Compliance Unfiltered is TCT’s tell-it-like-it is podcast, dedicated to making compliance suck less. It’s a fresh, raw, uncut alternative for anyone who needs honest, reliable, compliance expertise with a sprinkling of personality.
Show notes: TCT Goes Live in Europe!
Quick Take
Exciting News on this week’s Compliance Unfiltered: Total Compliance Tracking has gone Transatlantic and has officially launched its European Instance!
On this episode, the guys chat about the expansion, the reasons behind it, and how it will help TCT to better serve its clients.
Adam also gives a peek into the challenges a security organization faces when considering this type of undertaking, and how you can effectively expand your global footprint despite these obstacles.
All this and more on this week’s episode of Compliance Unfiltered.
Remember to follow Compliance Unfiltered on Twitter.
Read Transcript
So let’s face it, managing compliance sucks. It’s complicated, it’s so hard to keep organized, and it requires a ton of expertise in order to survive the entire process. Welcome to Compliance Unfiltered, a podcast dedicated to making compliance suck less.
Now, here’s your host, Todd Coshow, with Adam Goslin.
Well, welcome in to another edition of Compliance Unfiltered. I’m Todd Coshow alongside a man who knows every riff in the solo of a compliance stairway to heaven, there is Adam Goslin. How the heck are you, sir? We have to start giving out awards for these intros, I swear to God. I’m doing good. How about you, Todd? Man, I can’t complain, cannot complain at all. Fun and exciting news on the horizon.
What do you have to share with the folks today, Adam? Well, TCT had a pretty momentous modification lately, and that is, that when we officially started in 2013, we were in the United States, where we were headquartered out of and hosted out of. And as of November 1st, a short while ago, from when this is being recorded, we’ve now expanded into Europe. Hey, that’s a big news. What does that mean? What is the catalyst behind this? Tell us a little more. Well, we had organizations that we weren’t bumping into it a lot, over the years, but more and more lately, it has kind of reared its head if you will. We had organizations that were sensitive to where is this stuff getting store? Specifically, what country is this being stored in? and so I’m having some issues with the fact that it was stored in the United States. So, there were organizations that kept popping on our radar that wanted to be able to make it such, that they could store their information in the EU. And alternatively, we had organizations whose clients were raising those questions and concerns. Really it centered around GDPR, it makes sense. There are very specific requirements for , where the data is stored, along those lines. So, we just wanted to take care of those organizations, and those clients. It’s also kind of fun to be able to turn around and offer this extension to the existing clients of TCT. We deal with a lot of organizations that have footprints globally. And so being able to serve all of their needs is pretty exciting. I’m real happy about the fact that we’re able to put this in place for them.
No, absolutely, and that really leads perfectly to my next question, which is how will this help to better serve TCT’s clients, Adam? Well, it gives us the ability to spin up engagements either in the US instance or over in the EU. We could have, one client just work out of the US instance, and another client could just work out of the EU instance, another client could have, one foot in both of the ponds. So, it just allows for, better variability for them, for us to be able to serve our clients’ needs, or for our clients to serve their clients’ needs. It just eliminates roadblocks for onboarding, adoption of the platform, things along those lines. So it was pretty cool to be able to put this in play, so we can take care of all these folks.
No, absolutely. Now, what type of future expansion does that kind of set you up to facilitate? Well, TCT’s done a number of things over the years. Way back in the day when TCT was first getting it’s sea legs, if you will, we had a hosting organization that we were leveraging, that they were, I’ll call it a mid-market, but good capabilities, abilities, service provider to folks that were interested in being in a private cloud hosting style environment, and that arena served our needs well for a long time. But we started getting requests, initially for organizations that were getting subject to DOD regulations for CMMC. And the hosting facility itself wasn’t going up against, FedRAMP High. So, we were running into some challenges there, and we made the call. Actually, what was super cool is, we went in, talked to our existing provider and said, look, we’re gonna need to get into an environment that’s FedRAMP High rated, etc. They were already toying with one of the large scale public cloud providers, and they were already kind of playing around with that. And, in our discussion with them, led them to agreeing to work with us to get our instance set up via them in that environment. And the cool part about that particular migration is that the provider themselves were able to facilitate a number of different kind of security solutions that we needed for our environment, to assist us with the managing of it. So back earlier this year, we actually migrated from their traditional hosting platform, over to the big box, virtual platform. And in doing so, it was cool because we had instances that were now on big box that could be readily moved, etc. So we’d already basically done all of the legwork to be ready to go do this EU move. I knew when we did that, cause that happened, it’s funny the way things worked out, but that happened around the end of Q1, early Q2 of this year, and about six months later, we started doing the move or the migration just swinging up the EU instance. So it made it really easy for us to go down that path. Now, that said, it allows us to potentially also expand into areas that have concerns around data storage. So EU was a fairly big one in terms of the GDPR requirements, but I know that Canada, as an example, they’ve got some rules and regulations, I believe it’s called PIPEDA, but somebody’s going to flame me for how I pronounced it. But, the Canadian rules and regulations require organizations to either store in Canada, or do their own risk assessment of fill-in-the-blank organizations. So as our footprint in Canada starts to gear up and expand, then we may go ahead and fling up an instance over in Canada. That’s the one for right now that I’m trying to keep my eyeball on. There may be others that come along, but generally speaking, most of the other areas that I’ve heard of would be fine with either US or EU-based hosting, which we can now support both. So we don’t know what’s going to be in the future. Canada is really the only one that I’m keeping my eyeball on for the moment.
Now, what are some challenges with expanding the global footprint? I mean, obviously when you undertake an expansion like this, it comes with some growing pains. What did you see? Certainly, the ability to appropriately do support has been an interesting challenge. It’s an area that quite frankly causes me some angst, just because TCT from the start has really, really taken seriously provisioning excellent customer service to our clients. And the fact that I’ve got somebody that we’re already covering just from the US perspective, we’re already pretty much covering from 7 AM Eastern to straight up to about 8 or 9 PM Eastern in terms of literally having people right there ready to go, etc.. We’ve got emergency coverage off hours and weekends, etc.. But expanding that to global means that these guys’ workday is literally in the middle of the night type of thing. And, so that’s brought some interesting challenges along that we’ve been preparing and prepared to face, etc.. It also increases our ability to leverage systematic automation. What I mean by that is that, we’re trying to alleviate the need, if you will, for routing to support by facilitating client self-service. So their ability to go spin up a new engagement, add a person, remove a person, things along those lines, just expanding those capabilities so that we can provision as many tools to the clients that we’ve got, so that they’re able to do what they need to do, when they want to do it, regardless whether it’s the middle of the workday or the middle of the night. It’s interesting having an organization that was US-based yet serving international clients, we would have people that would be coming online as it’s getting to, early to mid-evening and working our night, if you will. And so we were already dealing with that. But, officially getting clients that are headquartered and housed in realms that are off, normal working hours for us, definitely was a minute of adjustment, shall we say.
No doubt. Now, what’s the, I guess the easiest way to put this is, what’s next on the horizon for TCT? Well, most certainly welcoming with open arms, the onboarding of clients onto the EU instance. We’re excited about the fact that we’ve got the capability to serve those needs and certainly, passing the word, getting the word out there. Yes, we’re in Europe, so onboarding clients into that EU instance is one. Continuing to expand the breadth of certifications. I mean, for those that haven’t done this recently, certainly I’d encourage you to go to the TCT website. And while you’re there, just go to, I’m actually, I’m busy type, typing away just so I can reference the right pages. If you go to totalcompliancetracking.com , go to the certifications dropdown and go down to other certifications. That listing is a listing that we put on there, when did we last update it? But it has the full list of things that we’ve got up and on the TCT Portal. Back in the day, day one of TCT, we started off with PCI. But Man, I’ll tell you what, it has really expanded over the years, and we’ve got a lot of certs up there. What’s gonna be interesting to see is the continued expansion of that, kind of breadth of certificates. I’m excited to see what other certifications arise specifically out of that EU landscape, that may be specific to that region, but we haven’t even heard of, or experienced in the US. I guarantee you they’re coming. Certain security certifications for a given country, whatever it may be, there’s gonna be all sorts of stuff like that popping up. And it’s one of the coolest parts about TCT is that we named the company appropriately. We called it Total Compliance Tracking for a reason. And, that’s because this system literally can serve any industry standard certification that exists, including new versions of existing ones, including new ones that come out, etc., including those in the EU we haven’t heard of. So that’s all kind of next up on the TCT horizon. In addition to really continuing to serve our clients with that stellar customer service that they’ve come to expect out of TCT, that’s gonna be exciting to see that unfold, be able to impress the folks over in EU with these capabilities.
It’s really fun. I love getting on the phone with existing clients. I love being able to go, we were at the PCI Conference lately, and it’s awesome when you’ve got people that are coming up specifically to just say, hey, I just wanted to let you know, the team’s doing a great job. I’m so happy, etc. It’s just really fun, and frickin cool, being able to be able to get those types of inputs and see that the blood, sweat and tears of the team is paying off in happy clients. The last element of the what’s new on the TCT horizon, I’m going to be interested to see if the EU clients have some new feature requests, new feature requests that we haven’t seen yet, we’ve dealt with a ton of organizations across a bevy of different compliance standards primarily in the US. But every day, what I’ve seen in my past experiences, different realms have different inputs, they have different ways that they go about doing things, so it’s going to be neat to see what new stuff ends up coming in from the new clients. I mean, back when we started TCT, one of the things that I wanted to make really, really clear to the clients of TCT is that, hey, we’ve come up with this tool, the tool’s awesome.
It’s gonna make your compliance management suck a lot less type of thing, but we don’t do this in a bubble. We’re not that organization that’s just gonna put out features we think you need, and just put our fingers in our ears. Instead, we’ve taken the completely opposite approach. We actively request, and ask for inputs from the existing client base to say, hey, what’s stuff that you need out of something? That’s our job. That’s literally our job, to help you make compliance management suck less. So tell me what’s sucking about your compliance management so we can go fix it. So it’ll be really, really cool to see what the primarily, EU-based crew is coming up with, so we can facilitate their needs the way we’ve done with our existing client base.
Absolutely. Congrats to you, congrats to TCT. That is the good stuff. Well, that’s all the time we have for this episode of Compliance Unfiltered. I’m Todd Coshow. And I’m Adam Goslin. Hope we helped to get you fired up to make your compliance suck less.
