How AssuranceLab, Drata and Eden Data combined forces to accelerate InfoHandler’s compliance journey and unlock revenue growth.
INTRODUCTION
InfoHandler supports school districts by providing ezEdMed as a Software as a Service (SaaS) solution to document those services and submit them to Medicaid for payment. They have helped school districts get reimbursed for millions of dollars each year.
WHY SOC 2?
When asked why SOC 2 became a priority for InfoHandler, Steve said “One of our largest customers stated that as of July 2024, they would be working only with vendors who were SOC 2 Type 2 compliant. They also recommended that other school districts follow the same path.”
THE POWER OF THREE - ASSURANCELAB, DRATA AND EDEN DATA
If InfoHandler did not complete a successful SOC 2 audit, they risked losing current and future customers. Once onboarded with Drata, the team at InfoHandler was introduced to AssuranceLab, as experienced auditors within the Drata platform. “What drew my attention to AssuranceLab was their Drata Starter audits. This made it much easier to know exactly what had to be done to achieve the SOC 2 outcome,” Steve said.
Conducted in the Drata platform, AssuranceLab’s Drata Starter audit framework uses the minimum required controls for a SOC 2 audit alongside their AI audit technology. The AI technology reviews all evidence and provides a pass/fail result to the client before it gets to the audit team. This allows the client and auditor to work through the identified focus areas and further develop client relationships.
After starting the initial audit process and recognising capacity restraints within the team, Steve was introduced to Eden Data, as their Virtual Chief Information Security Officer (vCISO).
“From this point forward, everything ran like clockwork,” Steve said.
WORKING THROUGH THE AUDIT
InfoHandler was provided with key management contacts at AssuranceLab and Eden Data who worked alongside Steve to guide him through the bigger picture and what needed to be completed and when. “The AssuranceLab Drata Starter framework, Eden Data’s assistance and the compliance monitoring from Drata kept us on target,” said Steve.
The audit team from AssuranceLab reviewed the evidence and queries which were sent back through the Drata platform. From here, Eden Data worked through the comments and required updates, sending the new evidence back to AssuranceLab. This process worked seamlessly between all three companies who maintained consistent communication throughout the audit. Additionally, the team at Eden Data scheduled weekly meetings and created a schedule to track the InfoHandler team’s performance.
“My stress levels were off the charts when I first tried to ascertain what had to be done to gain SOC 2 compliance. AssuranceLab, Drata and Eden Data proved to be the solution we needed! It was exciting to see it all come together and witness the entire audit process flow smoothly. Watching the task list shrink from the Drata Dashboard was my daily highlight!” said Steve.
RESULTS
InfoHandler had an extremely tight deadline for their SOC 2 audit, with a significant client contract renewal tied to the outcome. All three teams worked together to achieve the audit outcome by the deadline, allowing InfoHandler to execute their contract renewal in July 2024.
Alongside establishing security and protecting client data, InfoHandler’s SOC 2 report provided other benefits. Steve explained. “It is my job to ensure InfoHandler maintains our high levels of customer satisfaction and that our InfoHandler team is enjoying their jobs. This can only be done by knowing where the security risks are and doing everything possible to mitigate those risks. This is made easier with our SOC 2 audit,” he said.
RECOMMENDATIONS FOR OTHER COMPANIES
“Looking towards future compliance, Steve highlighted the following “InfoHandler depends on the AssuranceLab, Drata and Eden Data teams to monitor, guide and lead us through our future SOC 2 audits. We recommend them to any company looking to obtain SOC 2 Type 2 compliance and or a SOC 2 audit.”
The team at InfoHandler also recommends SOC 2 for companies looking to increase compliance as it “teaches any team where there may be shortcomings in their security posture. Then steps can be taken to close those gaps,” Steve said.
CONCLUSIONS
After being told that district schools would look to only use vendors with SOC 2 compliance, InfoHandler signed with AssuranceLab, Drata and Eden Data to complete their SOC 2 audit. The three teams worked seamlessly to pull all aspects of the audit together and ensure that InfoHandler gained compliance before their tight deadline. This enabled the contract renewal with a large client, knowledge and understanding of their current security posture, ways to identify and mitigate risks and ensure their team is enjoying their jobs.
If you would like to learn more about how we can help get you up to speed on SOC 2 or any other framework write to our team: sales@edendata.com
