1
00:00:00,000 --> 00:00:03,520
But if you had to pick a part of someone else's job, what would it be?

2
00:00:04,920 --> 00:00:11,320
That you had to do. We're gonna start with Anne. I want to go. I want to go. I want to go. Okay. Good time. Go Ted.

3
00:00:11,320 --> 00:00:13,920
I would pick my job. I'm living the dream, baby.

4
00:00:17,760 --> 00:00:20,720
Who gets to talk as much as me? Nobody!

5
00:00:20,720 --> 00:00:28,480
Ariel's got the face on that goes, I don't know. I have to be meetings with Kelsey. I was gonna say that.

6
00:00:30,640 --> 00:00:36,720
That's a good point. Is there a way to be able to have more meetings

7
00:00:37,840 --> 00:00:42,560
with Ariel and Kelsey than that's the part of their job?

8
00:00:42,560 --> 00:00:50,000
That's my job. Are you saying that's the part of Ted's job you want is the power to be like,

9
00:00:50,000 --> 00:00:53,360
this is the meeting that I want with the people that I want. Go.

10
00:00:54,880 --> 00:00:57,520
Everybody does have a calendar so they can do that anytime they want.

11
00:00:58,080 --> 00:01:03,840
You can, but I'm just saying I'm like the totem pole. You could schedule over a meeting and I'd

12
00:01:03,840 --> 00:01:06,320
probably take you. Decide. Decide. Right. Yeah.

13
00:01:06,320 --> 00:01:14,240
Yeah. Yeah. For sure. And you, Kelsey, do you want to read more compliance documents?

14
00:01:14,880 --> 00:01:24,480
We love reading. Yeah. I don't envy a lot of Todd's responsibilities either,

15
00:01:24,480 --> 00:01:28,560
which is probably just being pessimistic on a Monday, but I'm going, that sounds like a lot

16
00:01:28,560 --> 00:01:35,520
responsibility. That sounds like a lot of compliance responsibility. Not to steal Todd's

17
00:01:35,520 --> 00:01:44,080
answer, but I do really like my job. But I don't know. I think I would like to the fact that Todd

18
00:01:44,080 --> 00:01:48,480
gets to work cross-departmentally. I'll probably a little bit more than I do. Some of the operational

19
00:01:48,480 --> 00:01:53,760
stuff I find fascinating. So maybe just a day shadowing some of the operational stuff would be fun.

20
00:01:53,760 --> 00:02:06,560
I wouldn't mind. I mean, these regulations are deep in the weeds, but I actually don't mind

21
00:02:07,760 --> 00:02:12,800
a little bit, and maybe Ann's going to say that's not how it is, but sometimes the black and white

22
00:02:12,800 --> 00:02:20,480
of it, this is the expectation and this is what you do. And just kind of going down your checklist

23
00:02:20,480 --> 00:02:26,320
and where you at, what do you have to get done? I actually wouldn't mind that. I don't know about

24
00:02:26,320 --> 00:02:31,680
all the reading that comes with it, but the process I think is very interesting.

25
00:02:34,800 --> 00:02:41,040
So today on our TechBurbett Business Podcast is the Ann Show. We're discussing government

26
00:02:41,040 --> 00:02:49,040
regulations. We've got Kelsey and myself are joined by Ann, our quality assurance analyst and GRC

27
00:02:49,040 --> 00:02:56,720
specialist, and then Todd, our COO and CISO. And we're going to kind of do a little bit of

28
00:02:57,520 --> 00:03:03,120
basic introduction to these government regulations and then maybe deep dive a little bit towards

29
00:03:03,120 --> 00:03:11,200
the end. But I don't know if Ann wants to give us maybe a little introduction as to, you know,

30
00:03:11,200 --> 00:03:16,160
how many acronyms you have to know and maybe a couple of the top ones.

31
00:03:16,160 --> 00:03:21,680
Well, I would start with saying there's always a place to look up the

32
00:03:23,040 --> 00:03:32,720
acronyms that we don't know. Really working with our state, local, and federal regulations

33
00:03:33,520 --> 00:03:38,720
across the board. There's like we mentioned it just a little bit ago, there's always a manual.

34
00:03:38,720 --> 00:03:43,920
There's always a place to refer and there's a way to find out what the rules are

35
00:03:43,920 --> 00:03:51,840
with these different regulations and everything from a statute to a law.

36
00:03:55,120 --> 00:04:02,400
We've had a lot of opportunities with our very customer base to see a lot of sides of different

37
00:04:02,960 --> 00:04:09,680
regulations that our customers have and being able to support them with their technology

38
00:04:09,680 --> 00:04:18,720
and how they do their business best. So needing to know or understand where our customers are,

39
00:04:18,720 --> 00:04:27,600
CIT as a whole doesn't have a government regulation based on our products or our services.

40
00:04:27,600 --> 00:04:35,200
We have certain accreditations to support our customers and theirs, but we as an entity

41
00:04:35,200 --> 00:04:45,760
don't have any specific. So I'm just trying to think too. There's a few two big ones that have come

42
00:04:46,880 --> 00:04:55,200
to the surface in the last few years are CMMC and Sejas and we'll start with Sejas because it's

43
00:04:55,200 --> 00:05:03,680
smaller, but that's helping our customers manage not smaller, but it's a less lengthy and gooey mess.

44
00:05:03,680 --> 00:05:16,960
It's very black and white. It is the criminal justice information services and our police

45
00:05:16,960 --> 00:05:26,480
departments, our cities have information sometimes that requires us to understand how

46
00:05:26,480 --> 00:05:33,120
Sejas information has to be protected in that there's a really riveting manual that I think

47
00:05:33,120 --> 00:05:39,600
is about 260 pages that you can go through though and find that anytime you need to,

48
00:05:39,600 --> 00:05:48,320
where that those controls are, we can refer to any portion of it. Luckily, that we can say,

49
00:05:48,320 --> 00:05:54,960
okay, we'll recommend that you set it like this. It is always up to our customer though to

50
00:05:54,960 --> 00:06:06,160
to ensure those are set appropriately. We can advise but not force. But just kind of going back,

51
00:06:06,160 --> 00:06:13,120
the criminal justice Sejas information is the information that law enforcement uses to work,

52
00:06:13,120 --> 00:06:26,080
to conduct business. It is things about criminal evidence. I'm looking at our notes too, but

53
00:06:26,080 --> 00:06:35,120
the biometrics, a lot to do with the identity of a criminal and realistically, CIT doesn't

54
00:06:35,120 --> 00:06:40,560
actually ever touch that kind of data. I just again want to make crystal clear with that, but

55
00:06:40,560 --> 00:06:53,760
it's used to make assessments, make notes by law enforcement to support the legal system, I guess.

56
00:06:56,640 --> 00:07:01,280
I'm going to jump in real briefly. I'm guessing that almost everybody that joins the podcast is

57
00:07:01,280 --> 00:07:07,120
probably going to be having at least some level of engagement on the government level, most likely,

58
00:07:07,120 --> 00:07:13,360
but just real briefly, Sejas is criminal information services. We keep throwing out the

59
00:07:13,360 --> 00:07:19,040
acronym. I thought a little background would help. What's in information is the data is typically

60
00:07:19,040 --> 00:07:25,680
collected by government, whether that's FBI, local government, etc. It is contained a lot of

61
00:07:25,680 --> 00:07:32,160
information about what you'd expect, fingerprinting, criminal background history, missing persons data,

62
00:07:32,160 --> 00:07:36,000
background checks, firearms, that kind of stuff. If you're going through the legal process, that's

63
00:07:36,000 --> 00:07:43,920
the kind of information that's in the Sejas services systems. Sorry, continue. No, I did say the

64
00:07:43,920 --> 00:07:49,680
criminal justice information systems, I just didn't say Sejas right after it. It made sense to me.

65
00:07:50,800 --> 00:07:55,760
We're so immersed in this all the time that we forget that nobody knows what I'm thinking.

66
00:07:57,360 --> 00:08:04,160
It is important to be aware of all of the regulations surrounding this so we can best

67
00:08:04,160 --> 00:08:14,080
support our customers. But it's ensuring at a base level, it is really the methods that are

68
00:08:14,080 --> 00:08:21,120
required to protect the data, but it's still protecting data. It's compliance at a base level.

69
00:08:21,120 --> 00:08:26,080
We want to protect the sensitive information. We want to ensure people that have access to the

70
00:08:26,080 --> 00:08:32,480
sensitive information only have the need to know to do their job. They don't have

71
00:08:32,480 --> 00:08:42,480
access just because they feel like it. Being able to guide some of our customers where it is rare

72
00:08:43,200 --> 00:08:49,760
that a law enforcement officer would read the security manual because that's not what they do.

73
00:08:53,200 --> 00:08:59,600
Boots on the ground serving and protecting our communities, they certainly have no idea.

74
00:08:59,600 --> 00:09:07,680
Yeah. It is really difficult from my perspective and I feel for them because they are

75
00:09:07,680 --> 00:09:13,200
loving these requirements. We've found more than once that a chief of police is now being

76
00:09:13,200 --> 00:09:20,320
expected to be an IT director. That's really not what they signed up for, but again, our customers

77
00:09:20,320 --> 00:09:28,960
are fantastic in helping us help them and really looking at the types of information

78
00:09:28,960 --> 00:09:35,840
the CGS information and going through these types of manuals and getting that, does this make sense?

79
00:09:35,840 --> 00:09:46,560
Is this set up to the requirements in this manual? I think we always provide value to these customers,

80
00:09:46,560 --> 00:09:56,880
but it's just another layer of protection, I guess. And knowledge of those levels of protection is

81
00:09:56,880 --> 00:10:05,200
always the best to understand. With our team, go ahead. Oh, that's fine. I was going to say just

82
00:10:05,200 --> 00:10:09,920
kind of wrapping around a bubble around that a little bit. I mean, there are a lot of different

83
00:10:09,920 --> 00:10:16,160
organizations that do have some kind of, I was going to use the word culpability, I'm not sure

84
00:10:16,160 --> 00:10:22,080
that's really right, but the reason why it matters is I mentioned not everybody is going to be in

85
00:10:22,080 --> 00:10:27,040
government, or most people that are listening might be, but there is also an extension to it.

86
00:10:27,040 --> 00:10:31,600
If you've watched any of our podcasts in the past, we'll get into things such as supply chain or

87
00:10:31,600 --> 00:10:36,480
just being a part of a third party. And as the world continues to get a little bit more complicated,

88
00:10:36,480 --> 00:10:42,800
you start to see this rise in cybersecurity attacks, etc. You're seeing that there's a trickle down

89
00:10:42,800 --> 00:10:48,480
process of it may be a city, it may be a county, it may be whatever, it may be the federal government

90
00:10:48,480 --> 00:10:52,080
itself, but they are starting to hold everybody accountable to make sure that they're doing the

91
00:10:52,080 --> 00:10:59,840
right things. And so you're starting to see that those organizations or government operations are

92
00:10:59,840 --> 00:11:05,440
being told that anybody they're working with has to comply as well. So one of the things that Ann

93
00:11:05,440 --> 00:11:10,320
mentioned early on was we don't really have the compliance requirement to ourselves, and yet we

94
00:11:10,320 --> 00:11:16,240
do. So if we're working with a city, a county, a state, a contractor for the federal government,

95
00:11:16,240 --> 00:11:20,960
they are looking to us and saying, how are you doing your due diligence to make sure you're

96
00:11:20,960 --> 00:11:25,600
doing the things that you need to do and or help us get there. But if we're helping them,

97
00:11:25,600 --> 00:11:31,840
they're still expecting us to be able to do all the things. So there is a strong guideline, whether

98
00:11:31,840 --> 00:11:37,120
that's, I'll throw a NIS too, and I never remember the acronym, but we use it enough that you should

99
00:11:37,120 --> 00:11:43,280
know by now. But there's, there's, let's do acronym soup, right? There's NIS, there's CMMC,

100
00:11:43,280 --> 00:11:48,240
there's CGIS, etc. They're all kind of largely the same. And I think this is where Ann was going

101
00:11:48,240 --> 00:11:53,840
to go next is what are the things that you're being asked to do? And they do have a lot of,

102
00:11:54,480 --> 00:11:58,480
a lot of similarities. They may phrase them slightly different. They may categorize them a

103
00:11:58,480 --> 00:12:03,360
little bit different, but at their core, they're still more or less the same things to make sure

104
00:12:03,360 --> 00:12:10,800
that you're doing in the security world. We call it the triad. It's the CIA, confidentiality, integrity,

105
00:12:10,800 --> 00:12:16,880
accessibility, or availability. And so they're all trying to get to that same thing. And I'll be

106
00:12:16,880 --> 00:12:21,280
quiet again, because Ann was on a roll. I'm sorry, I disrupted your flow. That was perfect. No, it

107
00:12:21,280 --> 00:12:28,480
really is. That, I always say at the base level, so many things are really the same.

108
00:12:29,600 --> 00:12:37,520
One of those key elements in compliance in general and in information protection is knowing

109
00:12:37,520 --> 00:12:45,120
what you need to protect. And then based on that, the layers add, we need to protect this specific

110
00:12:45,120 --> 00:12:52,640
type of information or device or fill in the blank at this way. These devices are a different way,

111
00:12:53,280 --> 00:13:02,080
but the different regulations for government are kind of taking all of that in a big circle and

112
00:13:02,080 --> 00:13:09,120
saying, hey, we've identified the specific kind of information, rather than not knowing what to

113
00:13:09,120 --> 00:13:16,720
protect. We know, and now we have to apply it regardless. So if it's the Seegis information,

114
00:13:16,720 --> 00:13:25,520
like Todd elaborated on that person data, then we know it has to be protected this way. If it's

115
00:13:25,520 --> 00:13:36,480
CMMC or what's called CUI, controlled unclassified information, then you know that this specific

116
00:13:36,480 --> 00:13:42,960
data has to be protected this way. That's where all of these manuals, as riveting as they are,

117
00:13:42,960 --> 00:13:48,240
they really do spell out exactly what you need to do. And CMMC has been a little different,

118
00:13:48,240 --> 00:13:54,320
because it's evolved a little. But I think with CMMC, it's really just been who's allowed to

119
00:13:54,320 --> 00:13:59,600
review the rules and protection haven't changed or the methods.

120
00:14:01,280 --> 00:14:05,680
Yeah, one of the things that I wanted to kind of touch on briefly was what is the purpose behind

121
00:14:05,680 --> 00:14:11,440
it. And as I mentioned, it's trying to do the triad, the CIA. And the reason for this being a

122
00:14:11,440 --> 00:14:17,840
concern is as the world continues to change, the threats continue to evolve. You're starting to see

123
00:14:17,840 --> 00:14:23,440
more people work remotely and brought up peacekeepers as an example of someone that would

124
00:14:23,440 --> 00:14:28,160
potentially have access to sieges information. So they're mobile, they're outside of the building,

125
00:14:28,160 --> 00:14:33,360
but still potentially having access to it. The threats are getting more and more complicated.

126
00:14:33,360 --> 00:14:38,800
You're getting third parties in it. I'll use CIT as an example, since we do work with cities,

127
00:14:38,800 --> 00:14:44,800
counties, etc. You'll typically see where we unintentionally may have access to a system.

128
00:14:44,800 --> 00:14:51,360
So we still have to do all of the due diligence to make sure that we comply as well. It may be

129
00:14:51,360 --> 00:14:54,960
something that was inadvertent. We weren't necessarily looking at it, but as we're working on a system

130
00:14:54,960 --> 00:15:00,160
to get it to work properly, you may come across it. So we do have to do all the things. We have to

131
00:15:00,160 --> 00:15:06,160
do the vetting, the so on and so forth. That's the main reason why you do this, these threats,

132
00:15:06,160 --> 00:15:10,080
kind of as I mentioned, even with the tools themselves, where they're kind of universal and

133
00:15:10,080 --> 00:15:15,280
they're kind of mix and match, the threats are too. There's a lot of sensitive information that

134
00:15:15,280 --> 00:15:20,720
the bad guys are after. And so you see the same kind of motivations behind everything. They're

135
00:15:20,720 --> 00:15:26,400
trying to get access to information that they want because there's value to it. And so when you see

136
00:15:26,400 --> 00:15:32,720
the how do I then turn around and slow it down, same concept, I need processes and procedures,

137
00:15:32,720 --> 00:15:37,040
etc. to do it. And of course, we need the people to be able to follow those processes and procedures

138
00:15:37,040 --> 00:15:47,760
as well. Yeah, I was in a huge overview and maybe something to definitely deep dive in at a later

139
00:15:47,760 --> 00:15:56,000
time. But you, Ian mentioned earlier, you know, speaking about law enforcement and maybe people

140
00:15:56,000 --> 00:16:02,720
expected to be IT or doing compliance, who that is not their job. I'm curious, you know, as a

141
00:16:03,440 --> 00:16:10,000
tech partner, when you're working with these people who maybe don't know and haven't read all

142
00:16:10,000 --> 00:16:17,440
these things, where are those biggest, where are their biggest kind of missteps or miscommunication

143
00:16:17,440 --> 00:16:22,080
or what are kind of those big things that they sometimes are missing when it comes to compliance

144
00:16:22,080 --> 00:16:28,640
that you're helping support them? I'll jump in briefly and I'll turn it over to Ian. But I think

145
00:16:29,920 --> 00:16:35,600
the comment of having responsibilities that they wouldn't normally have, we work with a lot of the

146
00:16:35,600 --> 00:16:39,920
small and mid-sized organizations. And I think that's kind of a reoccurring theme we see in a lot

147
00:16:39,920 --> 00:16:44,160
of cases where people get to wear many hats, unfortunately, and sometimes it's not their

148
00:16:44,160 --> 00:16:50,320
forte. But when we see that come to fruition, things that you'll occasionally see is that

149
00:16:51,040 --> 00:16:56,160
cities can be very large, they can be very, very large, or they can be very, very small.

150
00:16:56,160 --> 00:17:00,640
And when you're looking at that variation, you're going to see that they're going to just naturally

151
00:17:00,640 --> 00:17:05,840
be at different levels of maturity. And what that could mean is that traditionally, they've

152
00:17:05,840 --> 00:17:11,280
inherited what they always have. I'll use a small city as an example where the city may just be

153
00:17:11,280 --> 00:17:15,920
small enough where all of their systems came online and they just kind of stayed that way.

154
00:17:15,920 --> 00:17:21,280
They were too small to worry about it any other way. As this starts to mature and the threats

155
00:17:21,280 --> 00:17:26,560
continue to evolve, they're being asked, now you really need to do all the things. And that may mean

156
00:17:26,560 --> 00:17:33,520
something like separating the city from the PD, separating, some may have the library,

157
00:17:34,160 --> 00:17:39,120
where you're going to have people that go to the library jump on the wireless, making sure that

158
00:17:39,120 --> 00:17:44,000
the liquor store is off the network. Those kinds of things are things that we typically see where

159
00:17:44,000 --> 00:17:48,960
they're just not quite mature enough where they're saying, okay, how do I do these? What are the

160
00:17:48,960 --> 00:17:54,320
natural steps? And of course, like everybody, budget is a concern. So where do you start?

161
00:17:54,320 --> 00:17:59,760
How do you start to untangle what we've got today and put in a strong road map of where do we go

162
00:17:59,760 --> 00:18:09,920
forward from here? I think to put a circle around that it's helping our customers,

163
00:18:10,560 --> 00:18:16,080
they often ask Todd uses a version of this, tell me what I don't know that's important.

164
00:18:17,440 --> 00:18:24,240
And we can try to stay apprised of any changes in the regulation or know the regulation. So

165
00:18:24,240 --> 00:18:31,120
of any kind to try to see going into a new customer or an existing to say, hey, maybe this isn't an

166
00:18:31,120 --> 00:18:39,120
align and maybe you're aware, maybe you're not. There are times and places where they've come

167
00:18:39,120 --> 00:18:44,000
back and said, yes, we are aware and that is something we're not, it's not even on the radar

168
00:18:44,000 --> 00:18:52,240
for a while. Well, you have to maybe be compliant by December 31st. Oh, that I wasn't aware of. Okay,

169
00:18:52,240 --> 00:18:59,600
so like, and in almost every type of regulation, though, to whether it's the government industry

170
00:18:59,600 --> 00:19:09,760
is banking with rare exception, if you are taking steps to meet compliance and you're not quite there,

171
00:19:10,320 --> 00:19:16,320
almost every auditor we've encountered of or examiner, that kind of thing, if you have a plan

172
00:19:16,320 --> 00:19:22,240
in place to meet the requirements and you're not blatantly disregarding them,

173
00:19:24,640 --> 00:19:30,880
there's a lot of leeway in that. It's not that people willfully miss these regulations, but

174
00:19:30,880 --> 00:19:37,040
like Todd said, they had one server this whole time and now they're being asked to have a firewall,

175
00:19:37,040 --> 00:19:44,400
two servers and 20 more users at a small city where those didn't exist. That's a huge burden.

176
00:19:44,400 --> 00:19:52,240
That's a huge burden on a city. And when you think about coming to all of us as taxpayers to be like,

177
00:19:52,880 --> 00:20:02,400
why did we have to spend another $150,000 on what, why? But knowing those kind of things to say,

178
00:20:03,280 --> 00:20:11,520
we may need to show a plan and even helping in budgeting. I mean, having those regulations

179
00:20:11,520 --> 00:20:18,320
to point to to say it's not just a suggestion, it really is a requirement. So let's try to get there.

180
00:20:19,120 --> 00:20:27,680
So that, I mean, that's the more fun of our job, I guess, of my job that when you know that someone

181
00:20:27,680 --> 00:20:33,040
isn't quite there in any one of these regulations, how can we get you there? Do we?

182
00:20:33,040 --> 00:20:40,960
That's the fun of looking and saying what tools exist, what don't, how can we

183
00:20:41,920 --> 00:20:46,160
will tell you where the holes are and maybe these give

184
00:20:48,320 --> 00:20:54,000
priority to certain ones or even adding them to a budget. I think that's really where

185
00:20:54,000 --> 00:21:01,840
your CIT is great in doing those kind of things with our customers. But I'm not trying to brag or

186
00:21:01,840 --> 00:21:05,760
anything, but I think we do a pretty good job of doing that.

187
00:21:05,760 --> 00:21:11,760
I mean, definitely you can brag, you can brag on our podcast.

188
00:21:11,760 --> 00:21:13,760
It's us.

189
00:21:13,760 --> 00:21:17,760
We do it all the time. Yeah, it's us. But we do recognize there are other people out there,

190
00:21:17,760 --> 00:21:24,240
so we encourage you to reach out and find out what you have that comes up all the time,

191
00:21:24,240 --> 00:21:29,760
no matter what we're talking about, know what you have. Is there anything else you want to kind of

192
00:21:29,760 --> 00:21:34,720
share? We very much skim the surface. I think we're going to come back to this, do a little

193
00:21:34,720 --> 00:21:40,880
deep dive, but anything else that you want to share about government regulations, best practices,

194
00:21:40,880 --> 00:21:47,360
tips or tricks or anything like that? I will touch on it real briefly. I mean,

195
00:21:47,360 --> 00:21:52,000
it does look very complicated. As Ann mentioned, there's these documents that are 20 pages long,

196
00:21:52,000 --> 00:21:59,840
and that is very typical in the world of compliance, but they do exist for a good reason,

197
00:21:59,840 --> 00:22:03,680
and they are trying to spell things out as clearly as they can. Unfortunately,

198
00:22:03,680 --> 00:22:07,280
when you're trying to be incredibly clear, sometimes that means you end up using a lot of

199
00:22:07,280 --> 00:22:11,840
words. That would be me. The reality is you can boil these things down, and this is where your

200
00:22:11,840 --> 00:22:17,760
tech partner starts to be able to translate those documents into meaningful, actionable things.

201
00:22:17,760 --> 00:22:22,720
Some of those things are the stuff we talk about over and over again. Do your cybersecurity training,

202
00:22:22,720 --> 00:22:28,720
make sure you've got an incident response plan in place, make sure you got your physical security

203
00:22:28,720 --> 00:22:34,400
in place. There's a lot of stuff that's pretty standard, but I think that's a good thing to

204
00:22:34,400 --> 00:22:39,040
make sure that you're dotting your eyes and crossing your T's. Some of the things that

205
00:22:39,040 --> 00:22:43,280
become a little bit more complicated in the government layer is that you need to make sure

206
00:22:43,280 --> 00:22:47,440
that you've got some agreements in place. They call them the information exchange agreements,

207
00:22:47,440 --> 00:22:51,840
and those are really kind of in the typical business world the analogy I'd make would be

208
00:22:51,840 --> 00:22:57,200
your NDAs. You're trying to make sure that you've got agreements in place that say we

209
00:22:57,200 --> 00:23:03,040
can share information without giving out too much. Then the last thing that I want to make

210
00:23:03,040 --> 00:23:08,320
and then the last thing that I wanted to add on and again I'll turn it over to Ann so she can expand

211
00:23:08,320 --> 00:23:14,000
on anything that I covered too quickly or didn't at all would be that there are concerns about not

212
00:23:14,000 --> 00:23:19,520
being compliant. Now, if you're a government entity and you're being told you need to be

213
00:23:19,520 --> 00:23:22,720
compliant, they're not going to kick you out of the government. There is a little bit of leeway

214
00:23:22,720 --> 00:23:27,280
in there, but there are certain things that if you're a partner, there are issues and concerns.

215
00:23:27,280 --> 00:23:32,000
If you're a non-compliant as a partner and you're being asked to, some of the downsides are you

216
00:23:32,000 --> 00:23:38,000
could potentially lose access to information. So, see just in particular, a great example would be

217
00:23:38,720 --> 00:23:44,160
banks do background checks on their employees, and if you lose access to the data, you can't really

218
00:23:44,160 --> 00:23:49,760
be compliant in making sure that you're doing good hires. There are fines and then worst case,

219
00:23:49,760 --> 00:23:54,480
it's possible that criminal charges could be brought against individuals as well. So, there

220
00:23:54,480 --> 00:23:59,520
are concerns to make sure that you take it seriously and of course it's the government and they can

221
00:23:59,520 --> 00:24:09,760
enforce their will. So, be cautious, be diligent. That is the, I think that contractors are actually

222
00:24:09,760 --> 00:24:16,000
held to a slightly higher standard than say a government entity like the city's municipalities,

223
00:24:16,000 --> 00:24:23,680
that kind of thing, because we can have fines and I'm sure a city could too, but we don't,

224
00:24:23,680 --> 00:24:31,120
we lose business then and we don't want to do that or a contractor not compliant with the

225
00:24:31,120 --> 00:24:39,360
government regulations will lose that big contract that, you know, employees 25% or 50% of their

226
00:24:39,360 --> 00:24:53,520
business. So, it gets to be very real when you potentially lose something as significant as a

227
00:24:53,520 --> 00:25:00,800
good chunk of your business, but it's not, it makes people suddenly pay attention as well.

228
00:25:00,800 --> 00:25:10,480
For sure, for sure. Well, thank you Todd and Ann for joining us today. I think we'll definitely

229
00:25:10,480 --> 00:25:16,880
have a deep dive on this in the future. If you enjoyed this podcast, please like, subscribe so

230
00:25:16,880 --> 00:25:21,600
that we know that you're into this subject. If you have a question or a topic you'd like us to

231
00:25:21,600 --> 00:25:31,440
discuss, reach out to us at info at cIT-net.com or head out to our website cIT-net.com slash podcast

232
00:25:31,440 --> 00:25:52,320
and we'll be back next week with an all new episode.