BD Emerson & Gardiant: Achieving SOC 2 Type I Compliance
Overview
Gardiant, a modern Case Management software company, underwent an initiative to enhance its security and compliance posture in order to align its operations with the rigorous compliance standards of HIPAA and SOC 2. BD Emerson was selected to help Gardiant navigate the complex regulatory landscape and implement vital security and privacy controls. The goal was to enable the team to build more security and privacy features into the product, add additional governance controls at the organizational level, and elevate the protections Gardiant customers can count on while using the Gadirant Works platform.
Challenge:
Gardiant provides a case management software called Gardiant Works that caters to vocational counselors and nurse case managers along with LNI retro groups and third party administrators. It was essential for Gardiant to validate that Gardiant Works provided a secure, HIPAA-compliant platform for customers, where they can keep track of key case notes, documents, and important customer records while being able to access the platform securely from anywhere, with no extensive downloads or tedious data replication. Gardiant also aimed to increase the maturity of their security and governance functions within the business.
Solution:
BD Emerson began our engagement with Gardiant with a thorough gap assessment, analyzing the control gaps for HIPAA and SOC 2. Based on this assessment, BD Emerson was able to identify the controls that needed to be implemented and worked with Gardiant’s team to do so. The first step on the roadmap was migrating from Drata and beginning a Vanta Implementation project. Following the migration, BD Emerson focused on strengthening cloud security, integrating an MDM (Mobile Device Management) solution and an EDR/XDR (Endpoint Detection and Response/Extended Detection and Response) solution to bolster endpoint security. Lastly, BD Emerson and Gardiant collaborated to build a trust center where potential customers and partners can learn how Gardiant will manage and protect their data.
- HIPAA and SOC 2 Gap Analysis: Conducting an exhaustive gap assessment to understand the current state of HIPAA and SOC 2 compliance, identifying gaps, and assessing risks in Gardiant’s operations.
- Strategic Recommendations: Based on the assessment findings, BD Emerson provided tailored recommendations to bridge compliance gaps, focusing on policy documentation, application security, processes, and technical safeguards that align with HIPAA and SOC 2 requirements.
- Implementation of Controls: BD Emerson didn't stop at recommendations; we took an active role in implementing the necessary controls by working with Gardiant’s team in a collaborative fashion. BD Emerson made strategic recommendations during the control implementation phase in support of Gardiant’s migration from Azure to AWS.
- Achieving Compliance: Within 45 days, BD Emerson partnered with the technical team at Gardiant to fully design and develop the appropriate controls to comply with HIPAA and SOC 2. Gardiant was then audited against the SOC 2 Type I standards. Now that Gardiant has achieved SOC 2 Type 1, they are beginning their audit window to quickly achieve their SOC 2 Type 2.
Impact
The partnership between BD Emerson and Gardiant has delivered significant advantages to Gardiant’s Works platform by positioning Gardiant as a leader in compliance and security within the Case Management software industry. Maintaining and validating HIPAA compliance has also greatly increased the company’s appeal to potential clients, especially healthcare clients, a critical market requiring uncompromising data protection. Furthermore, achieving compliance with SOC 2, reinforced Gardiant Works’ appeal to professionals in workers’ compensation, who need secure platforms where they can manage employee and customer data. Gardiant’s dedication to privacy, security, and compliance, bolstered by BD Emerson's expertise, has not only met the immediate goal of regulatory compliance but has also given Gardiant a competitive edge among case management software providers.
Conclusion
The collaboration between Gardiant and BD Emerson has amplified Gardiant’s ability to build and maintain Customer Trust. By thoroughly addressing HIPAA and SOC 2 compliance requirements, Gardiant has fortified its platform, Gardiant Works, ensuring it meets the highest standards of data protection and security. This not only keeps sensitive information safe but also builds trust with Gardiant’s clients, especially those in healthcare and workers' compensation. Thanks to BD Emerson’s expert guidance and hands-on support, Gardiant has not only met regulatory standards but has also established itself as a reliable and leading provider in the case management software industry, fully equipped to offer unmatched security and reliability to its customers.
Related Services
Quote
"Working with BD Emerson has been a real game-changer for Gardiant. BD Emerson came to us as a trusted service provider and partner of another business we collaborate with in a founders group. Their deep expertise in SOC 2 and HIPAA compliance helped us not just meet but exceed our security and privacy goals. They made the complexities of compliance understandable and manageable, which enabled us to transform our platform's security in record time. Thanks to their thorough approach and unwavering support, our clients now have even more confidence in our platform. BD Emerson didn’t just help us tick boxes; they integrated security and privacy into the core of what we do. I can’t recommend them enough for any company looking to up their game in compliance and security."
Other Case Studies
Partners
At BD Emerson, the trust of our partners enhances our credibility, meeting the highest security standards and requirements.