Hint Health is a technology enabled Direct Primary Care (DPC) solutions company that partners with visionary provider organizations to build successful DPC programs. They developed the HintOS™ platform, an enterprise-grade DPC management platform that powers the largest and fastest-growing DPC organizations in the country. When Hint Health started looking for a data security platform to help with their adherence to multiple security standards they chose the Ostendio MyVCM platform because it met all their requirements, helping them organize their processes and documents and making them more efficient in their approach to data security.
Recently, VuDang Tran, Head of IT Security at Hint Health, joined Ostendio CEO, Grant Elliott, for a live webinar to discuss how Hint Health uses the Ostendio MyVCM platform to enable always-on security at his company.
During the webinar VuDang discusses the challenges he faces on a day to day basis to maintain an effective security posture and to demonstrate this to relevant stakeholders, including management, employees, partners and customers. He also talks about how the Ostendio MyVCM platform helps him do this and how it allows them to avoid a traditional episodic audit mindset.
“[Ostendio MyVCM] offers a complete package on a GRC tool.... All the features added value to our company,” said VuDang Tran, Head of IT Security, Hint Health.
If you didn’t have time to watch the webinar here are 6 keytakeaways:
1. When looking for a GRC tool, do a thorough analysis of the market
VuDang was already using a GRC platform but realized it wasn’t suitable for all his needs. He needed a tool to cover all his business processes, not just his technical ones. He also needed a tool that would grow with his company. VuDang explained, “[Ostendio MyVCM] offers a complete package on a GRC tool. You have all the modules I could want [including] risk, policy documentation, training assessments and connections to external auditors. ...It is also very easy to use. All the features added value to our company.”
2. Taking steps to mature your data security program adds efficiency
Hint Health wanted to continue their growth in compliance as an organization. Ultimately, after reviewing all the tools available including the features and the value that each tool would bring to the business, they chose Ostendio MyVCM. VuDang added, “From an efficiency standpoint - the value is tremendous. The dashboard shows where we are compliant with each framework, where we need to work and if any audit task is overdue.”
The Ostendio MyVCM platform has easy to read dashboards showing your "Always-on" program.
3. Organizing processes and documents makes audits easier and faster to complete
VuDang said that when Hint Health looked at the work needed to answer questions on multiple frameworks he knew he needed a way to keep track of all the information. “The hard part of multiple certification is to keep track of all these frameworks and controls. Understanding what to do on a daily, monthly, annual basis is where a tool comes in, like Ostendio MyVCM.” The Ostendio MyVCM platform has reminders built in so when a process needs to be reviewed a reminder is sent to the person responsible for updates. This automation makes data security easier for the Head of IT Security to manage, freeing up more of their time for other tasks.
4. You need a platform that supports all aspects of your security program
Unfortunately it is common for GRC platforms to focus on just the technical aspects of security and rely on other applications to manage business processes such as training. The completeness of the Ostendio MyVCM platform across all aspects of the business and across all security domains is what differentiated the platform from the competition. Not to mention the fact it natively supports more frameworks than Hint Health could ever need. “One of the biggest benefits for Hint is that the security frameworks were included in Ostendio MyVCM all for one cost. I have any framework I want!” said VuDang.
5. Make sure the platform you select has access to all the frameworks you need now and in the future
Customers may look for different frameworks and it is up to your business to demonstrate that you are operating all those standards. Your GRC platform should help you crosswalk your activities in line with your customer specific requirements. By using Ostendio MyVCM VuDang finds that he can help his sales team answer specific security questionnaires easily by running reports quickly from the Ostendio MyVCM platform, “I can just pull our assessments and give it to sales so they can prove we are secure.” After completing a SOC 2 Type I audit, VuDang is leading Hint Health through a SOC 2 Type II audit and is also considering HITRUST in the future.
6. The right tool can make audits easier
While we’d never say that completing an audit is easy, there are ways to make it easier for everyone involved. The best way to do that is to find the right GRC tool for your business. Hint Health is working towards a SOC 2 Type II certification using the Ostendio MyVCM platform. The MyVCM Auditor Connect features makes the tasks of audit preparation and completion easier. According to VuDang, “The audit feature allows me to track every asset, it has a time stamp or approval on when an audit has taken place so I can see it is compliant. Reminders are also built in to make sure we are doing the work on time for the audit process. It all ties together from an audit process point of view.”
Ostendio works with customers like Hint Health in the technology healthcare industry but also has customers across other high growth industries from Financial Tech and Insurance to SaaS and IT companies. We help customers successfully operate their company’s entire security program on our single integrated platform that spans and integrates visibility and verification across 100+ frameworks. We offer thorough onboarding with a dedicated Customer Success team member and best in class customer service. As VuDang noted during the webinar, “Your onboarding process is helpful. I was walked through [onboarding] with a great hands on approach. There are certain things I would forget and Customer Support helped answer all my questions.”
You can read more Ostendio customer success stories here.
Using the Ostendio MyVCM platform to establish and manage their data security and risk management programs has helped hundreds of businesses like Hint Health grow. Are you ready to get started? Speak to Ostendio about your data security challenges.
Not sure where to start?
The NIST Guide can help. We can also provide you with a free copy of Ostendio’s password policy, as an example. Just contact us at firstname.lastname@example.org.
Hint Health Case Study
You can watch the webinar or read the case study to learn how Hint Health is using the Ostendio MyVCM platform to handle multiple security frameworks.