Case Study: How Talkatoo Tackled HIPAA and SOC 2 Compliance (Without a Dedicated Security Team)

Posted on August 2, 2021 - by Lorita Ba - in Case Study

Get HIPAA and SOC 2 compliant without a dedicated security team

We recently had the opportunity to interview Talkatoo’s CFO Aly Mawji for a customer case study. We discussed the importance of security in a rapidly growing tech company, their decision to pursue HIPAA and SOC 2 compliance, and how Securicy’s information security management platform accelerated their compliance journey. You can watch an excerpt of the interview below.

How would you describe Talkatoo and what you do?

Talkatoo is a SaaS company that produces dictation software to help doctors and veterinarians. Our customers have hectic schedules, and our software speeds up their time to do clinical documentation. By using our software, they end up having more time in the day.

Why is security important to you and your customers?

We originally started out in the field of veterinarians — with animal health, privacy and security are not as much of an issue. However, as we moved into human health, we needed to be HIPAA-compliant, which is the privacy and health regulation in the United States. 

We deal with a lot of very sensitive, secure patient data — health records and information on people’s lives that doctors and other healthcare professionals deal with. We need to treat that information with a level of privacy and security. And our customers need to know that we take those issues seriously and that we have strong security and privacy.

Our growth plans would be pretty much impossible to do without the security program we have in place.

Who is responsible for security in your organization?

I’m the executive sponsor for this program. And as a CFO, I undertake security responsibilities as part of my job, but I work very closely with our CTO and our Systems Administrator to make all this happen.

We don’t have a dedicated security resource, and I think that would be too expensive for a company of our size. That’s why we needed help from experts and access to a platform that allows us to fill that gap and perform in the security area in the way that we need to.

What was the HIPAA compliance process like?

The HIPAA process was quite an effort, but having the Securicy platform and Securicy’s Premium team really made the process much smoother and easier for us and sped up the time that it took us to do that. We were lucky to have Securicy and all the tools in place to do that. Securicy’s experts made it easier for us to understand what needed to get done and how to get it done rather than trying to spend a lot of time figuring out what was required to meet the frameworks.

I don’t think we would’ve been able to do it quite frankly without that. 

Once you already had HIPAA compliance, why did you pursue SOC 2 as well?

We started selling into larger companies, and these larger enterprise customers said, “Okay, it’s great that you’re HIPAA certified, but we also would like you to be SOC 2 compliant.” It was an intense and rigorous process, and it’s not a one-time thing; it’s an ongoing effort.

Our large enterprise customers are going to drive the business over the next 2-5 years. Those customers really expect us to have a strong security program in place, and they have been asking for us to have the SOC 2 certification. We need to be HIPAA-compliant; we need to be SOC 2 compliant — and not just Type 1, but also Type 2 of SOC 2. 

What was the SOC 2 process like?

We were able to achieve SOC 2 compliance within about four months. I’ve heard horror stories of people taking a year or longer to achieve SOC 2 compliance.

I have to hand it to the platform and the team that helped us get through that process. They made it smooth and easy. They told us exactly what we needed to do. We were able to capitalize on the work we had already done with HIPAA, fill in any missing information on the platform, and keep the information up to date.

Quite frankly, it’s an ongoing effort. It’s not a one-time thing. So because we have the Securicy platform in place, we can hop on there; we can update information; we can move things around; we can change roles. And it’s just an easy way to deal with this project. Having Securicy and its Premium team helps make the effort a lot easier.

What are the benefits of using the Securicy platform?

Without a dedicated security resource, we really rely on the platform and the tools that are provided within it to set up security policies, set up tasks, assign those tasks to people, and then understand where our efforts are at any stage. With Securicy, we have been able to validate existing controls and build new ones, while also really allowing us to do the monitoring and the reporting of our entire security program.

Now that we have the Securicy platform to help us deal with compliance on a regular basis, we are pretty confident that we can, at any point, understand where our security efforts are at. And the platform basically gives us a tool to assign critical tasks to people, to see where things are at, to give us an overview, and to provide reporting for our security program.

What’s been your experience with the Premium Success team?

The team has been fantastic. Their knowledge in the area is very specialized — knowledge that we just didn’t have internally. They know what they’re doing, and they’re able to help guide us through the process. 

Without their help, there’s no way that we would have been able to achieve HIPAA compliance or our SOC 2 certification

Can you quantify the value of Securicy and your security program as a whole?

I mentioned that we’re bringing on large enterprise customers. Those enterprises are going to absolutely make or break this business. And because we have those customers, now we’re able to raise capital.

I don’t know how to put a number on it, but I would say our business would not be possible without the security program and the help that we’ve had from the team.

So having a strong security program in place has allowed us to bring on the large enterprise customers that are going to be the drivers of our business over time. So the impact on our business is absolutely huge. Without Securicy and the security program that we have in place, it would not have been possible to bring on enterprise customers or for us to raise capital the way we have to continue our business.

Securicy Streamlines Your Path to Compliance

Proving you are compliant with security standards like HIPAA and SOC 2 to your enterprise customer can be a costly and laborious undertaking. The Securicy Platform houses controls, policies, generates high-priority tasks, and planning tools designed to help you speed up your time to compliance. Talk with us about how Securicy Premium can save you time and money on SOC 2, HIPAA, and more.

About the author

Lorita Ba is the VP of Marketing at Securicy. Over the past twenty years, she’s represented security companies focused on email, anti-virus, endpoint, and compliance, working closely with customers on understanding their challenges and celebrating their successes. She currently lives in the Boston area with her daughter.