<img height="1" width="1" style="display:none" src="https://www.facebook.com/tr?id=323641658531367&amp;ev=PageView&amp;noscript=1">

Case Study

How HealthTech Company emocha Health Stepped Up Security Program with SOC 2 Audit

emocha Logo (1)



  • Security requirements were rapidly changing, so emocha needed to find a solution that fit their specific needs

  • In search of a solution in budget that would not only engage the entire organization but help mature process as part of their growth strategy


  • Always-on software with efficient, repeatable workflows built into the platform, streamlining audit preparation

  • The ability to meet multiple data security requirements with a feature-rich solution


  • Countless hours saved using the Ostendio platform to support SOC 2 efforts

  • A more mature security program with evidence that is always retrievable and streamlines future audits

The Challenge

Finding the right tool for growing security requirements

As a fast-growing company, emocha needed to build a data security program that would keep up with its business as it expanded. Dealing with patient data meant that a robust information security program was crucial to their success. Customers were requesting security information and sending security questionnaires to be filled in. To meet their requirements the emocha team selected the Ostendio platform for an always-on security program.

“Ostendio offered everything we needed at a price point that worked for our growing business,” said Michael Cohen, Chief Architect for emocha. Initially an Ostendio Select customer, emocha has since stepped up their security program and become a Premium customer. This allows them to take advantage of additional features designed to help with their SOC 2 preparation and audit.

Ramon Castro, CTO at emocha added, “Ostendio has been a key part in helping to mature our processes as part of our growth strategy.” emocha has also engaged the Ostendio Professional Services team to help them prepare for a SOC 2 Type II audit.

The Solution

Efficiency brought to the security process

Before using Ostendio, emocha was like many other companies using spreadsheets and email to handle document management and training. By upgrading to an integrated risk management tool, emocha has seen the benefits that can bring. Cohen added, “There were a lot of manual processes that were occurring, and using Ostendio has freed up some time that otherwise would be  used for something more mundane.” Without Ostendio, Cohen says emocha would be using multiple platforms to complete the same work.

A feature-rich solution supporting multiple data security requirements

emocha knew they had many requirements and they were looking for a feature-rich solution to meet their needs. At first, they were focused on a platform that could just handle change management in their production environment and the Document Management module of Ostendio met their needs seamlessly.

But they quickly realized they needed help in many other areas also, such as security training, particularly with regards to HIPAA. By using the Ostendio platform they found it easy to implement training courses across the company. Training can be run for all employees and includes tracking so they know who has taken and passed the training, and when updates to training are required.

Inventory management was also a challenge that the emocha team faced before they found the Ostendio platform. Once implemented, they were able to use the Ostendio Asset Management module to allocate assets to each employee and keep track of ownership.

And as a growing business, emocha also needed to respond to multiple customer security audits and planned to complete their own SOC2. Since the Ostendio Assessment module supports over 100 security standards and regulations, upgrading to Premium was a logical next step for this health tech company.

Castro added, “[Ostendio] helps keep us very organized and adherent to controls and processes that we need to
consider as we deal with PHI, PII and to operate in line with HIPAA regulations.”

Finding one solution to meet all their needs has made the process of data security more efficient for emocha.

The Result

Using Ostendio to support a SOC 2

Castro is focused on growing emocha’s business and its platform strategy for the future. For an early-stage company such as emocha, there was an overhead to running security processes internally, and continually updating them manually was time-consuming. Where larger companies might have employees solely focused on internal audits, start-up companies often require their IT team to carry the main responsibility of handling data security. Castro knew emocha needed a more efficient way of handling their data security program that would grow with their business and that’s why they selected the always-on Ostendio platform to help.

Castro added, “When doing business with large enterprises they want to see documentation and policies. It becomes a big ask over time and each company has a unique set of questions.” By using the Ostendio platform, emocha is simplifying that process and making it easier to quickly respond to customer requests for security documentation.

emocha sees the benefits of a SOC audit in their future as they mature their data security program. By working with the Ostendio Professional Services team they have the additional expertise on hand to start the preparation for this intensive audit process. "We chose Ostendio for our SOC 2 preparation because the platform makes it easy to organize documentation and evidence, plus we can work with an auditor directly in the platform," said Castro.

emocha is using Auditor Connect to select an experienced auditor who also uses the platform. This will make the audit process more efficient with significant time and cost savings. Auditor Connect is the first online marketplace for companies to connect and engage with qualified security audit firms. Evidence is always available, easy to update, and optimized for collaboration. Customers being audited can track progress in real-time.

By using the always-on Ostendio platform, emocha is maturing its security program, and growing its business with a built-in culture of security.

We chose Ostendio for our SOC 2 preparation because the platform makes it easy to organize documentation and evidence, plus we can work with an auditor directly in the platform.

Ramon Castro emocha
Ramon Castro, Chief Technology Officer, emocha
emocha Health Logo

About emocha Health

emocha empowers patients to take every dose of medication through video technology and scalable human engagement. Patients use a smartphone application to report side effects, communicate with providers, and video record themselves taking medication at every dose. Providers or emocha's clinical adherence team assess medication adherence and engage with patients at every dose.

Leave Nothing to Chance. Schedule a Demo Today.

Ostendio is the only risk management platform that strengthens your business operations, supply chain, and everyone you rely on with continuous security that is always on and always advancing.