Close this search box.

Podcast: Do I Need A Compliance Framework?

Vivian Lee

Episode Summary

Meet Rob Carson, the Founder and CEO of Semper Sec, a cybersecurity consulting company. Rob, a Marine Corp Veteran, excels at assisting businesses in designing and implementing effective Information Security and Compliance Programs. He also hosts the highly regarded Blue Team Warriors podcast, which celebrates the remarkable work of IT departments.

Compliance Framework

In this episode, Rob dives into compliance frameworks like:

  • NIST (National Institute of Standards and Technology)
  • ISO (International Organization for Standardization)
  • SOC (Service Organization Control)
  • FedRAMP (Federal Risk and Authorization Management Program)
  • TX RAMP (Texas Risk Assessment and Management Program)
  • Arizona RAMP (Arizona Risk Assessment and Management Program)

Semper Sec takes pride in their expertise in guiding businesses through the complexities of these frameworks, tailoring them to meet specific organizational requirements. Although not all frameworks are mandatory for all companies, many companies choose to embrace them to meet customer expectations. Compliance frameworks enable companies to prioritize, manage risks, gain insights, and make informed security decisions.

Implementing a framework offers a key advantage by preventing impulsive decision-making based solely on marketing or sales pitches. It’s important to remember that what works for one company may not be applicable to another.

Government Framework

Various frameworks have emerged to address comprehensive security needs and establish standardized best practices. ISO and NIST frameworks, for example, offer flexibility and allow customization based on risk profiles. Commercial entities commonly adopt SOC 2 and ISO, while FedRAMP targets cloud service providers selling to the federal government. Additionally, state-based frameworks like TX RAMP and Arizona RAMP have gained prominence. Compliance with NIST 800-171 and CMMC is crucial for federal government vendors handling CUI or offering cloud services.

Tips to Keep In Mind

Throughout the discussion, Rob emphasizes a few important considerations for customers:

  • Secure leadership buy-in: The key to the success of moving framework implementation up in speed is top management commitment.
  • Tailor your message: When engaging with your executive team, focus on the business impact and financial aspects of security rather than getting lost in technical jargon.
  • Consider partnering up: Sometimes, seeking assistance from a reliable partner can be beneficial, particularly when IT teams face overwhelming challenges like employees misusing company devices or software.
  • Patience with implementation: Implementing a comprehensive program takes time. Organizations can only absorb a certain amount of change at a time, and initial perfection shouldn’t be expected when launching a program.

These tips from Rob provide valuable guidance for businesses aiming to enhance their compliance framework efforts. Keep them in mind as you navigate information security and regulatory requirements.

Video Version

Listen to more episodes at, on Spotify, Apple Podcasts, Google Podcasts, Amazon Music, and other podcast platforms.

New Resources In Your Inbox

Get our latest cybersecurity resources, content, tips and trends.

Other resources that might be of interest to you.

Customer Success Story: Noble Biomaterials

 Airiam Supporting Innovation When most people think of silver, they don’t think of clothes. Noble Biomaterials found this void in the market and focused on selling silver fiber technology for its antimicrobial and conductive properties. Exempt from pa
Vivian Lee
>>Read More

How Can AI Help My Business Succeed?

AI Innovations for the Business Artificial intelligence has been the mainstream topic in the last couple of years. From improvements in our handheld devices to the evolution in generative capabilities, AI has pushed business leaders to seek innovative
Vivian Lee
>>Read More

Setup PTD Email Account in Outlook 2010

PTD Email Account in Outlook 2010 Many people enjoy the freedom a web-based email as it allows you to access your email from any computer. If you would prefer this flexibility we recommend you just use PenTeledata’s webmail interface at http://webmail.
Avatar photo
Anthony Lewis
>>Read More