<img height="1" width="1" style="display:none" src="https://www.facebook.com/tr?id=323641658531367&amp;ev=PageView&amp;noscript=1">

Case Study

Fastest-Growing US Direct Primary Care HealthTech Provider Builds Always-On Information Security Program Using Ostendio

Hint Health



  • Using competitive product, finding that it was both out of budget but posing limitations with running a mature security program

  • Needed to find a solution that would grow and scale with them, allowing them to easily crosswalk to other security frameworks


  • Feature-rich software that was not only easy to transition to, but also ensured Hint was always audit-ready

  • Automated system notifications and task requests sent to departments to ensure policies and compliance requirements are met.


  • Saved countless hours preparing audits by maintaining easily retrievable evidence in the platform

  • Stronger collaboration with auditors in-platform

  • Ability to easily crosswalk to 150+ frameworks as the organization grows

The Challenge

Pushing past limitations with a new solution: An all-inclusive solution to meet growing needs

Hint Health was aware of the need to operate an effective data security and risk management program before it found out about Ostendio. They were already following various standards and regulations including HIPAA,  ISO27001 and SOC. Hint had been using a competitive product but became dissatisfied with both its cost and the limitations the solution offered. A problem that became more acute as their business continued to grow. As they matured their security program they realized they needed a platform that would scale with their business and allow them to showcase their security program across multiple frameworks in real-time, all the time.

The Ostendio platform met all their growing requirements and was all-inclusive, fitting within their budget. Hint became an Ostendio Premium customer. “One of the biggest benefits for Hint is that the security frameworks were included in Ostendio all for one cost. I have any framework I want!” said VuDang Tran, Head of IT Security, Hint Health.

The Solution

Saving time with an abundance of security features:
As a new Ostendio client, Hint quickly started using the platform as the foundation of their data security program.

As they work towards their goal of SOC 2 Type II, Hint is using the platform to build out its security tasks, to collect and manage evidence and to organize policies and procedures. Hint has benefited from the ticket management feature, asset management, assessment feature and internal audit feature, all of which are included within the platform. Hint is also using the security training offered through the Ostendio platform, including the bundled KnowBe4 content.

“The internal audit feature is a huge plus because I can upload my own internal assessment and store it in Ostendio,” said VuDang Tran.

“For anyone who is not experienced with compliance, the templates for Premium policies are a great source of documentation and saved me a lot of time in building my compliance program,” said VuDang Tran.

As Head of IT Security, VuDang has noticed the time he saves by using the Ostendio platform to prepare for audits. He likes that he can send notifications and reminders and the automated system requests updates to policies rather than taking his time to request them individually.

The Result

Looking forward to growth: Using Auditor Connect for collaboration during audit process

VuDang says that other certifications and regulations are in Hint’s future as they build on their data security program. After just completing a SOC 2 Type I they are moving ahead and preparing for SOC 2 Type II using the Ostendio platform track and demonstrate evidence of historical compliance. One of the biggest benefits he sees is the ability to use Auditor Connect and work directly on the platform with his chosen auditor, A-LIGN. Together, Hint and A-LIGN are able to share real-time evidence through their respective Ostendio platforms on the Trust Network. When authorized the Ostendio Trust Network enables shared access to all necessary evidence and communications. Information is real-time, always available, easy to update and optimized for collaboration. During their audit process Hint will be able to track their auditors progress in real time and the increased collaboration and efficiency has been proven to result in significant savings for both auditors and customers over the life of the audit.

“I know using Ostendio will make it more efficient for me when going through an audit. The automated tracking will help me keep track of all the paperwork the auditors request."

- VuDang Tran, Chief Technology Officer, Hint Health

In the future VuDang says Hint plans to add a focus to the vendor management and risk management features of the Ostendio platform to support their broader security program.

I know using Ostendio will make it more efficient for me when going through an audit. The automated tracking will help me keep track of all the paperwork the auditors request.

VuDang Tran Hint Health small
VuDang Tran, Head of IT Security, Hint Health

About Hint Health

Hint Health is a technology enabled Direct Primary Care (DPC) solutions company that partners with visionary provider organizations to build successful DPC programs. The HintOS™ platform is an enterprise-grade DPC management platform that powers the largest and fastest-growing DPC organizations in the country.

Leave Nothing to Chance. Schedule a Demo Today.

Ostendio is the only risk management platform that strengthens your business operations, supply chain, and everyone you rely on with continuous security that is always on and always advancing.