Epiphany Healthcare Data Management based in Virginia, USA supports over 950 hospitals and healthcare providers worldwide. Epiphany is dedicated to improving workflow within the healthcare industry and is currently the fastest-growing ECG management company in America. Eddie, the Information Security Manager was tasked with managing the certification to ISO27001 and chose a CertiKit toolkit to guide him and his team through the process.
It was important for Epiphany to become certified for a number of reasons. “It is helping to re-enforce the trust Epiphany has gained from its global customers through a sincere and dedicated commitment to the protection of customer and patient data. As a provider of cloud-based software to healthcare organizations, we must remain vigilant when it comes to cyber-security and the protection of customer and patient data. The ISO/IEC 27001 standard has enabled us to develop a framework that focuses on remaining current with security methodologies.”
The biggest challenge was the time constraints in implementing the ISO27001 standard. The team needed a solution to speed up the process. With its comprehensive guides and template documents, a CertiKit toolkit was chosen. Eddie confirms, “the CertiKit toolkit was chosen because of the clear, informative writing style, ease-of-use customisable templates and unlimited email support.”
To understand the standard in-depth, Epiphany also purchased the CertiKit ISO27001-17-18 Enhanced Gap Assessment. This includes the exact wording of the standard broken down into an interactive spreadsheet to easily monitor compliance progress. The tool also includes relevant parts of the 27017 and 27018 standards created for cloud software companies.
The toolkit significantly increased internal knowledge. The business had eight colleagues available to work on the project part-time and they spent a combined 60 hours per week working through the compliance documents. The team gained valuable insight into how an Information Security Management System is best created and maintained. Working through the toolkit gave the team a broader perspective on reducing exposure to risks and providing insight on additional ways to protect the security of information.
From purchasing the toolkit to certification, it took Epiphany just eight months to certify to ISO27001. Eddie would recommend a CertiKit toolkit and certifying to the ISO27001 standard to other businesses. “It provided a better way for us to manage the tasks of policy building, organization of the documents, and determining additional controls to adopt.” Congratulations to everyone involved!
(Case study written: 30th January 2020)