HRS Achieves SOC 2 with less stress, uses repeatable workflows to scale for future security frameworks
Within six months, HRS built up its security program from scratch, and passed their SOC
2 Type 1 audit with the help of Ostendio and its Professional Services. Two months
after reaching their Type 1, they were able to get to the finish line with SOC 2 Type 2
“[Our auditor praised us as] so well organized. But it wasn’t us–it was Ostendio and the tool that got us organized for this audit,” Gaglio said. “I can’t imagine anybody not wanting to do this. If an auditor has to hunt for evidence and ask questions, they get
irritated.” By leveraging the platform and Ostendio’s Professional Services as an
extension of their team, Gaglio said they not only impressed their auditor, but they could see progress in real-time as evidence was received, reviewed and accepted.
Using audit tasks across the entire organization also ensured everyone was organized and up-to-date on SOC 2 tasks.
Within six months, HRS achieved a 180-degree turnaround of its security program,
Gaglio said. “I’m very satisfied knowing that we started in December with 198 red audit
items and [passed our] SOC 2 Type 1 Certification in June.”
“[Ostendio] is really making sure we’re secure in our patients’ data and our clients’ data,”
he said. “That’s what it’s all about at the end of the day.”
HRS Security Engineer Michael Dadurian summed up his experience working with the
platform and Ostendio professional services, stating, “It felt like a partnership from the
HRS now uses Ostendio for all its audit functions.
"[Ostendio] is basically our foundational audit tool right now,” Gaglio said. The team now uses the platform for quarterly self-risk reviews by departments and relies on the built-in reminders to ensure the team is up-to-date on compliance and training.
“We’ve taken the tool and really embraced it and are using it to the best that we can at
this point. And I’m sure there’s so many more things we can do with it.”