Case Study

Digital Coaching Solutions Provider 2Morrow Looks to Ostendio for Advice as it Prepares for SOC 2 Audit

2Morrow

 

Challenges

  • Did not have a full-time, dedicated compliance or security officer

  • As a small, growing company, 2Morrow needed to establish a more formal security program to satisfy client requests

Solution

  • Easy-to-use, always-on security software that made preparing for a SOC 2 audit more efficient with repeatable workflows

  • Ability to share real-time evidence and collaborate seamlessly on the platform with their auditor

Results

  • Hours saved preparing for SOC 2 audit with confidence

  • Confidence preparing and budgeting for future audits with the ability to create repeatable workflows and crosswalk to more security frameworks as product line expands

The Challenge

Responding to customer needs for data security & finding expert help to build an always-on data security program

As 2Morrow grew it began working with larger customers, including Fortune 500 companies. 2Morrow CTO, Kim Hansen said his need for a formal data security and risk management program really came from customer requirements. This led to a greater demand for an industry recognized report showcasing their data security program, such as SOC 2. Hansen realized that as a smaller business, 2Morrow was going to need some help to establish a more formal data security program so he began looking for a solution.

In his search for a solution “[Ostendio] rose to the top really rapidly,” according to Hansen. He found the web app to be consistent and straightforward to use. Hansen also discovered Ostendio Professional Services was exactly what his organization needed to learn about SOC 2 and the policies and procedures that would be required.

“We chose Ostendio because we didn’t have a full-time, dedicated compliance or security officer. The platform provided a tool everybody could use to provide the objective evidence that’s necessary for an audit to be successful,” said Kim Hansen, CTO, 2Morrow.

2Morrow uses many of the Ostendio platform features and has focused on document management, ticketing and the audit feature to prepare for an upcoming audit. Asking Ostendio Professional Services for support during this busy time has also made a positive impact.

“Being able to rely on [Ostendio] Professional Services was absolutely key and the quality of the professional services we received helped us to be successful. Professional Services gives us the ability to get to the first audit and establish best practices using the tool so that we can maintain ourselves in good standing in the future,” added Hansen.

By using the Ostendio platform and getting support from the Ostendio Professional Services team, 2Morrow has established its data security program and is working towards a SOC 2 Type II audit. The Ostendio platform equips high growth companies with agile, always-on information security programs that include everyone: employees, vendors, partners and auditors.

The Solution

Leveraging Auditor Connect to move towards a SOC 2 audit with confidence

2Morrow is using the Auditor Connect feature of the Ostendio platform to select an auditor for its upcoming audit. Auditor Connect brings customers and auditors together on the Ostendio platform where they can share real-time evidence in a secure location. Evidence is always available, easy to update and optimized for collaboration. Customers being audited can track progress in real time. Hansen says that finding an auditor is “just a matter of clicking a button and getting an email back. It’s pretty easy.” Hansen is also using the Ostendio Professional Services experts to assist in interviewing prospective audit partners.

The Result

Data security made easy for the future

With previous FDA audit experience, Hansen says he knows how challenging audits can be. By using the Ostendio platform he feels that he is better organized with policies and evidence in place to approach a complex audit.

Hansen hopes that having a SOC 2 report in the future will save time in answering security questions from customers. “SOC 2 is a seal of approval that everyone in the industry recognizes. It’s all covered and documented in the report.” Hansen knows that having the SOC 2 Type II report will save 2Morrow time when responding to customers about his data security program because he can just share the comprehensive audit report.

In the future, 2Morrow can see value in other aspects of the Ostendio platform including the CrossWalk feature that allows users to compare the evidence they have already collected for their SOC 2 and “crosswalk” it against other standards and evaluate what additional work needs to be done to meet additional standards and regulations.

“[CrossWalk] will be valuable if we go through additional assessments. Crosswalk gives us an idea of how far we have gone, so when we do long term budgeting it is much easier to say how much work we have to do. We can see how many resources we need,” added Hansen.

2Morrow is almost at the finish line in terms of their SOC 2 audit and having the Ostendio platform, together with the support of the Ostendio Professional Services team, has helped 2Morrow prepare for a more secure future.

We chose Ostendio because we didn’t have a full-time, dedicated compliance or security officer. The platform provided a tool everybody could use to provide the objective evidence that’s necessary for an audit to be successful.

Him Hansen 2morrow
Kim Hansen, Chief Technology Officer, 2Morrow

About 2Morrow

Founded in 2011 and based in Washington state, 2Morrow focuses on evidence-based programs that combine technology and behavioral science to address some of today’s largest healthcare issues. The 2Morrow platform and programs are used by employers, wellness programs, retailers, states and health plans to help their populations reach their health goals. They address key chronic disease drivers and conditions through programs focusing on smoking cessation (including vaping cessation and stopping whilst pregnant), weight management, stress management and living with chronic pain. 2Morrow programs are created in collaboration with behavioral scientists, researchers, healthcare providers and industry experts.

Leave Nothing to Chance. Schedule a Demo Today.

Ostendio is the only risk management platform that strengthens your business operations, supply chain, and everyone you rely on with continuous security that is always on and always advancing.