With the updated mandates coming in, Cortico needed to upgrade their ISMS and bring in more security compliance certifications.
From Risk to Resilience:
Perfecting the Certification Recipe with Automatic Surveillance and Trainings
Location: Burnaby, Canada
Industry: HealthTech
The Context
As a patient engagement platform on a mission to allow patients access medical care with 10x less stress and effort, Cortico knew all too well about the multiple compliance requirements that arise at the intersection of health care & technology.
With the province of Ontario updating its guidelines in 2022, addressing the updated mandates was top priority. Furthermore, with a 1 year notice on it, Cortico decided to act on it right away.
Clark Van Oye, CEO, Cortico
Our need for a turnkey solution led us to Scrut. The benefit of having reduced workload and costs is significant for our business.
Challenges
Navigating complex compliance requirements
With the updated mandates coming in, Cortico needed to upgrade their ISMS and bring in more security compliance certifications.
Compliance requirements are complex in nature and filled with jargon almost alien to most people. It was important to identify the right standards that matter - that will be able to help them build trust with their customers, and strengthen their security. The goal was to optimize Cortico's time and resources while also ensuring alignment with their market access needs.
In this complex environment, Cortico needed an expert that could help identify and prioritize the right certifications to pursue.
The Solution
Scrut enabled Cortico to navigate through the requirements set forth by the province of Ontario, understand the relevance, and cherry pick the right standards (SOC 2 type 2, ISO 27001:2022 and HIPAA) aligned with Cortico’s future goals. After finalizing the certifications, Scrut defined the processes in alignment with the requirements of ISO 27001. Scrut’s intuitive platform ensured that modifying, reviewing, and approving the corresponding policies was a breeze. Scrut also implemented the ISMS training module. The training process was simple and engaging, enabling Cortico to complete its employee training requirements smoothly.
The Scrut Automation platform was the turnkey solution that Cortico needed, automating most of the surveillance and evidence gathering activities across the three standards. The platform helped Cortico keep a tight eye on the compliance gaps, progress towards fixing these issues, and status of the audit projects – enabling them to drive and close audits with zero friction.
Defining all processes for ISO would have been intractable without Scrut’s help
The Impact
Time saved with automations
Leveraging the Scrut platform’s automations and workflows, Cortico saved about 800 hours in the process of achieving their compliances
Structured guidance and ownership
The infosec team was available at all times and ensured the needs of all the stakeholders were being met.
Greater market access
The improved security posture and accompanying compliance certifications paved the way for Cortico to acquire bigger customers and enter newer markets