The VRC Newsletter (September 10)

Close 2025 Strong. Fund 2026 Smart. šŸš€

Author

Junie Talisay
September 10, 2025

In partnership with

Year-End Compliance Checkpoint

Q4 is hereā€”and with it comes deadlines, audits, contract renewals, and last-minute scrambles. But for compliance, thereā€™s no reason to wait until December to act. Taking the time now to run a quick checkpoint can help your organization close 2025 clean and set up 2026 for success.

Hereā€™s your quick-start guide to getting it done:

āœ… Finish Required Trainings Before the Year Ends

Donā€™t let expired certifications catch your team off guard. Many regulatory frameworks require annual training or documentation of ongoing education. That means Septemberā€“November is your sprint window.

Training Completion Checklist:

  • HIPAA ā€“ General, Compliance Officer, Operators, Business Associates

  • Cybersecurity Awareness ā€“ includes phishing, ransomware, AI threats

  • FERPA ā€“ for education-facing teams

  • Texas HB 300 ā€“ required for Texas providers or clients

  • Role-based training (IT, Billing, Answering Services, etc.)

šŸ“‚ Clean Up Your Evidence Trail

Youā€™ve probably done the work. But can you prove it?

Evidence Hygiene Tips:

  • Confirm policies are reviewed and signed for 2025

  • Upload new vendor agreements (BAAs, DPAs, MSA updates)

  • Recheck system logs and backups are still active and documented

  • Store screenshots of risk assessments, access reviews, and audits

  • Use consistent naming (e.g., ā€œHIPAA Training Completion ā€“ John Smith ā€“ 08.2025ā€)

šŸ›”ļø Prepare for Risk Reviews & Incident Response

No one likes emergencies. But the clients, regulators, and insurers that trust you expect readiness.

What to Review Now:

  • When was your last risk assessment? If itā€™s >12 months agoā€”redo it.

  • Do you have an active Incident Response Plan (IRP)?

  • Have you tested it this year? Tabletop exercises are ideal for Q4.

  • Do you have a named breach contact? Are they still employed?

  • Bonus: Update your DR/BCP planā€”especially if it hasn't been revised since 2023.

šŸ“‹ Simple Year-End Compliance Checklist

Hereā€™s a snapshot you can screenshot or save:

āœ… Training completion for all required roles
āœ… All 2025 policies updated, signed, and uploaded
āœ… Evidence folders organized and complete
āœ… Risk assessment reviewed or refreshed
āœ… IRP and DR/BCP plans tested and updated
āœ… Team knows whatā€™s due before year-end

šŸ“¬ Already a VRC client? We can bundle our services saving you money and time!

Letā€™s Wrap 2025 Right

The final stretch of the year is your chance to secure every win and close every gap. Whether itā€™s completing overdue trainings, organizing evidence, or refreshing your risk strategy, the actions you take now directly shape your compliance story for 2026. Donā€™t wait for surprises. Take control, finish strong, and show your clients, partners, and auditors that youā€™re not just compliantā€”youā€™re ready.

šŸ‘‰ Book your Year-End Compliance Sprint
Letā€™s check your training, evidence, risks, and readinessā€”all in one call.

HHS: Updated Security Risk Assessment Tool Now Available

The U.S. Department of Health and Human Servicesā€™ Office for Civil Rights (OCR), in collaboration with the Assistant Secretary for Technology Policy (ASTP), has just released Version 3.6 of the Security Risk Assessment (SRA) Toolā€”a vital resource for organizations working toward HIPAA compliance.

Whatā€™s New in Version 3.6:

  • āœ… ā€œReviewed-byā€ button to record approvals and audit dates

  • šŸ“Š Updated NIST-aligned risk scale (ā€œmediumā€ now ā€œmoderateā€)

  • šŸ§¾ Enhanced reports with section-level details

  • šŸ”„ Refreshed library files to reduce vulnerabilities

  • šŸ“˜ Improved guidance across questions and educational content

This is the perfect opportunity to refresh your HIPAA risk assessments before the end of the year.

Your career will thank you.

Over 4 million professionals start their day with Morning Brewā€”because business news doesnā€™t have to be boring.

Each daily email breaks down the biggest stories in business, tech, and finance with clarity, wit, and relevanceā€”so you're not just informed, you're actually interested.

Whether youā€™re leading meetings or just trying to keep up, Morning Brew helps you talk the talk without digging through social media or jargon-packed articles. And odds are, itā€™s already sitting in your coworkerā€™s inboxā€”so youā€™ll have plenty to chat about.

Itā€™s 100% free and takes less than 15 seconds to sign up, so try it today and see how Morning Brew is transforming business media for the better.

ASTAA Conference
šŸ“ Hilton Baltimore, MD
šŸ“… Tuesday-Thursday, September 16ā€“18

ChiroFEST
šŸ“ Hilton Vancouver, WA
šŸ“… Friday-Saturday, September 19ā€“20

šŸ‘‹ Come Visit the VRC Booth!

āœØ Exclusive Promos ā€“ Get access to special offers available to all attendees!
šŸŽ Swag & Giveaways ā€“ Weā€™re making compliance fun again with cool merch youā€™ll actually want.
šŸ›”ļø Live Consultations ā€“ Letā€™s talk HIPAA, SOC 2, ISO, AI audits, vendor risk, and how to strengthen your compliance posture.

1ļøāƒ£ Discover VRC1 ā€“ Ask us about the platform thatā€™s changing the game in compliance management with smarter workflows, better visibility, and audit-ready tools.

Plan Ahead:
Budgeting for Compliance Success in 2026

As the year winds down, many organizations are already mapping out their budgets for 2026ā€”and for good reason. Budget season isnā€™t just about crunching numbers; itā€™s about planning for growth, stability, and risk management. If compliance isn't already part of your financial roadmap, now is the time to make it a priority.

You Should Budget for Complianceā€”Now

Compliance is no longer a nice-to-have. It's a critical business function that protects your organization, customers, and reputation. Whether itā€™s HIPAA, SOC 2, ISO 27001, GDPR, or state privacy laws, regulators expect you to prove that your compliance program is more than just a checklistā€”itā€™s a living, breathing part of your operations.

And letā€™s not forget: if you donā€™t allocate your 2025 budget dollars before the year ends, you lose them. Use whatā€™s left to get a jumpstart on 2026 and avoid scrambling come Q1.

What to Include in Your 2026 Compliance Budget

Start with these core line items:

  • Compliance Program Services ā€“ Whether you're starting from scratch or maintaining your status, set aside funds for services that help you manage audits, documentation, training, and ongoing remediation.

  • Training & Education ā€“ Build in the cost of annual team training for HIPAA, Cybersecurity, PCI, FERPA, and more.

  • Security Tools & Assessments ā€“ Include penetration tests, tabletop exercises, policy packages, and risk assessments.

  • Technology & Platforms ā€“ Subscription fees for secure platforms like VRC1 help manage your workflows and audit prep.

  • Advisory Support ā€“ Fractional CISO or Virtual Compliance Officer services can provide expert guidance without a full-time hire.

Compliance Cost Ranges to Help You Estimate

Hereā€™s a rough ballpark of typical ranges depending on your organizationā€™s size, complexity, and risk profile:

  • HIPAA Compliance: $5,000ā€“$15,000

  • SOC 2 or ISO 27001: $15,000ā€“$30,000+

  • Comprehensive Packages (HIPAA + ISO/SOC + vCISO): $30,000ā€“$60,000+ annually

šŸ“Œ These ranges cover a mix of services: audit prep, training, policy development, security reviews, platform access, and ongoing support.

šŸ“¬ Already a VRC client? We can bundle our services saving you money and time!

Donā€™t Just Budgetā€”Build a Strategy

Budgeting isnā€™t just about dollarsā€”it's about direction. Use this season to reassess your risk posture, plan your milestones, and build momentum toward your 2026 goals. And if youā€™re not sure what to budget or where to start, weā€™re here to help.

šŸ“£ Ready to plan ahead? Schedule a call to get a tailored quote.

Reply

or to participate.