The company
Volpara Health makes software to save families from cancer. Healthcare providers use Volpara to better understand cancer risk, empower patients in personal care decisions, and guide recommendations about additional imaging, genetic testing, and other interventions. Volpara’s technology is used globally to assist healthcare providers in delivering better patient outcomes.
The challenge
When Volpara began to receive an increased number of security questionnaires from prospective customers, the process became overwhelming and inefficient.
“It was heavily manual. We had a full-time person internally whose job was to go through and answer these questions” – says Tana Isaac, EVP Product and Technology.
The tipping point came when the security engineer expressed frustration over the tedious nature of the job, which consumed the majority of their time. Their dissatisfaction highlighted their inefficient processes by manually updating questionnaires and a critical business continuity risk.
Below is a list of primary challenges that Volpara faced:
- Manual, Costly and Time-Consuming Processes: A full-time security engineer was dedicated to answering security questionnaires, storing responses in SharePoint and spreadsheets without automation.
- Business Continuity Risk: Reliance on a single individual’s knowledge created a vulnerability and a bottleneck.
- Complexity in Responses: Volpara’s acquisitions meant they had to handle multiple security questionnaires for different products, each with unique security postures and controls.
- Regulatory Compliance: As a healthcare provider, Volpara had to comply with HIPAA regulations.
The solution
Volpara conducted extensive research and evaluated various vendors, including Loopio and Whistic, but found them lacking in terms of accuracy and integrations.
“The TrustCloud solutions ended up winning out when we considered the breadth of offerings along with the security questionnaires, the accuracy and the user-friendly integrations,”
Tana stated.
TrustCloud provided a comprehensive solution that not only addressed the security questionnaire process but also offered robust GRC capabilities including cyber risk quantification and compliance management.
In addition Volpara took advantage of TrustCloud’s platform by adopting TrustRegister and TrustOps for ISO 27001, HIPAA and NIST 800-218.
Key benefits of TrustCloud for Volpara
Efficiency gains in Handling Security Questionnaires:
- Automated the security questionnaire process, significantly reducing the reliance on manual input and allowing the security team to focus on higher-value tasks.
- Enabled Volpara to handle a growing number of security questionnaires without increasing headcount.
Integration and Unified Platform:
- Provided a unified platform for managing security, risk, and compliance that continuously assesses the relationships between controls, policies, and risks
- Allowed Volpara to consolidate various compliance and risk management activities into a single tool, which avoids over-spending on multiple tools
Scalability and Adaptability:
- Enabled Volpara to manage an increasing volume of security questionnaires efficiently, a crucial capability as they pursued larger customers and acquisitions.
- Handled the complexity of different products and their unique security postures, particularly in handling multiple products with different security postures.
Business Continuity and Risk Management:
- Automated the security questionnaire process, mitigating business continuity risks associated with losing key personnel.
Helped Volpara maintain compliance and manage risks more effectively.
Support and Engagement:
- TrustCloud’s team was highly engaged and supportive throughout the implementation process and since then, they’ve helped Volpara progress towards leveraging the full benefits of the platform.
Strategic Alignment:
- Enabled Volpara to better target larger customers by demonstrating robust security and compliance practices.
The future
Going Beyond Questionnaires: Volpara Health anticipates fully leveraging TrustCloud’s capabilities over the next year; in addition to accelerating security questionnaires, Volpara is also using TrustCloud to adhere to requirements for HIPAA, ISO 27001 and NIST 800-218, as well as maintain a dynamic risk register. By leveraging a single platform for many GRC activities, Volpara will be able to continuously monitor their control environment, prioritize risks from different business units based on the associated residual risk, and ensure security questionnaire responses include the most accurate, up-to-date information.
Continued Focus on Healthcare-Specific Needs: Volpara plans to remain vigilant in addressing the evolving cybersecurity landscape in healthcare. They recognize the growing importance of robust security measures and compliance frameworks due to increasing cyber threats. TrustCloud’s ongoing enhancements and support will be crucial in helping Volpara meet these challenges and maintain their competitive edge.
“In the healthcare environment, the amount of breaches and cybersecurity risks that providers face is a significant trigger for us. The need for products like TrustCloud, which not only help with answering security questionnaires but also enable ongoing monitoring of security controls, is crucial.” highlighted Tana.
What TrustCloud means to Volpara
TrustCloud has significantly improved Volpara’s compliance workflows, enabling them to manage security questionnaires more effectively and integrate their GRC activities seamlessly.
“TrustCloud has significantly streamlined our process of handling security questionnaires, allowing our team to focus on more strategic tasks. The integration capabilities of TrustShare have been instrumental in managing the complexities of our multiple product lines. The support and customization offered by TrustCloud have ensured that we are fully leveraging the system to meet our unique needs. Overall, TrustCloud has been a game-changer in enhancing our efficiency and compliance posture.”
