Founded in 2011 and based in Washington state, 2Morrow focuses on evidence-based programs that combine technology and behavioral science to address some of today’s largest healthcare issues. The 2Morrow platform and programs are used by employers, wellness programs, retailers, states and health plans to help their populations reach their health goals. They address key chronic disease drivers and conditions through programs focusing on smoking cessation (including vaping cessation and stopping whilst pregnant), weight management, stress management and living with chronic pain. 2Morrow programs are created in collaboration with behavioral scientists, researchers, healthcare providers and industry experts.
As 2Morrow grew it began working with larger customers, including Fortune 500 companies. 2Morrow CTO, Kim Hansen said his need for a formal data security and risk management program really came from customer requirements. This led to a greater demand for an industry recognized report showcasing their data security program, such as SOC 2. Hansen realized that as a smaller business, 2Morrow was going to need some help to establish a more formal data security program so he began looking for a solution.
In his search for a solution “MyVCM rose to the top really rapidly,” according to Hansen. He found the web app to be consistent and straightforward to use. Hansen also discovered Ostendio Professional Services was exactly what his organization needed to learn about SOC 2 and the policies and procedures that would be required.
“We chose Ostendio because we didn’t have a full-time, dedicated compliance or security officer. The MyVCM platform provided a tool everybody could use to provide the objective evidence that’s necessary for an audit to be successful,” said Kim Hansen, CTO, 2Morrow.
2Morrow uses many of the Ostendio MyVCM platform features and has focused on document management, ticketing and the audit feature to prepare for an upcoming audit. Asking Ostendio Professional Services for support during this busy time has also made a positive impact.
“Being able to rely on [Ostendio] Professional Services was absolutely key and the quality of the professional services we received helped us to be successful. Professional Services gives us the ability to get to the first audit and establish best practices using the MyVCM tool so that we can maintain ourselves in good standing in the future,” added Hansen.
By using the Ostendio MyVCM platform and getting support from the Ostendio Professional Services team, 2Morrow has established its data security program and is working towards a SOC 2 Type II audit. The Ostendio MyVCM platform equips high growth companies with agile, always-on information security programs that include everyone: employees, vendors, partners and auditors.
"We chose Ostendio because we didn’t have a full-time, dedicated compliance or security officer. The MyVCM platform provided a tool everybody could use to provide the objective evidence that’s necessary for an audit to be successful.”
"[Ostendio] Professional Services gives us the ability to get to the first audit and establish
best practices using the MyVCM tool so that we can maintain ourselves in good standing in the future.” - Kim Hansen
2Morrow is using the Auditor Connect feature of the Ostendio MyVCM platform to select an auditor for its upcoming audit. Auditor Connect brings customers and auditors together on the Ostendio MyVCM platform where they can share real-time evidence in a secure location. Evidence is always available, easy to update and optimized for collaboration. Customers being audited can track progress in real time. Hansen says that finding an auditor is “just a matter of clicking a button and getting an email back. It’s pretty easy.” Hansen is also using the Ostendio Professional Services experts to assist in interviewing prospective audit partners.
With previous FDA audit experience, Hansen says he knows how challenging audits can be. By using the Ostendio MyVCM platform he feels that he is better organized with policies and evidence in place to approach a complex audit.
Hansen hopes that having a SOC 2 report in the future will save time in answering security questions from customers. “SOC 2 is a seal of approval that everyone in the industry recognizes. It’s all covered and documented in the report.” Hansen knows that having the SOC 2 Type II report will save 2Morrow time when responding to customers about his data security program because he can just share the comprehensive audit report.
In the future, 2Morrow can see value in other aspects of the Ostendio MyVCM platform including the MyVCM CrossWalk feature that allows users to compare the evidence they have already collected for their SOC 2 and “crosswalk” it against other standards and evaluate what additional work needs to be done to meet additional standards and regulations.
“[CrossWalk] will be valuable if we go through additional assessments. Crosswalk gives us an idea of how far we have gone, so when we do long term budgeting it is much easier to say how much work we have to do. We can see how many resources we need,” added Hansen.
2Morrow is almost at the finish line in terms of their SOC 2 audit and having the Ostendio MyVCM platform, together with the support of the Ostendio Professional Services team, has helped 2Morrow prepare for a more secure future.