TrustMAPP Customers

Large U.S. Hospital System Needs HIPAA… And More

The Challenge

This 54,000 employee, 19 hospital healthcare system had assessed their HIPAA Privacy, but not their HIPAA Security compliance. That was their immediate need, but they also wanted to be ready to handle the 89 assessments they have to do every year. Their prior experience with a “boots on the ground” consulting company hadn’t been fully satisfactory, and their homemade tool was deemed a “valiant effort” but not scalable.

The Solution

The TrustMAPP platform was up and running, with the first framework and all 180 respondents configured, in just a few days. The entire assessment process took less than a month. The CISO and all other stakeholders got the kind of reports they liked and could base business decisions on.

The Outcome

The health care organization completed successful assessments in record time. TrustMAPP doesn’t just save them time, it guides their remediations and elevates their overall security maturity. TrustMAPP provides a scalable platform that lets them operationalize and centralize their broad assortment of assessments.

U.S. Consumer Financial Services Company & PCI

The Challenge

A consumer-based financial services company sought to achieve PCI compliance and meet security requirements of their high-profile clientele.

The Solution

Customer engaged services from Secure Digital Solutions to establish a solid PCI compliance stance. SDS used TrustMAPP to deliver:

  • Recommendations regarding gaps in current policy within the Information Security Program
  • Log management standards for operating systems and network devices that meet PCI DSS requirements
  • Review of current credit card data flow through customer’s core application
  • Recommendations to improve controls of stored and transmitted cardholder data within the core application

The Outcome

  • Enhanced marketability and appeal through achieving a compliant stance with PCI Merchant Level 1
  • Scalable and maintainable compliance framework that supports their business growth objectives
  • Continuous compliance mindset

Internet Communications Provider Assesses Product Readiness

The Challenge

  • This internet communications company wanted to make sure its offerings were ready for launch in new markets. They recognized the increased role of compliance and cybersecurity in their decision making.
  • Were they HIPAA compliant to sell to healthcare providers? Were they GDPR compliant to sell into the EU?

The Solution

  • TrustMAPP give them a platform that they could use to assess against more then 50 regulations, so it would scale as they approached new markets.
  • TrustMAPP rapidly gave them the information they needed to inform their product and go-to-market decisions. It was fast enough to keep pace with the fast-moving business, and its remediation recommendation plugged into their product roadmap.

The Outcome

  • Assessments immediately validated which markets are available to them now, and which will require improvements to their cyber maturity.
  • They have advanced from a DevOps approach to a DevSecOps approach that bakes security more deeply into their offerings.
  • Privacy and security have a seat at the table, steering product strategy.

Legal Claims Firm Achieves FISMA Compliance

The Challenge

Changing laws and policies introduce complexities into business models. In this case, a legal claims corporation was required to comply with FISMA (Federal Information Security Management Act) to continue to grow its business with the federal government.

The Solution

The company used the TrustMAPP platform to deliver FISMA compliance requirements and accomplish these tasks within an aggressive timeline. Making the task more challenging, a Unified Control framework mapped with PCI DSS, HIPAA and NIST controls was also requested during the same timeframe. Meeting both goals positions the company to new business opportunities while satisfying existing clients.

The Outcome

The Unified Control Framework was delivered on-time and under budget and the client received acceptance from governing entities. They also implemented a remediation plan for the client to meet controls identified in the Unified Control framework. They won additional business and further positioned itself for larger market share and a greater competitive advantage.