Case Study
SOC 2 Readiness Assessment
Averaging more than 15 years of experience in the healthcare industry, our consultants have worked in a variety of management positions within commercial and government payer organizations, so we understand your challenges first-hand—including competitive pressures, organizational obstacles, and limited resources.
Case Overview
A small health plan based in the Midwest identified Change Healthcare Consulting to support their efforts to become SOC II Type II certified. A SOC II certification is a widely recognized stamp of approval to the security world. It proves that an external auditor has reviewed an organization’s safeguards for protecting consumer data and approves that they are operating properly. The consulting team’s role was to advise the health plan on preparing for the audit by conducting a SOC II readiness assessment. They were to identify the organization’s gaps, validate them during their mock audit process, and prepare them for the official audit. With a one-year timeline, the Consulting team used a mix of on-site visits and remote working to prepare the organization to be successful for the SOC II audit.
Challenges
An obstacle the project team faced was a continuous lack of resources and project prioritization. With competing priorities stretching the limited resources thin, the Consulting team encountered project resistance. A pandemic (COVID-19) became widespread towards the end of the project, causing a halt to client-site travel. The team had to agilely transition to full remote working in a matter of days.
Solutions
The Consulting team persevered and collaboratively problem-solved with the client’s staff. In advising the client, they proactively identified potential security risks and applied change management practices to combat them. COVID-19 added enormous new challenges to the project, but with the help of virtual technology, the Consulting team transitioned to remote sessions and video conferences, allowing them to satisfy the project timeline.
Results
The Consulting team advised the client on building an information security program through proper policies and procedures (P&P), improving security standards, and strengthening incident response plans. The project team’s SOC II security readiness assessment was completed on time and left the client in a position to successfully pass the future audit.