Case Study 5: Healthcare Tech SME
A growing healthcare software and services company chose SOC2 as their market “badge of proof” that they prioritize infosec plus have the right controls in place to assure security. That meant SOC2 prep was essential.
Knowing SOC2 – like other industry standards – demands thoroughness at every stage of the journey, the East Coast company went with a known certification readiness partner, Apgar and Associates. The consulting firm’s prep services had a successful track record of helping organizations in pursuit of SOC2, HITRUST, and ISO certifications.
Because Apgar and Associates had worked with the company through a comprehensive security risk analysis, they knew the healthcare software and services firm was poised to dive into SOC2 prep.
Having operationalized data privacy and information security, the HTSME felt that Apgar and Associates were the partners to help formalize infosec activities while concurrently overhauling policy and procedures.
The CEO lauded the consultative expertise and guidance, noting that they “never felt hampered or bogged down in costly practices” while striving for the SOC2, despite being a smaller organization.
The Apgar team helped ensure that the defined SOC2 controls were 1) comprehensive enough for auditor standards and 2) accurately represented the healthcare technology SME’s infosec program and operations.
SOC2 Prep: Expertise & Understanding
The Apgar team’s certification readiness expertise came to the forefront during auditor conversations. Navigating the discussion about controls called for an experience depth not-yet-acquired.
Bridging the gap between the auditor’s understanding and the HTSME company’s internal processes was invaluable. As the COO shared, “They helped us steer the conversation.”
At every step of the actual “prep process” Apgar and Associates were the company’s thought partners and tactical guides. They worked closely with the company team to define SOC2 controls and understand the overall attestation process.
The healthcare software and services company felt confident at the end of the certification readiness process that the outcome would be positive. Most importantly, as the COO said, that “Any new initiatives will – from the outset – 100% fit in with the controls we’ve put in place.”
What is your organization’s goal for proving infosec excellence? Thinking about certification? Give Apgar and Associates a call today. Our certification readiness service has a strong track record of helping companies successfully achieve SOC2, HITRUST, and ISO certifications.