How Icon uses their compliance program to build confidence with customers and successfully navigate mergers

Company: Icon

Location: Newton, MA, USA

Our compliance program isn’t something we worry about on a day-to-day basis anymore. It’s gone from something we all dread to something we don’t worry about. We’re very confident in our compliance and our customers are too.

Andrew Maillet

The Company

Icon, a senior living engagement platform, needs to build trust with healthcare organizations

Icon is on a mission to equip organizations that support seniors with the tools needed to communicate and engage with their entire community including residents, families, and staff efficiently and effectively.

As Chief Technology Officer, Andrew Maillet guides the engineering team to build new features, equips the sales team to build trust with clients, and is responsible for developing and tracking processes that secure the data of Icon’s customers.

“Our customers range from assisted living, independent living, and skilled nursing, making us subject to HIPAA. Our customers are trusting us with their data so we need to make sure that we’re really tracking our processes and have a way to share with them that we are treating their data securely.”

The Challenge

Icon needed a more efficient way to show customers they take security seriously

When you work with customers in highly regulated industries like healthcare, it is even more crucial to have the tools to prove that you are taking security seriously—but that shouldn’t come at a cost to your productivity.

“We started out managing compliance with spreadsheets, folders, and lots of checklists. It was a long arduous process, so we started looking for a tool to make it easier and more organized. We wanted to be confident in our security and show our customers that we take it seriously.”

“We realized we needed tools to help us manage compliance or else that’s where we would have to spend all of our time, as a small company we couldn’t afford that.”

This realization led Andrew to start the search for tools that could help him better organize and automate their compliance program—which led him to TrustCloud.

The Solution

Replacing manual workflows with a real-time platform

“TrustCloud was a great find because it actually helped us build out our program and give us the foundation we needed. We had a solid program built out from the consultants that we worked with, but the whole program that existed in TrustCloud with the customizable policy documents gave us a much stronger compliance program.”

“Our onboarding was great. We were able to quickly get started and balance our policies with the ones we had and the ones that were loaded into the system. And start working through the tasks right away and knowing we would be ready for an audit pretty quickly.”

Shortly after onboarding, Andrew and the Icon team successfully completed their HIPAA audit.

“Once we were ready for the audit I was able to look at the evidence and say I know we’re okay. We got the auditor into TrustCloud and they only had one piece of feedback for us to correct. It was a very smooth process.”

“TrustCloud let us work through the process without any impact on our productivity. If we had to do this manually we would have had a lot of explaining to do to the auditor. The organization and clarity that TrustCloud gives us made it such a smooth process. We could point to a document quickly, know it was attached to the right controls and there were no problems at all.”

Andrew quickly realized not only could he rely on TrustCloud to pass audits and improve Icon’s security posture, but he could also use it to speed up their security reviews.

“Prior to TrustShare we had a lot of questionnaires and they were taking a lot of time. Just having the organization of TrustCloud was a huge help but using the automated TrustShare tool has been a game changer. We were spending several days on each questionnaire, now it’s down to a few hours.”

“We use TrustCloud to manage all of our compliance data: our controls, policies, and the evidence that we are complying with those controls. We’re able to connect that right to responses in questionnaires that we receive. This saves us a huge amount of time and gives our customers a lot of confidence that we know what we’re doing and are trustworthy partners.”

“Actually, we recently showed TrustShare to someone and their words were “I’ve never seen a company with such a great presentation of their compliance program.” I’ve never seen such excitement about compliance.”

With the help of TrustCloud, Andrew has successfully transformed compliance from a “dreadful process” to one that he, the Icon team, and their customers have full confidence (and even excitement) in.

The Future

Building for growth: managing mergers and additional frameworks

Over the last few years Andrew and the Icon team have had quite a few accomplishments: improving their security posture with a real-time platform, shaving days off of their questionnaire response time, and maintaining their HIPAA certification. They now have their eyes set on additional frameworks.

“We’ve completed our SOC 2 Type 1 audit and are starting our Type 2 now. It’s going really well. We actually started this after our merger in June 2022 and are working on getting policies in order between the two companies.”

“When we merged the systems of our compliance programs, we had a very good matchup, we both had HIPAA and it was really just a matter of replacing our policies and systems. Adding systems into TrustCloud and making sure we had “green lights” where we had automation has made things nice and smooth.”

No matter what’s in store for Andrew and the Icon team, they have built a strong security and privacy foundation that will serve and protect them through their next stages of growth.

What TrustAssurance means to Icon

“Trust Assurance means to me that the system is there, our controls are in place, and we can say that we are in continuous compliance and our customer can look at this and see this as well.”

Advice from Andrew Maillet

“In the startup world time is precious. Using TrustCloud to manage all of our compliance data: our controls, policies, and the evidence proving that we are complying with those controls and then being able to connect that right to responses in questionnaires that we receive saves us a huge amount of time, and that time is worth a lot of money to us. The ability to respond quickly to questionnaires gives our customers a lot of confidence that we know what we’re doing and are trustworthy partners.”