Case Study: Health Recovery Solutions achieves SOC 2 compliance in 6 months with Ostendio

Health Recovery Solutions Builds Up Security Program from Scratch in 6 Months, Completes SOC 2 Audit

Health Recovery Solutions (HRS), a telehealth solutions provider, needed to replace ad hoc systems and build a formal security program from scratch to prepare for SOC 2. The team was stretched thin, relied on Slack and file shares for requests and documents, and lacked tracking, version control, and an efficient way to collect evidence and work with an auditor. HRS turned to Ostendio’s platform and Professional Services for help with SOC 2 compliance.

With Ostendio, HRS implemented disciplined change management, documentation, audit tasks, asset management, smart tickets for onboarding and offboarding, and policy and procedure templates, while also collaborating with A-LIGN through the platform. Ostendio helped the company organize evidence, improve training and compliance, and reduce audit stress, leading HRS to expand from 50 licenses to the whole company. In just six months, HRS passed its SOC 2 Type 1 audit and reached SOC 2 Type 2 two months later, starting from 198 red audit items and ending with a much more scalable security program.

Health Recovery Solutions

Richard Gaglio

Vice President of Information Security