Case Study: Grand Rounds Health achieves SOC 2 Type II compliance with HackerOne's hacker-powered security

Achieving SOC 2 Type II Compliance with Hacker-Powered Security

Grand Rounds, a healthcare company focused on easy access to high-quality care, needed to innovate while meeting strict regulatory requirements like SOC 2 Type II and HIPAA. Their VP of InfoSec & IT found traditional, periodic pen tests too predictable and wanted scalable, real‑time testing that would surface issues outside routine assessments.

They adopted HackerOne Compliance’s hacker‑powered security, which directs researchers to OWASP Top 10 risks and provides continuous, impartial testing — a “see, fire, forget” model that lets Grand Rounds focus on improving technology while HackerOne does the heavy lifting. The program increased coverage and bug discovery, smoothed audit collaboration through automation, and delivered significant cost savings (Forrester estimates over $500,000 across three years) while strengthening overall security and compliance.

Grand Rounds Health

Steve Shead

VP of InfoSec & IT