit? It’s all in one place.It’s just using the technology to your benefit. It just continues to reap reward after reward after reward.
How can these folks better handle multiple standards or certifications?
Well, we talked about it a minute ago, but if the organization has multiple standards to comply with, whether it’s PCI and HIPAA for things over in the HR arena or other standards that they may need to go up against, even if they’re customized standards they need to meet, maybe it’s a series of requirements based on the parent company, no matter what, what you can do is you can go in, establish your initial request list. So let’s say you start off the path with trying to cure your PCI and then you realize, oh crap, we’ve got other standards we need to go ahead and integrate, then create your unique list of request items for PCI, then you can layer on any leftovers from HIPAA, layer on any additional leftovers from ISO, etcetera.And that way you basically have this one list where you’re doing all the data and information collection and then using the capability of the portal to push from the doc request list out to your kind of your target or destination certification. So meanwhile, you and your team are working off of a document request list for each of the unique pieces of information. And meanwhile, in the background, the system’s doing all of the heavy lifting, it’s populating the right evidence to the right requirements of your target standards and certifications. And this is all automatically happening behind the scenes. One of the cool parts is that if the assessor comes in and says, hey, that’s great, but I need you to make this change to the evidence. Well, let’s pretend we go back to that overall information security policy. Well, now what? If I’m in the old way of doing things, now I have to go in and update it in 100 plus locations, you know, etcetera. In this world, all you do is you go in, you make the tweaks and the adjustments that they said that you needed to make. And again, it instantly updates to all the 100 plus requirements.So, you’re not worrying about duplicate versions, multi versions of the same element of evidence, having the wrong version attached to the wrong things, things along those lines. It just automatically eliminates all of that, kind of pain and frustration in one big shot.
Well, how can technology help eliminate confusion and rework on the engagement?
Well, with the document request list, and this is probably one of the coolest parts about it, imagine this document request list, this is a document request list for your company. This isn’t some off-the-shelf request list. This isn’t something that somebody else wrote, etcetera. So, you know, the best part about that doc request list approach is you can go write up your own instructions that your personnel will understand. You know, within your organization, you use specific terms, terminology, maybe you have specific technology in place, etcetera. So, you know, you don’t have to be worrying about your front-liner evidence provisioners being confused by PCI terms and compliance jargon that don’t make any sense to the average evidence provisioner. You know, instead, you can go ahead and write it in a way that they understand. You can give them, you know, make it crystal clear who needs to do what. You can provision them with examples of specifically what screen is it you’re looking for, you know, that type of thing. So, you’re really able to take that request list, make it your own, and make it readily understandable, you know, for your team. Now, number one, that’s helping your evidence provisioners, right? They have clarity around the ask. They can go in, do, be effective. They’re also not asking questions about, you know, about the evidence that invariably they wait for the next compliance meeting to go ask. So, AKA, you’re burning calendar time while you’re, you know, they’re waiting around to go get their answers. You know, your central core compliance team is spending less time answering questions about what’s needed and where to get it and how and things along those lines. And instead, spending more time actually reviewing evidence and, you know, providing, you know, directional guidance to those that truly need it. You know, and the folks that are going through and doing the evidence provisioning, they feel better because it’s not as frustrating of a process. You know, it’s a hell of a lot easier for them to, you know, readily grasp and be able to take action and be effective.
Hmm. And what about better handling for access control?
Well, one of the elements on a compliance engagement where, you know, typically it becomes a challenge and especially on a challenge, especially a challenge on an engagement as complicated as a hospitality-related engagement is that there’s a ton of sensitive information that needs to be collected and submitted and, you know, it is the responsibility of the organization or team to make sure that the right people are seeing the right things, AKA we’re not, I don’t know, sharing our, you know, our full-blown technology inventory list with every single person on the team. We’re not sharing our firewall rules with everybody on the team, etc.So, you know, as you go through that, when you’re trying to do this manually, it is a pain in the butt to be able to manage this many people and make sure that they’re all bucketed correctly. You know, the reality is the TCP portal makes it super simplistic when you’re dealing, especially when you’re dealing with multiple roles across all of these sub-entities. We have the capability to turn on something we call restricted mode, which automatically, you know, locks down controls at the user level only based on the controls that they’re assigned to. So, in other words, the logged-in user can only see the controls that they’re actually assigned to. They can’t see the things that Sally or Angela or Mary or Fred have, you know, type of thing. So, you know, they’ve got the ability to go through, lock all of that down so Fred can see what Fred needs to see, Mary can see what Mary needs to see. Similarly, you can set up for certain folks on the team. So, let’s say as an example, I’m on the compliance team at corporate. I need to be able to see everything. We can do that.You can turn it on so that certain users have global oversight while other users and typically evidence provisioners only have access to their location and items that they’re actually assigned to. You know, things like HR can only see HR, legal can only see legal, you know, things along those lines are kind of helpful.So, you know, when the evidence provisioning team is, while the evidence provisioning team similarly is only seeing the request list, your core compliance team can see not only the request list, but also can see the tracks, which are the resultant standards and certifications that the assessors are going to be working off of. So, yeah, we really have the capability to finally control, you know, the ability for the right people to see the right stuff, the compliance team to have oversight, the ability to automatically tell statuses, both at sub-location and corporate level, you know, all of that information is readily available, but appropriate based on the user that we’re talking about.
Now, I know you’ve been a proponent of molding the tooling to the organization rather than the organization being forced to change based on the tooling. Tell us more about that.
Yeah, it’s nothing that drives me more nuts than, you know, when you’re trying to go find a solution for your problem and it’s basically, we have one way to do this, you will do it this way. It’s like, uh, that doesn’t work for me.Instead, you know, what I’ve discovered about organizations in this space, folks going through compliance, they’re all different. You know, they have different circumstances, different scenarios. They prefer to do it differently. You know, one organization wants to, you know, wants to have the evidence submitters flow their information to an internal, internal quality assurance team before it goes over to your assessor and to their QA department, etcetera. Another one is like, no, I trust all my evidence assessors. I just want their stuff to auto fire straight to the assessor. Uh, another organization will have, uh, frontliners send it in to, uh, you know, to, to some form of a middleman consultant, um, you know, to go through and do evidence reviews and sanity checks in advance of it going to the assessor. So every single organization is different.We also talked about, you know, maybe I’m an organization where it’s just, I only have one standard or certification for one location. Meanwhile, you’ve got the folks in the hospitality arena that are rocking maybe two, three different certifications or standards and doing it across both corporate and a hundred plus locations. So, you know, the reality is, that the TCT portal was built from the ground up to be capable of being configured based on the client’s needs, not forcing the client to fit into, you know, into this mold. Um, and it’s a really, really big difference, uh, where it’s, it’s refreshing for organizations to be able to actually configure the tool in the way that they want to go run their, you know, run their engagements, etcetera.Um, you know, when, when you’ve got the tooling doing the work, um, you know, it’s a, it’s a handoff transfer, you know, we talked about getting stuff over to your assessor, you know, right now, a lot, a lot of the times for organizations, they go through, they get it all organized, whether, whether they have their own homegrown system or they use technology to their benefit, they get to this certain point. And if the assessor is using a completely different, uh, completely different platform for the evidence submission portions, uh, then what’ll happen is, is that they’ve got to then go and re-enter all of this information over into the, you know, onto the assessor platform, you know, in the, in the cool part about the TCT portal is, um, that, you know, we have the capability to integrate your, your assessor right into the workflow. Um, you know, TCT already has, uh, north of 3000 different audit assessment firms that leverage our system. Uh, so, you know, we’ve got the capability to, if you’re, if you’re using an assessor that doesn’t, you know, isn’t interested in, uh, isn’t interested in playing, you know, we’ll call it playing in the sandbox and, you know, and, and, uh, optimizing your engagement by using, you know, using the tooling you’ve got.
Um, we know people who will, so, uh, by all means reach out to us. We’d be happy to happy, happy to give you an intro to, uh, to, to, to a good assessor that’ll fit right into the, you know, right into the mix and, and really, you know, my encouragement to organizations is, uh, I personally, uh, TCT goes through compliance itself and we use the same tool that I’d recommend others. Um, and you can absolutely bet that, um, that we use everything within the portal, because it is the most streamlined way to go run an engagement end-to-end, um, really for all parties when it comes, when it comes down to it. So we’re just literally trying to, you know, trying to save people from, uh, from having to, um, you know, having to waste time on their engagements. That’s our, our biggest driver, our biggest subject.
Yeah, it makes sense. Now, one of the biggest challenges is keeping up with the onslaught of tasks that need to be done daily, weekly, monthly, quarterly, and even semi-annually.How can technology help there?
Well, one of the things that we built into the TCT and actually I think the portal launched officially in 2015, and I think it was 2016 that we integrated what we call the operational mode. You know, there are a ton of benefits of leveraging the technology, leveraging the technology year one. But really where it starts to rock is when you get to year two and beyond. You know, when you’ve got a couple of years under your belt, leveraging the portal, you now have what’s a lot different from days gone by. Days gone by, you know, your engagement would be hitting the fan. Everybody is scrambling, especially as you get into that last, I don’t know, four to six weeks or so. It’s like all the rules and all the rigor and all of the, hold on, I need to make sure I get that in the right spot and I got to make sure I update this thing. A lot of that goes out the window. And so what ends up happening at the back end of the engagement, we’re just trying to get it done. And so the engagements left a mess.And then when I come back a year later, everybody’s just like, well, thank God, that’s done. I’m going to walk away. So they walk away and then they go to look back at, you know, the final state of last year. It’s a train wreck. You know, the big difference when you’re leveraging technology like a portal is that when you get to year two, I have an absolute rock solid repository of exactly what was done last year. It’s all in one. It’s all contained in one system. It’s all in one place. It’s all in a standardized format. I know exactly where to go to be able to see what I need to see. You know, and one of the challenges, especially in the hospitality arena, is that if it’s a small engagement, maybe the assessor goes and looks at all your locations. But in dollars to donuts, if you have north of 10, you know, 10 to 15 locations in all likelihood, the assessor is going to use sampling. So let’s say you’re in that organization where you got a hundred plus locations. Well, you know, now I come up with my assessment. I don’t have any idea which of the hundred plus locations the assessor is going to sample this year. You know, etcetera. So, you know, you’ve got this gigantic daunting task to kind of keep everybody up to date so that you’re ready for when the assessor does their sampling, you know, that type of thing. And so in operational mode, the cool part is that what it will do when you dial it on an operational mode, it will take the tasks that need to be done daily, weekly, monthly, quarterly, semi-annually. And it will go ahead and mirror those out into quarterly submissions so that you can attach evidence as you’re going through the compliance year and collect that evidence up from all the locations. So imagine, you know, you had that hundred plus locations and you’ve got them set up in operational mode every quarter. The evidence provisioners are actively producing evidence allowing it to go through internal QA, you know, taking a look at it.
You’re collecting the information as you’re going through the year. What it does is it does a couple of different things. One, you get the capability to, you know, to stay on top of everything. Two, you get to go in, preview that evidence in compliance quarter one, not receiving this deluge of a year’s worth of stuff in compliance Q4.And that, and the biggest problem, one of the reasons I put the operational mode in is that I was tired of being on engagements where you go, you show up to the annual assessment and sure enough, something went poof earlier in the year, but I’m not finding out about it until it’s too late to do anything about it. And so gaining, getting that evidence earlier in the cycle allows me to proactively go in, take a look at this stuff, fix problems earlier, you know, in the compliance cycle. Also, and probably the, one of the biggest benefits is to reduce that sensation of this mad scramble, you know, at the tail end of your kind of compliance here. It really smooths out the, you know, the trajectory, if you will, of the compliance engagement because now I’ve got this active ongoing collection, you know, coming in across both corporate and all of the sub-entities. It’s almost like you feel like you’re finally managing your compliance instead of your compliance managing you.
Now, the hospitality industry is fraught with high turnover. How can a quality compliance management system help to mitigate that risk?
Well, it is true that turnover is high, you know, in the hospitality arena. We were talking earlier about, you know, when I’m dealing with an engagement that’s this complicated, you know, that I have the ability to, you know, see who did what and all that fun stuff. It’s in a rock solid repository. You know, when you, when you’re talking about an industry that’s got high turnover. So that’s safe for the sake of this discussion, I have, I’m going to call it a hundred sub-entities. So I’ve got corporate, let’s say there’s 20, 25 people there that are provisioning evidence, and then for each of the sub-entities, I have three different people per sub-entity. Well, guess what? Now I’m talking about a hundred locations, three people per location. That’s 300 and then I’ve got, uh, you know, the other, you know, however many I said for corporate, let’s just call it for the sake of this discussion. Let’s call it 50 corporates or something. So now I have 350 people. Well, if you’re turning over, you know, turning over 10, 15 of those people, maybe that’s a low number for some of these companies, maybe it’s high number, but, you know, let’s say, let’s say it’s 15 different people.Well, now that’s 15 different people that are spread out all over the place geographically that now need to go and get their arms back around this, trying to figure out, well, you know what, what happened last year and when you are in a high turnover arena, one of the biggest benefits of leveraging something like a TCT portal is that now the new person, so you can establish some standardized training to kind of get their, their, their sea legs, etcetera. But the best part is when I have these 15 people that turned over, they could, this year they can log in. So let’s say Mary stepped in and she took over for Fred, who has turned over since last year. So what Mary can do is Mary’s able to just go in. She can look at the evidence. She’d be assigned the same items as Fred. So I can mirror those assignments easily. And better yet, Mary can go in and see exactly what Fred provided? What was the screenshot of the evidence of the explanation that he needed to provide last year that work, you know, and now you’re able to keep that in conjunction with the customized request list notion where I’ve got everything in, you know, kind of plain English for my personnel, uh, easily understandable terms, etcetera. Um, it is a whole hell of a lot easier to go and handle that turnover gracefully. You know, we were talking about, you know, 325 to 350 total people and only turning 15, you know, it may be substantively worse than that. What happens if you turn 45 people over, you know, it is, it is a load on the company. It’s a load on the people. It’s certainly a load on the core compliance team, you know, trying to keep up with this deal, kind of continuous, never ending stream of turnover, you know, that, that occurs.
I mean, we were talking about it in the best case scenario, which is that, you know, last year it was Fred and Fred gracefully finished up everything and then turned over. And now it’s a year later and Mary comes into the mix. Well, you know, it’s just as devastating when you’re midstream on the compliance engagement and Fred’s done half the stuff, uh, you know, and now Mary needs to step in to take over. That’s, that’s a bloodbath as well.So, you know, now Mary can instantly tell what if Fred finished what’s still open, you know, what is it that Fred needed to go work on. And again, if I’m now in year two plus, I still have last year’s repository to go in and look at and be able to refer to. Oh my God. It’s so much easier when you’re dealing with, uh, you know, when you’re dealing with that high turnover, especially that happens in that hospitality, uh, arena. No doubt.
So, parting shots and thoughts for the folks this week Adam.
Well, if you can’t tell from the tone and tenor and all that fun stuff, I, uh, I literally, when, when I went, had to go through compliance for the first time myself, I, and, and then I went in, I was doing, you know, consulting engagements with organizations and then, um, you know, and then was, you know, with a background in application development. I literally went about putting together the tool that I wish that I’d had.Um, you know, and, uh, you know, this is a, it’s a, it’s a toolset. The TCT portal has been running live for a north of a decade. It is, um, you know, and keeping in mind, TCTs approach all the way along has been, we love helping our clients. We love listening to our customers. We love integrating their requested features, functionality capabilities back into the system. And so you look at something like the TCT portal with a company that’s got its head in the space of wanting to help and listening to their clients, etcetera, you’re literally talking about a platform that not only is born out of firsthand experience with having to run and manage compliance, compliance engagements, but also has a decade plus of input from other seasoned compliance professionals that have been in the industry for, you know, for a long, long period of time, it is a, it is a solid solution, uh, for organizations to be able to, to quickly go in, adopt, implement, uh, you know, and spin up. Honestly, I, I think in many cases, it’s funny the way this works and I know you’re going to chuckle, but, um, it, it typically takes us, tell me if you think I’m wrong, it typically takes us longer to get through the legal baloney than it does to actually launch the damn client. It’s, it’s, it’s insane, it’s insane. So, you know, I just, I wanted to try to take the, you know, take the compliance scavenger hunt feel out of compliance engagements. Um, you know, the people that are on these engagements, on these PCI engagements or, or, or, you know, just general compliance engagements, there’s some of your smartest damn people in the company, you know, these are expensive resources that get involved in these, in these engagements. Why in the absolute hell would you not want to stop lighting a match to hundreds of these precious hours, uh, you know, and, uh, you know, continuing the, you know, kind of to, to sweat your annual assessment. I just, I literally wanted to try to forge away to be able to get organizations out of the compliance stupidity, uh, into an arena where we can help them make their compliance management suck less.
And that right there, that’s the good stuff. Well, that’s all the time we have for this episode of Compliance Unfiltered. I’m Todd Coshow and I’m Adam Goslin, hope we helped to get you fired up to make your compliance suck less.
