Compliance Unfiltered is TCT’s tell-it-like-it is podcast, dedicated to making compliance suck less. It’s a fresh, raw, uncut alternative for anyone who needs honest, reliable, compliance expertise with a sprinkling of personality.
Show Notes: A.I. and Cool New Stuff Happening With TCT
Quick Take
On this episode, buckle up, as the CU Guys walk you through how to revolutionize compliance management with AI-driven engagement scoping that transforms hours into minutes, saving up to a man-month per team. Automate tedious tasks, standardize decision-making, and streamline operations for efficiency.
Discover TCT’s latest AI features that enhance strategic insights, risk mitigation, and client satisfaction. Learn from Adam Goslin about crafting tailored project templates and boosting accuracy and consistency, leading to increased profitability, reduced stress, and happier teams.
Read The Transcript
So let’s face it, managing compliance sucks. It’s complicated, it’s so hard to keep organized, and it requires a ton of expertise in order to survive the entire process.
Welcome to Compliance Unfiltered, a podcast dedicated to making compliance suck less. Now, here’s your host, Todd Coshow with Adam Goslin.
Well, welcome in to another edition of Compliance Unfiltered. I’m Todd Coshow alongside the hydration station to your compliance marathon. Mr. Adam Goslin, how the heck are you, sir?
I’m doing great. As long as it’s filled with coffee, then we’ll be in good shape.
Fair enough. Indeed. Well, I’ll tell you what, before we get going on it, I just wanted to say to the listeners, you know, we’ve been doing this for a week or three. You know, one thing that we’d appreciate is if you enjoy what we’re doing, enjoy the content, listen to the episode, do me a favor. Just think about, you know, think about two people that are kind of in the space that may not know about compliance unfiltered and give us a warm introduction. We would sincerely appreciate it. And I would warrant that they would probably get a chuckle out of some of the things that we put together and kind of our approach to doing things. So we would greatly appreciate it.
Absolutely. Today, we’re going to chat a little bit about AI and some other cool stuff that’s happening with TCT.
Now, you have a great time playing around with the buzzword AI. Tell us why you find joy in that.
Okay, when AI kind of hit the scene, at this point in the game, I’m going to call it maybe about 18 to 24 months ago, when it first came on the scene, there was, you know, if you use the words AI, then, oh man, it must be amazing, it must be cool, we must do it at all costs. You know, it was just, I love referring to it as the zombie walk toward AI. And, you know, and the funniest part is, is that as I’m seeing these things coming out, oh, you too can use AI to do the, and I’m sitting there going, it’s not really using much in the way of actual intelligence, artificial intelligence, it’s just they stuck some automation into their system and, you know, called it AI. And I’m like, well, shit, if that was the, if that’s the definition that we’re all going on with AI, well, hell, I had AI in the TCT portal back in 2015. So I just, I have a, I have some fun, you know, kind of poking at, you know, the folks out there that are, you know, just blasting AI all over the place.
I love to make the distinction, we actually had some fun with it, I think, starting with the last PCI conference that we were at last year. You know, where we, you know, threw up a thing about AI and automated intelligence, because, you know, honestly, there’s a, yes, there’s a blend between the two, you know, you’re using, using artificial intelligence really to, you know, to act kind of act independently, or did you just build some automation and call it AI? So now I love, I love screwing around with it a little bit. And, you know, really, part of the fun for me is really giving the folks that are just absolutely abusing the buzzword, you know, giving them a little bit of hell.
Nothing wrong with that. Now we have some new functionality coming out to the TCT compliance world. T this one up for us, Adam.
Yeah, we’ve got, you know, we decided to, we’ve been kind of contemplating this one for a bit and that is, you know, putting some kind of AI style capabilities into the portal where we’ve got, you know, right now it has to do all to do with engagement scoping. So we’re trying to basically mitigate the amount of time that folks have to spend on this. And it’s been, you know, kind of a target goal objective of ours for some time. So this functionality actually be coming out, you know, be coming out this coming weekend on the, what is it, the 3rd of April.
So no, 4th, my bad, 4th of Saturday, apparently my math’s not math thing here. So I got, you know, but we wanted to be able to take engagement scoping and, you know, where, you know, folks would have to spend hours of, you know, going through engagements and getting them, you know, kind of lined up, etc. We’ve got, you know, we’ve got this kind of integrated, you know, AI style scoping tool that’s intended to remove a lot of the busy work that folks have to do in the beginning of the engagements. And I know from my experience, you know, as I was, you know, kind of sitting alongside assessors or, you know, being a consultant on compliance engagements, you know, just trying to get the, I used to call it just getting the engagement rough to end, quote unquote, you know, so, you know, as an example, if I’ve got a full scale PCI report on compliance and I want to cut that down to an active scope of an SAQA, well, then maybe instead of 900 items on a rock, by the time I’ve finished, I can scale that down to, you know, whatever, you know, 30 to 50 items, you know, that I need to, you know, go and pay attention to. And there’s a lot of different scenarios, like, you know, you’ve got somebody that’s doing PCI P2P-E, but they don’t have wireless, they, you know, they have wireless and they have a physical environment that they’re responsible for. You know, they aren’t a service provider, there’s a ton of different, you know, things that come up on engagements that will, you know, that will denote just how complicated or non-complicated the ultimate, you know, end objective needs to be and a ton of prep work that needs to be done. You know, if you’re working through some type of a track, I’m using PCI as an example here, but the scoping capability really surpasses all of the, you know, all of the industry standards that we’ve got on the platform. So this could be applicable to, you know, an SCSF track or an ISO 27001 track or HIPAA track or, you know, or, I don’t know, right now I think we’re closing on about 90 different, you know, 90 different standards on the platform. So this functionality will be, you know, will be capable of being leveraged kind of across all of those.
That’s outstanding. So how can clients leverage the new TCT AI for helping with automation of their engagement stoping?
Well, the scoping tool gives the clients the ability to kind of quickly go in, scope client engagements in just a few minutes. So, you know, the tool allows for a scoping questionnaire with a kind of customized series of questions and then, you know, use the questionnaire to basically categorize your clients. The portal will then automatically take action, you know, the track to automatically scope the engagement down, you know, so that only your, you know, the requirements that apply for your client are the ones that are kind of left in their hands.
So, yeah, we were talking earlier about the notion of the, the notion of the service provider. You know, if they aren’t a service provider, then, you know, the system can just go through and take every, you know, every requirement that’s applicable to a service provider and mark that off as not applicable as an example. You can do things like have pre-drafted rationale for all the relevant items that are included. You can go ahead and move those items through your workflow. So, there’s a lot of different, you know, functionality that’s kind of balled into here. You know, the, you know, now that the scope is so much more reduced, now you don’t have to do anything with their, you know, with any of your NAs, you know, or your default, you know, default inputs, et cetera. So, it literally has the capability for, you know, especially for, for those folks that are the consultants and assessors out there, as they well know, and they’re all chuckling because every single one of these freaking engagements is different, has some different nuance, has some different special thing that needs to be done, you know, done with it, et cetera. But, you know, the new scoping AI capability will have the option to literally bring the scoping extravaganza from, you know, what at least would be hours, and in some cases, it’s no joke days, and just peel it down to five minutes. So, it’s going to be a huge benefit.
Talk to me about the ripple effect of that time savings.
Well, I mean, as you’re, as you’re making that, uh, making that savings on one particular, you know, one particular engagement, I mean, right now we’re talking about doing it off a single engagement, but if I’m doing, you know, let’s say my organization, you know, ultimately peels through 30, 40, you know, different engagements in a year. Uh, you know, if I’m saving, you know, if I’m saving somewhere around, let’s call it on aggregate four to 12 hours, uh, when all set and done, so let’s call it eight on, you know, on average, uh, you know, across organizations of varying complexity, that’s 30 to, you know, 30 to 40 days, business days, you know, uh, of time, if you think about it differently, um, if I’m literally talking about 30 to, you know, 30 to 40 days, got 30, 40 engagements, then the, um, erratically I’m saving more than a man month, you know, just on the, you know, just on this one thing alone.
So it’s, it’s really going to have a huge, uh, a huge beneficial impact.
Hard to argue with saving a man month. So I guess the next question I have is how will this functionality benefit? The organization is depending on TCT for excellence in their compliance.
Well, the, this is the, you know, the, the, the, the, the scoping tool is going to give immediate and measurable, measurable benefits. I mean, we were talking a minute ago about the man month, right, but we’ll have the challenge with people connecting the dots on the time that they save on their engagements is that that man month, it’s not Bob, you know, it gets to save a month, you know, to not unless Bob’s doing all the scoping for all the engagements, which usually isn’t the way it works, right? We’re talking about saving, you know, saving Bob a couple of days, saving, you know, Mary, Mary, a couple of days, saving Angela, a couple of days, saving Fred, a couple of days. So, you know, it’s, it’s really kind of a spread benefit that that’s spread across your team, you know, and whatnot.
But, you know, you’ve got a number of different things that come in, come into play, which we’ll get into more a little bit later, but just going to give you the highlight reel, certainly the reduction in scoping time, you know, from hours, hours to minutes, you’ve got a streamlining of your QA process, which we’ll get into later, you know, the increased profitability every time I’m, you know, the the expression time is money. Well, if I’m not having to just blow it on my, you know, on my engagement, then, you know, now the the that saved time has the opportunity to turn into profitable, you know, either profitable time or reducing stress on, you know, on your personnel, improving employee retention, you know, things along those lines, you know, the it also gives scoping decisions, some precision as you’re going through one of the one of the big challenges that the organization’s face is that, you know, if I go in, I’ll just pick one of their wireless as an example. So if I go in and I say, you know, they don’t have wireless, well, if I if I were to go to, you know, kind of three different assessors on the team, invariably, they’re all do doing it and approaching it in a different manner. And it creates a lack of consistency for the organization. And so that that improvement in precision, the improvement in, you know, in expectations, the consistency across, you know, all of the personnel, all of those, you know, are things that ultimately will help the organization and most assuredly make the fine folks in the Quality Assurance Department smile, you know, but, you know, just being able to gain that gain that standardization is huge. You know, as you’re as you’re, you know, kind of scraping off, scoping activities that are bogging down assessors time, you know, now you can, you know, kind of walk into your engagements, you know, faster, cleaner, in a more concise fashion, it’s gonna it’s gonna help all the way around.
that’s fair all right well it’s about that time now that we’ve hyped it up tell us about the two components of the new scape scoping AI capabilities
Sure, so there’s a couple of different components involved. One is kind of a questionnaire, right? You fill that out as you’re going in, starting to get through into the scoping, and the portal will automatically scope the engagement based on the responses that the person taking, that scoping questionnaire, based on the ways that they go through and answer them. And I’ll get into both of these in more depth, but just to tee these up.
The other is a highly customizable backend editor so that you can use that to create the scoping questionnaire, determining what things are going to get asked, if so, what exactly they do, that type of a thing. So I’ll go into a greater level of depth on the kind of the scoping questionnaire side of it. So when you’re going in and you’re firing off a new engagement, you want to use that scoping questionnaire so that you can quickly just pare down the applicable compliance requirements. And you fill out the questionnaire. Anytime that you’ve got a new engagement, you’re going and getting started. So where I was talking earlier about how the assessors that have to go into engagements and every single freaking client’s different, well, the person that is in charge of kind of getting, doing the scoping for that engagement, they can take that client’s things into account, et cetera, kind of run down the list. So for every question that is in the questionnaire, there’s a list of potential responses. You select the appropriate response for the question and then the portal will go off and either scope or descope, all the things in relation to that question, et cetera. So a typical questionnaire can go through, you can go through, complete it in just a couple of minutes. And as you’re submitting each of those responses, then the pre-configured instructions you’ve got for the configured scoping question will then go take effect. So is this client a service provider? Yes, no. So if you say yes, then we don’t need to make any modifications within the system, just kind of leave that alone. However, if I say no, they’re not, well, now we can automatically go through, find and select all the compliance requirements that are relevant only to service providers, set those items to not applicable, enter in the default report text that explains why they’re not applicable, AKA, this item is not applicable because the organization’s not a service provider. But so they can go in and do that and then depending on how the scoping tool is configured, the portal can also automatically move all of these items forward in the workflow to over to QA. So there’s no need to go back in, touch those items, et cetera. The second piece of this, the scoping editor, it’s really the backend editor, it allows folks to go in, create scoping questionnaires and make it available for your engagement. But the important part here is, this isn’t, TCT went into the shed, cooked up the questions and the answers, dropped them out there and said, good luck, I hope you like what we did with it. This goes perfectly in alignment with who TCT is, how we’ve approached things with our system since 2015.
Is that we didn’t want a platform where the organization needed to try to figure out how to fit into it, but instead, allow it a customizable interface that folks can make their own. So it’s your questionnaire.
So you can go in, edit it, customize it to meet whatever needs you’ve got, whatever workflow preferences you’ve got. Sometimes there’s very specific questions on specific certs that you would ask. So you can determine, yeah, go ahead.
Yeah, I was just going to say like, as you’re talking about that, what is the direct time savings benefit for clients that choose to utilize that approach?
Well, if they’ve got, you know, obviously we have to go in and go set it up once, right? Right. You know, type of deal. So, but if they’re going to save time on, cross all their engagements. So, you know, we’ve got organizations that are, geez, they’re doing, you know, PCI and, you know, and HIPAA and ISO and SOC, you know, and SESF, you know, et cetera. So they can create questionnaires that are specific to the, you know, to the search or standards that they’re, that they’re working with, you know, and, and basically make that scoping time savings across the board, you know, with those, we’ll talk a little bit later about some of the, some of the ripple impacts of the, you know, of those benefits specifically around QA, but I don’t want to, I’ll, I’ll, I’ll, I’ll wait on that one for a minute.
That’s some foreshadowing folks. Yeah. The, the editor lets you go through, customize up everything so you can determine your questions. What do you, what type of response am I seeking? You know, what are the, you know, what’s the report text that I want to, to go allocate? You know, what follow-up actions is, you know, is the, is the scoping, you know, AI going to take based on responses that are selected. So everything, everything is under the control of the organization. So they can pick the wording of the question. They can pick the wording of the report text, all of that. So it’s, it’s pretty damn cool. The engagement scoping is entirely automated. So it’s almost like, you know, you go, went and go ask somebody on a lot of engagements. That’s actually what they’ll do is they’ll have somebody sitting, you know, kind of sitting, sitting in the background. Okay. Here’s all I want this one set up and they got some instruction list and then they hand it to, you know, hand the assistant and, you know, let me know when you’re done. There is none of that anymore. You literally will just go through, get everything configured properly. You know, punch the, you know, punch the go button and within minutes your, your engagement’s ready to roll. So you can, you know, we talked about setting, you know, setting things to not applicable, entering the specified report text, uh, you know, capabilities to move it through the workflow. You know, you can create as many questions as you’d like. Cause like, Oh, you only get two questions. Um, I don’t care. You want 42 questions, fine. You know, whatever you want, whatever you need for your company. Again, this is part of, you know, part of why PCT is materially different in the space is that, you know, we want our organizations to be able to take their secret sauce, put it into, you know, put it into the system in a configurable manner so that they can use it for their engagements to make them more efficient. Um, so whatever they cook, cook up, they can, you know, they can go through and do. So, you know, can you, you know, could you do things like, um, is your, you know, is your PCI engagement, uh, reduce scope, you know, on a reduced scope for an SAQ?
Oh, if so, which SAQ, excuse me. So you’ve got SAQA, SAQB, P2PE, is it both an A and a P2PE? Whatever, you know, we can, you know, you can go in, you know, and, and fully configure it, you know, uh, and whatnot as they go through. So the best part is, is that that scoping questionnaire remains editable.
So, uh, so if you need to make some tweaks or modifications, change your question, um, change which, uh, which elements are going to be affected, you know, by this particular, uh, activity, um, you know, you can go in and make those, make those modifications at any time so that you can, uh, go and apply them to your next engagement that you need to go, uh, need to go in and do. So, um, you know, you’ve got, you’ve got the, uh, uh, option as well for, you know, updating some existing clients, you know, kind of scope, scope as needed. So there’s going to be a lot of, uh, a lot of power, uh, that’s put into the hands of, uh, you know, of the, the customers of the TCT portal.
Nice. Now, you teased it earlier, but how is this tool going to help the quality assurance function for organizations?
I’m telling you what, for the folks that are listening to this, and it seems like it’s very rare and it’s very infrequent that you will get the folks that are in the QA department to actually get a smile about something. I’m telling you right now, this is something that’s going to make them happy.
One of the biggest pain points for the QA teams is consistency across engagements. If you’ve got 15 QSAs, 50 clients, I mean the amount of variability across this spectrum is huge. Different assessors will make different decisions. Different assessors will word things differently. Different assessors will make applicability to different requirements. Now, from the QA perspective, they know what they’re looking for. They know where they want it applied. They keep telling the same certain assessor the same certain thing about how they want the engagements done, but they end up basically being the one sitting there playing cleanup on aisle five. With the scoping tool, you’ve got everything is pre-configured. You’ve got the ability to go in and basically lighten the burden on the QA department. Apply rigorous consistency unless the assessor literally opts to manually change something on the outcome, but we’re giving it a valid shot at reducing errors out of the assessor arena, improving consistency, and better yet, aligning it with the expectations of the quality assurance folks. I would suggest have some fun with telling those folks you’ve got some new feature that you want to show them that will make them smile. I guarantee to you that it will be a good time.
That sounds like a game changer. Now, how can organizations get the most out of the scoping AI functionality?
Well, I’m a giant proponent of, I’m a giant proponent of kind of iterative improvements. If you will, it’s how we’ve lived since, you know, since the launch of the portal. So, you know, certainly one of the things that, you know, that I would suggest as you go through the process is, you know, kind of use your, you know, use your reporting outputs, your CSV exports from the system, use those as some of the starting points for configuring questions. You know, your prior engagements are a great source of kind of input to what questions do we want. You’ll see consistency in the, you know, kind of in the reporting responses on engagements and those consistencies that you would see, you know, across various of your engagements, those can be a great tool for going in and starting to do the work of configuring up the, you know, configuring up the scoping capability.
You know, wherever, you know, whenever you can, you know, use those questions that will, you know, that will allow you to de-scope items from, you know, from the focal point, you know. You’re looking at differently. I was saying earlier time is money, right? At the end of the day, you know, if I can make all of my engagements be capable of only needing hands-on attention for, you know, for half of the totality of listed requirements, you know, rather than 100%, yes, what, man, it’s all, you know, it’s all working to kind of help out the bottom line. You know, the other thing that I would suggest. So, you know, I’m positive your team can start cooking up questions, et cetera. I like the notion of using, you know, artifacts from existing engagements as a, you know, as a guide to help with that, you know, but as you start to get the questions together, the actions and activities you want to take and, you know, what are the various parameters that I’ve got, which of the, you know, kind of other requirements across the standard or certification are going to be impacted. Once you have that together, do yourself a job, do yourself and your QA team a gigantic favor, invite them to the party, get them involved, get them active in this discussion. If you can have some consistency between the tools, the tools configuration, you know, base capability and the expectations out of the quality assurance department, everybody’s going to be happier and you’ll have a platform on which that increased consistency will allow for significant streamlining, even in the backend for your QA folks. You know, TCT, you’ll be happy to go in and set up a, you know, kind of a testing instance, you know, so you can test around with the scoping tool before you start rolling it out live, et cetera. So, so that you’re able to, you know, take your shot, apply the scoping tool. Let’s see what the net result was. Is that what we expected? Nah, we missed a couple of things. Let’s go take another crack at it. We’ll be happy to work with, you know, work with the clients to kind of get, you know, get their particular configuration of the, of the scoping AI tooling dialed in.
But yeah, it’s going to be, it’s going to be fun watching, watching folks be able to interact with it starting next week. No doubt.
We’ve previewed this capability to several organizations already. What kind of feedback are you getting? What are they saying about it?
Oh my god, they’re so freaking excited. So excited.
We’re getting a lot of excitement from customers as they’re learning about the new capability coming. They’re seeing a lot of use cases for it, anticipating the really substantial impact that it’s going to have on assessment streamlining. So a lot of users are saying they’re really excited about eliminating the cumbersome aspect of configuring those client engagements. And honestly, they’re expecting it’s going to save them a bunch of time, whether it’s for the assessors, whether it’s for administrative assistants internally that had to carry some of the water, whether it’s within the QA department type of a deal. So yeah, there’s a lot of buzz going on as far as the scoping functionality. So again, the thing that jazzes me is just being able to see the light bulbs go on for folks for them to realize what the benefits are going to be for them and for their company. I mean, that’s why we’re in the space.
No doubt, parting shots and thoughts for the folks this week, Adam.
Well, we’ve talked a lot about time savings and the streamlining that this is going to afford for organizations. In some cases, it seems like a challenging concept for folks to get their brain around the time savings that they’re going to have. Keep in mind, there’s a ton of things you can do with the time savings.
I kind of alluded to it earlier. Am I going to take the time savings and maybe take my stress level of my people from a nine to a six? Is that my benefit? Am I going to take some element of that recouped time and be capable? Certainly, if you just take the reduction in time, what that means is that now that I have more freed up time for my people, that means that they can do more engagement so they’re having to hire more warm bodies. That’s a possibility. There’s a myriad of things that you can do with it. The big thing that I would recommend, obviously, if you’re already intimately familiar with TCT and the system and whatnot, then reach out to our support team and get them to give you a preview of the functionality. My team would be thrilled to give you a hand with getting you heading in the right direction. If you’re not already familiar with TCT in the platform, by all means, we love making friends.
And that right there, that’s the good stuff. Well, that’s all the time we have for this episode of Compliance Unfiltered. I’m Todd Coshow and I’m Adam Goslin. I hope we helped to get you fired up to make your compliance suck less.
