Scaling Compliance Without Scaling Your Team

Media Thumbnail
00:00
00:00
1x
  • 0.5
  • 1
  • 1.25
  • 1.5
  • 1.75
  • 2
This is a podcast episode titled, Scaling Compliance Without Scaling Your Team. The summary for this episode is:
Compliance isn't optional
02:38 MIN
Warning: This transcript was created using AI and will contain several inaccuracies.

Dan Katt: Hi everyone, thanks for joining us this morning. Dan Katt, CEO over here at Trava Security. We've been around for about five years now and during that time we've helped hundreds of organizations with their compliance and security objectives. Whether that's designing, building, testing, managing their compliance programs, we've helped in a variety of different ways. For background, I've been in the cybersecurity and compliance space for the last 10 or so years. Prior to that Navy Intelligence guy that made the jump over to go to market, I think I bring a unique perspective in that I've been on both the consulting side as a service provider of these offerings, but also as a SaaS go to market leader and the ultimate consumer of some of these services from a go to market perspective as we sell into large enterprise organizations. I am joined by Marie Joseph from our team who leads our compliance practice. And I'll give Marie an opportunity to share a bit about her background.

Marie Joseph: Yeah. Hello everyone, I'm Marie. I'm the manager of Compliance Advisory here at Trava. I've been here for over four years now, which is kind of crazy, but I mainly help our customers go through whatever compliance goal they might have. Most of the time I would say the average thing is like SOC2, ISO 27001, GDPR, CCPA, just to name a few of those. So I have a team of people that I help with managing all of our different customers with all their different compliance goals and calendars.

Dan Katt: So as I, as I mentioned, we have a lot of expertise and experience in helping variety of organizations, whether you're SaaS, manufacturer, healthcare organization, achieve your compliance objectives. And you know, sort of ultimately what we are seeing and what we wanted to talk about today is look, compliance isn't optional from a regulatory perspective, from a consumer perspective, from a customer trust perspective, it's not an option anymore. We're seeing boards, insurers, regulators, they want continuous proof of control effectiveness from the service providers that are achieving these compliance certifications. Whether that is something like the sec, Cyber Rule, New York dfs, we're seeing increase in privacy laws taking place in and around the us we're seeing European AI acts, right? So there's just this large list of an ever growing compliance requirement. And as early stage organizations that are going to market, it's becoming increasingly more difficult to navigate those changes and regulatory requirements. So from a why does it matter perspective, I think ultimately you see the expansion of frameworks and the evolution of these regulations, fines and penalties are a real risk, right? Whether it's the EU AI act or HIPAA compliance or limitation from a business perspective in your ability to navigate deal cycles, acquire new enterprise customers and slowing down that sort of cycle, we naturally want to avoid that as go to market organizations. Not to mention this concept of AI and the risks that are emerging from the adoption of AI within organizations. Whether it's a service provider that's bringing an AI platform to market or an AI solution to market, or you're the consumer of those services. From a corporate perspective, we're seeing more and more demand for governance and risk management as it relates to AI. And I think one of the things that we see on a fairly frequent basis and if you look at some of the stats out there, teams are being asked to manage compliance and build compliance programs with limited teams now more than ever. And in fact I think the latest stat that I saw was 63% of compliance teams say that they don't have the in house expertise to meet the current requirements. And so they're looking at ways to add additional capability, expertise and capacity to their teams without just a pure linear function of adding additional staff to those, to those teams. Marie, I'm curious, like do you have a perspective on that or you, you're engaging with a lot of these organizations. What's your, what are your thoughts on that piece?

Marie Joseph: Yeah, I would definitely say people are, a lot of businesses are kind of not having the, maybe the bandwidth or the amount of like headcount within their business to have someone as an expert, which is why sometimes our customers really come to us, is to have that in house type of help at a lower cost and just for budget purposes. So I definitely see that coming around a lot.

Dan Katt: Awesome, I appreciate that. So let's talk a little bit about why it's harder than ever to stay compliant. I think if you look at 2024, 2025, it's just been a tsunami of changes that have happened across the compliance landscape. In fact, I don't think I can recall a time where there were more changes to the compliance frameworks that organizations are having to navigate than the last couple of years. Right. And you see that as I mentioned, privacy laws are coming into effect. I think the last count that I saw was there are eight new privacy laws that went into effect over the last year. HIPAA's making changes to their program, CMMC is going live and the requirements around level one and two going into effect this year. Pci, DSS is having, are having changes. The adoption of AI governance, both from a EU perspective with the AI EU act and then the Adoption of, excuse me, the release of ISO 4204:2001 as well as like the NIST AI framework. Right. So there's just this crazy massive landscape that is becoming more and more important for organizations that are going to market to navigate. And you can see there from Drata, one of our partners, on average companies are having to manage 13 compliance frameworks as they go from a compliant, as they go to market from a compliance perspective, which is critically important for many of our customers who are early stage SaaS organizations. So one of the things that we wanted to leave you with today are some strategies around preparing for your compliance journey, things that you can be prepared for and then how we are working with organizations to best manage and create scale for their compliance programs as they go to market. Marie, do you have a, you have a perspective on this?

Marie Joseph: Yeah, I definitely do and I think it'd be good to now talk about some of the realities that come into play when it comes to compliance and what we're really seeing like from like the day to day challenges and why people really come to us for help. Because I know we mentioned that like people don't have really the headcount in some cases, so that's kind of why they partner with TRABA in that sense. But I would say some of the realities can kind of be grouped into like maybe three different groups. One, and it's probably the best case scenario is people come to us just in preparation for not knowing what to like not to come or anything. So they might come to us just with the drive or knowing that it's going to come down the line at some point that someone asked them to be SOC2 compliant or with like the privacy concerns of knowing where they do business like GDPR or ccpa. So I would say that's always the best case because it gives you time and not the rushed feeling of getting you to get to that security aspect. And then it also allows you to build with security in mind, which is also a better case scenario. Second, I would say this one is probably more relevant with some of our case studies with our customers. But people come to us with a really quick deadline in mind and that's usually because of a prospect or a current client being like, you need to be SOC 2 certified in 3 months or 6 months for example, or else we're not continuing our contract with you. A lot of the drive I would say comes more so from prospects and wanting that the customer themselves like wanting to grow into a larger market space. So a lot of the Times those bigger prospects will expect a better security posture. And in some cases, a lot of these customers come with little to nothing or maybe an unorganized sort of maturity for a security program. And then third, I would say a lot of other people come just already having the certification but wanting the assistance of that general upkeeping of their already existing program. It becomes kind of overwhelming. It was just a random hat they were thrown at them. And sometimes a lot of the time, a lot of the times when that's just a role they were kind of forced upon, when it wasn't originally in their job description, it kind of comes with that burnout and turnover risk that we might see. So getting help from trauma on that side has been, I would say, helpful for some programs, if not all of them. But that's just kind of the three high level scenarios I see. And just because a customer comes to us, I always like to reiterate that it doesn't mean that their team is like a bad team, but it's just due to that insufficient resources and competing priorities. Like I said, it's just a hat they were given. So no one really wants to. Usually people, I'm going to be honest, usually people don't want to wear the security and compliance hat that come to us. So that's why partnering with TRAVA is always a better mindset. Because then that risk and responsibility is somewhat given off off to like us and not on their shoulders. But every customer too kind of starts at a different state. I kind of alluded to that with those three scenarios. But we really focus on getting customers to either their first audit or keeping up their program and focusing on making their program kind of customized in a way that we can, just because compliance and security is not one size fits all. So kind of want to reiterate that. But we work to make them achieve their goal in the quickest and most efficient way possible.

Dan Katt: I think you made a lot of solid points there, Maria. I think one other thing that I've heard a lot in speaking with go to market leaders and just leaders at organizations that are sort of in this position is the support around information security questionnaires and being able to navigate that process, reduce sales cycle by leveraging a security or compliance partner to best position security as a differentiator for those organizations. What do you see from a go to market perspective on that front? Like, I'd love to hear what your team's doing as it relates to that.

Marie Joseph: Yes, that's a great question to bring up because I would see there's been such a large uptake of people wanting assistance with those security questionnaires. And I'm sure some of you on this call probably get a lot of those or see them come through and do not enjoy them. But with having someone partner partners like Trava, we're able to answer a lot of those questions on your behalf just because we're built into your program. We helped you build your program, so we easily know the answers. So I would say we've helped a lot of people in the past and still are today, where we fill those out because no one really wants to fill out 100 plus questions on their own. They're, they're tedious and not fun. And even with the certification, I would say sometimes people think getting the certification shouldn't mean any more questions anymore. But I would say there's been kind of a larger tick of people still wanting a questionnaire filled out too, just because there's, I mean, the security, like the cyber security threats are just ever growing and changing where they just want another layer of assurance.

Dan Katt: Yeah. And I think what I am starting to see in the market is there's naturally AI agents that are being developed and tooling and AI is a great force multiplier for organizations that are using compliance to sell into large enterprise organizations. The feedback I'm seeing from the market is tooling is great. Human in the loop is a critical piece as well. And curious, like what you hear from individuals on the ground. How does that translate?

Marie Joseph: Yeah, I would say that AI piece of it, when it comes into especially those security questionnaires is very beneficial. But that's also depending on the tooling that you're using. A lot of GRC tools and ones that we partner with have that AI capability and are building it out where it just is making your life easier. Everything you're basically dumping into your GRC and compliance tool help to automate those security questionnaires going forward, which is saving you time and money and like also making you probably hopefully close some of those major deals.

Dan Katt: So you could naturally do this as an individual at an organization. Right. It's a collateral responsibility. Maybe you're an fte, but what does like managed compliance really mean for the individual that's responsible for maintaining a continuous compliance program?

Marie Joseph: Yes, very good question too. So managed compliance, we at Traba, we do call it cas, so compliance as a service, so you might hear me reference it as one or the other, but managed compliance, I always like to think of it as normally the typical consultant would come in as the coach we just would be advising, but with the manage compliance side of things, we become both the coach and a player on your team. So that means that we would be responsible for helping collect a lot of the evidence requests that come in for like your audits and just the overall readiness that are being asked for in your GRC tool, just depending on what the control controls under the framework you're trying to achieve. And we also help with editing policies and getting those to that ready state and just overall upkeeping of your program going forward. So the managed piece is we build the program and then continue to monitor that program then going forward that we built. So that's kind of where like a continued continuous readiness piece comes into play. We helped you build it and now let's keep it going. And just kind of reiterating from what I said earlier, there is no like right size program. So we usually have to custom build it in some sense, just depending on your budget for the security program. Some things we'll have to keep manual, some things we can automate. And that just also matures, I would say, as customers go on with us, because they can start maybe having more of a security budget to automate some of the pieces, but we try to take off some of that responsibility on you so that you don't have to fully manage all those tools and collect the compliance items for them. So like collecting different sort of logs and screenshots for those items.

Dan Katt: Yeah, I think that less lift piece from your team is particularly important in sort of the feedback that we see from the market is one, if I'm a CTO at an early stage SaaS company or even, you know, a SaaS company that's scaling up, do I really want my engineering team focused on compliance and the technical evidence collection or monitoring that goes along with that, or would I prefer for them to continue to push code and drive product forward, enabling revenue through that particular function? And categorically the answer that we've seen is yes, if cost is aligned with the return that we are getting with driving our compliance program forward, absolutely. I think the other piece that we run into is organizations that may be a little bit larger think of managed compliance as, hey, ownership of a specific function within the grc, the governance, risk and compliance function or the security function at large, and looking at a way to offload a specific function within their org chart as it relates to managed compliance ultimately with the objective of better operational efficiency, cost savings in an environment that's, you know, again, what we see is driving towards operational efficiency to better Realize ROI on your dollars that are driving revenue functions. I think there's also the intangible of freeing up your team's time and the culture building that goes along with that. Um, I. I'm sure I have to imagine that you've got some personal experience with people that have commented on how much more free time they've gotten as a result of working with your team. Like, do you have any fun stories around that?

Marie Joseph: Yeah, I definitely think I would have some fun stories. I can talk about that briefly too, on the next slide. And one thing I do want to reiterate too, that you were kind of alluding to Dan was just, we're really here to, like, support and enable your internal team. Like takes on some of the responsibilities, but our goal is also not to replace people on your team. We're here to take off some of that lift, like you said, like, give them back some of that free time. A lot of the times we work closely with engineers, so letting them go back to the part of the job they like, basically. But I do want to talk about one of our success stories, I would say so briefly, talk about Campfire Learning. They are a SaaS company that targets the education space and really focus on content management and creation for the educational area. So in that field, you would definitely expect that the data that they're handling is probably going to be usually PII or children's data that they might come across, which would have a lot of security and privacy concerns at play here. So that is something that they came to us like on their mind and considering. But I would say the driving factor is once again a large prospect really wanting them to be type 1 and type 2 for SOC 2 and have that certification in hand with a really quick date. So that gave us about six months of to get that completed for them. So we worked closely with the Campfire Learning team to help them achieve that goal so that they could hopefully land that large prospect. It was a bigger team effort, I would say, but we really became part of their program and a part of their team especially. I think they kind of see that with our partnership now that we have going forward, where we were able to also help them fill out a large security questionnaire that referenced here. The heck, that questionnaire, that is higher education community vendor assessment toolkit. So mouthful. But realistically, it is just what the educational industry sees as major security concerns and things that they would like to see their software that they use operate. So we helped them get to that type 2. I would always like to reiterate to you that though the first certification is usually harder, it takes a lot longer. It feels really overwhelming. In some cases, we try to take as much of that feeling off of you. But then as we get to that built program, the next audit and the next audit should become easier and easier going forward. And that's just kind of how our plan usually goes going forward. And with that, since we built Campfire's program, we were able to help them fill out that very long questionnaire. There's a light version and a regular version. The light version was still like 100 questions, so the regular one was even more. But we got that filled out because we were a part of their program. So it was easy for Trava to do it on behalf of the customer. And that would also save their team a whole bunch of time as well.

Dan Katt: Yeah. And I think one of the things I love about this story is how we became a part of the Campfire team. We helped them build a sustainable and manageable program. We're still working with them, but the big takeaway from my perspective, is we enabled them to be the hero. We were a supporting structure in sort of their journey, but it's Campfire's program, and they are positioned now to be able to effectively navigate some of the compliance and security hurdles that inevitably happen as part of their deal cycle. And so we've set up Rodney and his team as sort of the heroes in their story and the journey associated with that which we want to be in the background. And I think the piece that is long term going to be super valuable for them is the implementation of their GRC platform and the orchestration of all the activities that happen in that to make them really successful for the long term through a governance type capability.

Marie Joseph: Agreed on that. And also with that GRC tool in mind, too. And thinking about the type of data they handle, it'll make it easier for them to add on those additional frameworks that they're going to be asked about, because like I was saying, they handle a lot of very important data where it's like children's data, especially where if they needed to go into things like COPA or something, they could already see some of the overlap that they worked on with their SOC2 program as they expand more into the security and privacy space, because they're definitely going to be asked for more.

Dan Katt: And I. That is such a critical point. Right. So organizations that are building a strategic approach to compliance, I think one of the hacks or the enablers of success that I've heard you talk about is sort of building a unified control library and. And I have to imagine that the GRC platforms are a critical part of that.

Marie Joseph: Yes, they definitely help with the overall management of the program. It is probably the perfect crutch to make sure you're not really missing due dates because I mean we can only do so much as a person to be like, hey, here's your reminder. So like having the automation behind a GRC tool that automatically collects some of that evidence for you, along with the human factor as well that Trava is offering really helps keep that program going. And then also seeing that overlap of any of the frameworks I get thrown your way.

Dan Katt: Yeah. Are there any other pointers that you would give organizations that are thinking about compliance and security from a go to market and a holistic perspective that they, they know they're going to have additional requirements that are. That you just love to share with the community?

Marie Joseph: Yes, of course. I would say something to keep in mind is just to start focusing on security and privacy as soon as you. It's always easier to say it's easier to build your product around the things instead of doing it further down the line and trying to put it into something that was already very much built for like five or 10 years. So that is something if you have the ability to plan for it without having that rush, that is usually a better case scenario. So you might as well start making a plan or start seeing if you can budget it in. Especially if you are handling certain types of data. You can usually tell if like any of those frameworks are going to be heading your way depending on the data that you handle. So one good, one good thing you could do if you don't do it already is just starting a data inventory, knowing what you collect. And if you have questions of I don't know if security and privacy is really relevant, then I mean partnering with Traba is always a good solution too.

Dan Katt: Yeah. Well I love the shameless plug there, Marie, but maybe before we get into talking about our solution, any other areas that you think are hey, just like accelerators as you think to formalize a program like this, whether it's technology process like eccentric.

Marie Joseph: Yes, I would say technology is usually pretty big if you have the budget for it. There's all. There's always like manual processes that you can work on that I would say that we have solutions for so big automation things you could look at one obviously a GRC tool. The GRC tool has different integrations typically that you would be able to pull in things from like your cloud environment, your ticketing systems, maybe another solution where you're doing access reviews or also hr. HR has a lot of items that you have to focus on for compliance. So any of those types of tools are really good to start taking closer look at. Of do we even have the security features enabled? I would say that's a big thing that comes across like with cloud environments is people don't even have security like features enabled, but it's included in their package, but they're just not utilizing them and making sure they have different like logging and audit logging on and different types of threat alerts and other alerting enabled. Those are things that sometimes I see not even configured correctly. So those are always a good thing to think about too. And then sometimes if things aren't able to have a technical solution or automation like that, just looking into how can we manually start analyzing what our current structure looks like. So do you even have a network diagram? It's really just starting like documenting what you currently have, your current structure and where you're lacking. That's kind of my best case scenario.

Dan Katt: And I have to imagine if that sounds like a daunting task that you would like working with a partner like Travis Security and members of Marie's team. And that's where our compliance as a service offering comes into play. And it's the combination of the technology, whether it's Drata Vanta Secure Frame, pick the GRC platform that works best for you. Working with an auditor. So leveraging a company like Traba to act as your primary point of contact with the auditor organizations and then helping you with the continuous monitoring piece and turning these ideas into actionable steps for organizations, ultimately getting you to compliance faster and with less risk of maybe some side branches along that journey. Right. You can see there if you want to work with an organization like Traba, that's enabling you to focus on the growth of your product or your business and sort of offloading some of the compliance requirements that go along with that. We're always happy to have conversations about those capabilities. Anything you would add there, Marie?

Marie Joseph: I don't think so. I think we covered it all, so I'd just be repeating myself.

Dan Katt: Appreciate it. All right, well, I think that's all we have prepared for today. Happy to answer any questions from the audience.

Jara Rowe: Alrighty, I'm going to go ahead and remove the slideshow and I actually do have a couple of questions that came in before we went live. So the first one is how can these services, as in managed compliance or CAs, save costs compared to building an in house compliance team.

Marie Joseph: Want me to take that one, Dan?

Dan Katt: Yeah, I'd love to hear it from the practitioner perspective.

Marie Joseph: Exactly. Okay, so I can think of a couple things that would come to my mind on like cost saving perspective for in house. First one would be that additional headcount. Usually someone in that role, like the salary that you would need to pay them would be very significant compared to what you would pay someone at like a services type of industry. So like with trava. So that's usually one of the bigger cost savings with not having like an in house headcount basically and then also saving you just not having that one particular role. Like you could have, you could hire someone else like with various knowledge. And then I would also say cost savings of like having us in like the services side would be that. Oh no, I forgot, I was to say the other cost one would be that we would evaluate your current structure. So then we will make sure that you aren't having like overlapped in tools. So we would also be able to downsize on the amount of like tooling and like automation that you might be buying. So like if there's overlap on where you're doing vulnerability scans versus like risk management and like your ticketing system, if you have different project management ones, you don't have to have such a large toolkit. Basically we could limit how many tools you're using in that sense. So that also has been something I've experienced where we help them save costs on that along with like different partnerships we might have too. So I would say also I've seen like with like our different partnered external auditors and like internal audits that you might be outsourcing. We've also seen cost savings in those areas.

Dan Katt: Yeah. So Maria, I think just like to paraphrase one, there's the hard costs that are associated with adding FTEs to the campfire story. Rodney and team saw about a 75% cost reduction in what they would spend on a GRC expert. Rough cost somewhere between 100, 150 grand depending on skill set for those type of individuals. So there's the hard cost savings there. Two, there's the operational efficiency cost or the opportunity cost that I heard you describe there on the expertise around multiple compliance frameworks, multiple security questions and scenarios that a consultancy brings to the table. And then there's the tooling piece again, another hard cost. I think the part that's really hard to quantify is the risk cost, whether it's from a brand reputation perspective and then the opportunity cost from like a go to market perspective. Deal cycles being slowed down or being stalled out entirely because you don't have the right answers to the questions from an infosec perspective is another way to think of it from a cost quantification perspective. And I think about it that way as someone who's consumed the services of a trauma.

Jara Rowe: So, Dan, I have the next question towards you.

Dan Katt: Sure.

Jara Rowe: How would a company measure the ROI or success success of like a managed compliance service?

Dan Katt: Yeah, it's a really. That's a fun question. I think it comes back to sort of those three categories I talked about. Right. There's the hard operation, there's the hard financial cost from a people perspective alone, the tool perspective alone. Then there's the opportunity cost from a deal perspective. You know, the way we think about it from a go to market perspective is, hey, are we reducing sales velocity? Are we helping you close deals faster? Are we helping you navigate information security questionnaires or clarification calls? Excuse me. And putting you in a position to close more deals? In fact, we had a really fun. I was with one of our customers last week in Chicago and he came up to me and he was, he was singing the praises of one of our consultants that participated in infosec call with a large customer marquee customer for their business. She basically gave an intro to her background. She provided an explanation of the engagement model, what was in place today at the customer site and what their progress had been, and shut down any concerns from nymphosec perspective. And it was awesome. I had the opportunity to be there. CEO came over and chatted with me and said like, hey, this is a force multiplier for us. It's accelerating our velocity. It has effectively removed any sort of concern and established an incredible amount of trust with the customer. So we see it from that perspective as well. So revenue dollars that are activated and hard costs that are limited.

Jara Rowe: All right, Marie, next question for you. What ongoing tasks do you handle versus like, like trava versus what the company or customer still needs to do.

Marie Joseph: Great question too. And in some cases it might differ just depending on the access level that the company is willing to give us. So always keep that in mind too. But realistically, we try to get access to systems that we can just to help you with monitoring your compliance initiatives. I would say one thing we easily take off your plate is anything in regards to like risk management and sort of vulnerability management typically. And then also just the ongoing maintenance of the compliance program. We then are able to take off the Lift and make sure all your policies are done, checking in on like access reviews. But there always needs to be a champion within your organization that is kind of the overall like risk owner and responsible for it at the end of the day, even though Trava is doing ultimately all the work for you in that sense, I would say the biggest thing that a customer is still responsible for with these types of programs is any sort of technical configuration that might come into play. We can't really build or rebuild or tweak any of your software that might already exist, especially like within your cloud environment. But we can give you guidance on if you were to make this minor change, major change, it could lead to a better security posture and especially help with your compliance initiative. So that's usually something, I would say the bigger thing that your company would still handle. And then another thing would be just making sure that you're also leading with security happy type of mindset to make sure your employees are also engaging with your compliance efforts. So it's really a whole company effort. So they have to make sure. Are these policies that we created for you, is your company going to be okay with them? Like, are people going to be acceptable of some of these changes? Because they are usually a process change and a habit change in your team. So just making sure that even though we build the program, is it accommodating to your people? Yeah.

Dan Katt: And Marie, like the change management piece is super important, especially as organizations grow. Right. And I think there's a significant amount of value that your team delivers on sort of the why this is happening and how to message that to the organization and the benefits that they're going to see. Because sometimes, sometimes it can feel restrictive right to the end. The end recipient of some of these changes.

Marie Joseph: Yes, it definitely can be a little overwhelming. And I would say it's another one of those things that people, keeps people up at night. Is this going to be accepted? But we try to not make them be like any sort of major change. Hopefully it's something the habit will grow upon your team is usually what, how I convey it.

Jara Rowe: Fantastic. All right. If there are any other questions that anyone has, please feel free to leave them in the comments. But before that, before we wrap up, Dan. Marie, if you could drive home one thing from this conversation, what would it be?

Dan Katt: Marie, do you have something off the top of your head?

Marie Joseph: I think I've talked about it a couple times. But if you are considering, I mean, you're here at this, at this webinar, but if you're considering that you might have any sort of like, compliance need or drive, just start now. Because every day you waste trying to figure out, is this framework applicable to me, do I even need to think about security and privacy? Is a day wasted because there could be a prospect or current client that comes asking tomorrow for you to be ready in three months and you don't want to lose out on that opportunity because it is a business drive at the end of the day.

Dan Katt: Yeah, I think for me it's, hey, there's. There's probably a couple of takeaways. Like, one, the landscape is changing. I don't expect the landscape to stop changing. Right. We're seeing that. We're seeing technology adoption more. More than ever, we're seeing changes within the compliance regulatory landscape continuing to happen based off of those tech innovations. So having a plan in place, having a partner that you can rely on to navigate those changes, super important. But ultimately, sort of the combination of the two is where we see the most success for our customers that are really focused on, hey, how do we drive operational efficiency? How do we scale our program without hard dollar costs? And then how does that impact our go to market from a holistic and from a strategic perspective? That's the part that I would think that I think is the big takeaway here.

Jara Rowe: Great. Okay, so for everyone tuning in, if you are thinking that managed compliance is something that you need or are thinking about, I shared a resource that's five signs you need managed compliance. If you're watching this live, it's in the comments. If you're watching this recording, it's in the comments or in the description. But Trava is here to help you and thank you for joining us.

Dan Katt: Thanks, Jara. Thanks, Marie.

Jara Rowe: Thank you.

Dan Katt: Chatting with you all. Thanks everyone out there.

DESCRIPTION

Compliance is essential for growth. We discuss how SaaS and mid-market teams are using managed compliance to scale security and compliance programs without hiring extra staff or overloading internal resources.


Topics include:


  • Why compliance is more complex than ever
  • Real challenges organizations face in SaaS and mid-market companies
  • How managed compliance helps you stay audit-ready
  • Ways to reduce risk and mature your compliance program efficiently