<img height="1" width="1" style="display:none" src="https://www.facebook.com/tr?id=323641658531367&amp;ev=PageView&amp;noscript=1">

Case Study

AristaMD Accelerates Their
SOC 2 Audit 30% Faster with Ostendio

AristaMD Logo



  • Using a file share system, resulting in manual evidence collection that is difficult to retrieve and share with external assessors

  • Spending hours on compliance audits due to back and forth with auditors

  • Needed to optimize security process with repeatability, easier user acknowledgement, and streamlined training


  • Always-on software with built-in training, documentation and asset management requiring user acknowledgement

  • Access to Auditor Connect to promote a collaborative environment between AristaMD and vetted auditors

  • Repeatable compliance audits using templates and crosswalk assessments


  • 30% time savings on annual SOC 2 Type 2

  • Increased quality of SOC 2 audit, while driving efficiencies and creating a repeatable process for regulatory audits

  • Less in-house labor required for SOC 2 preparation, increasing time spent focusing on DevOps

The Challenge


Hours Spent Collecting Evidence, Preparing for SOC 2

In search of a solution that enabled a repeatable process for SOC 2 and regulatory audit preparation while addressing the painstaking hours of evidence collection

AristaMD, a digital healthcare company specializing in care transition solutions, including referral management and physician-to-physician electronic consultations, was starting to scale its solutions rapidly across the country when it recognized the need for a robust solution on which to manage its security program. This solution ultimately needed to streamline the company’s SOC 2 audit readiness and regulatory compliance efforts.

AristaMD sought out a solution that could tie all of its security must-haves into one platform to replace the inefficient and time-consuming process of using a disparate file share system.

“There was no question that we needed more automation and controls around the process."

- Jim Nathlich,
Director of Information Systems

According to Nathlich, compliance audits involved “a collection of files organized but difficult to manage. There were more iterations, more back and forth, and more work to try and get the evidence that [auditors] wanted.”

Nathlich said training, acknowledgment and ease of collaboration with external auditors for the company’s SOC 2 Type 2 were the driving factors that influenced AristaMD to choose Ostendio.

The Solution

An always-on platform and security experts that serve as an extension of AristaMD’s compliance team

As a first order of business, Ostendio worked closely with AristaMD to identify A-LIGN, an auditor that was not only reputable in their field, but also familiar with the platform, to drive further efficiencies in the process of requesting and sharing relevant security and compliance information.

From the beginning, Ostendio was instrumental in helping AristaMD not only pass the SOC 2 audit for the last three years, but also streamline audit preparation.

“Ostendio helped us during every step of the process - setting up policies and procedures, as well as finding a good assessor that would work with Ostendio. We used the platform to collaborate during the external assessment and review the evidence of SOC 2 implementation."

- Jim Nathlich
Director of Information Systems

Nathlich attributes the efficiencies and ease of completing their SOC 2 audit to being able to easily track user training and policy acknowledgement.

“Ostendio was helpful with training,” he said. “They’ve connected AristaMD with KnowBe4, which allowed us to administer and track the training that our users complete during onboarding, and the annually.” Nathlich is able to easily track the entire organization's training progress and tie everything back to AristaMD’s SOC 2 controls.

The Result


Time Savings on SOC 2 Audit Prep

AristaMD saves 30% of time spent preparing for its SOC 2 Type 2, while enhancing the quality of the company’s audits

AristaMD reduced their SOC 2 preparation time significantly with the use of Ostendio.

Now that AristaMD can easily collaborate with A-LIGN within the platform and reduce the need to manually compile and demonstrate evidence, Nathlich attributes at least a 30% savings of time and related costs to prepare for a SOC 2 audit.

A process that once required hours to prepare and assign evidence is now streamlined, and has made subsequent decisions more predictable and stress-free. As a result, Nathlich can now devote more time to DevOps while maintaining confidence in the audit results.

“My team is responsible for security and infrastructure, as well as compliance. For us to be able to handle the breadth of all those disciplines wouldn’t be possible without the kind of efficiencies we get out of Ostendio,” Nathlich said.

Beyond completing the SOC 2, AristaMD also works with Ostendio Professional Services to complete other risk exercises and framework preparation, including completing a Business Continuity Plan and HITRUST readiness. Ostendio's Crosswalk functionality and Ostendio’s engagement in these processes have further increased efficiencies and created less redundant tasks for the organization.

While Ostendio has significantly helped speed up AristaMD’s SOC 2 and other compliance audits, Nathlich says he’s confident that the integrity of its reports remains intact.

“When you have a hosted collaborative process, you learn more about it, you have a better idea of what’s going on, you understand what controls are there and what they’re there for,” Nathlich said.

Ostendio has also brought certainty and confidence to AristaMD’s SOC 2 completion and recommends the platform to any organization that wants to justify its SOC 2 or regulatory compliance.

According to Nathlich, Ostendio’s platform just adds a unique level of care to compliance and security.

If you need to justify your compliance, if you actually need to work with potential clients and customers and communicate that you understand the guts behind the compliance, as well as doing it in spirit, instead of just talking the talk, then you need an actual toolset and a platform like Ostendio.
Jim Nathlich
Jim Nathlich, Director of Information Systems, AristaMD

About AristaMD

AristaMD’s care transition solutions, including eConsult and referral management tools, empowers providers to conduct electronic physician-to-physician consultations, facilitates the selection and scheduling of in-person specialist visits, triggers automatic follow-up activities critical to patient care, and schedules peer-to-peer reviews for insurance authorization. Electronic referral management and eConsults significantly improve the patient referral process and deliver greater access to timely, equitable, high-quality care.

Leave Nothing to Chance. Schedule a Demo Today.

Ostendio is the only risk management platform that strengthens your business operations, supply chain, and everyone you rely on with continuous security that is always on and always advancing.