ClearDATA Maintains a Clean Bill of IT and Security Risk Management (ITSRM) Health with OneTrust GRCDownload PDF
ClearDATA Maintains a Clean Bill of IT and Security Risk Management (ITSRM) Health with OneTrust GRC
ClearDATA is the market leader for healthcare cloud computing and information security services for providers, life sciences, payers, and healthcare technology organizations. By enabling their customers to automate, protect, and securely manage healthcare applications, data, and IT infrastructure in the cloud, ClearDATA empowers the industry to focus on making healthcare better by improving healthcare delivery.
As a healthcare company whose operations rely on the processing of protected health information (PHI), ClearDATA understands the importance of basing all business decisions on their associated risk and the ability to mitigate risks.
“Frameworks like HIPAA and GDPR drastically impact how a healthcare organization operates, and it all comes down to the associated risk of processing PHI. Think about HIPAA. The foundational security safeguards of this regulation are around the risk associated with business operations and mitigating those risks to PHI. Also, consider the GDPR and its loosely defined guidance around sensitive categories of personal data.Jonathan SlaughterDirector of Compliance, Security, and Privacy
ClearDATA believes that to confidently operate in compliance with these regulations (among a host of other standards, frameworks, and internal policies), organizations need state-of-the-art technology to centralize and understand the business’ IT and security risk posture.
A Platform to Measure Business Initiatives, Compliance, and Risk Activity at Scale
Over the course of the past several years, ClearDATA has experienced exponential growth, and to support this, the business now operates across the three major public cloud providers. This investment helps the company attract new opportunities, but the expanded market also creates complexities around understanding their current processes. Because of this, the company must build these processes in a repeatable fashion to adapt to various customer types – all while mitigating risk across different sets of vulnerabilities.
ClearDATA needed a centralized software platform that could serve as a single solution to streamline and scale their business initiatives, compliance operations, and risk management program. ClearDATA approached its IT and security risk management initiatives to address the increased operational complexities around global regulations and reducing their risk exposure across consumer touchpoints. ClearDATA also sought to distribute these efforts across markets while minimizing the amount of time spent in spreadsheets and manually pulling reports.
As an early OneTrust adopter, the ClearDATA team quickly realized the benefits of implementing OneTrust GRC’s IT and Security Risk Management (ITSRM) solution. With OneTrust, ClearDATA can streamline existing manual processes by adding automation workflows to identify, track, remediate, and monitor risk across IT infrastructure, vendor relationships, and operations for a complete enterprise view of risk across their business profile.
“OneTrust is unique in that it enables us to link information across a variety of modules in the platform including IT and Security Risk Management, Privacy Management, Vendor Risk Management, and Incident Management. This provides us with a centralized register to understand what our risk posture is. Whenever I log into the platform, all I have to do is look at the risk dashboard to understand our posture because everything lives in there.Jonathan SlaughterDirector of Compliance, Security, and Privacy
Slaughter spends 90% of his time solely in the risk register, and the other 10% creating automation between the modules. This automation enables the Privacy, Security, and Compliance team to launch assessments to outside vendors as well as internal stakeholders to immediately identify risks posed to the business. From there, the team is able to determine whether or not a vendor or process is acceptable.
A Healthy Return on Investment
ClearDATA has experienced an impressive return on investment in using OneTrust, including:
- Better Auditing: OneTrust has changed the way ClearDATA works with auditors. The conversations have drastically changed and focus less on answering what ClearDATA is actually doing day-to-day, but rather how OneTrust works. This is because OneTrust clearly delineates ClearDATA’s intelligent and intuitive approach to risk mitigation and is further supported by real-time activity logs.
“Auditors are used to cumbersome GRC tools, so when they see the OneTrust GRC platform, they are shocked with the flexibility and ease-of-use. Oftentimes our auditors suggest that their clients purchase OneTrust because of this.Jonathan SlaughterDirector of Compliance, Security, and Privacy
With OneTrust, ClearDATA is able to get through three audits virtually in the time it would take to do one audit on-site.
- Time Savings: Prior to OneTrust, the Privacy, Security, and Compliance team spent approximately 20 minutes every time they had to jump on a call with a subject matter expert to conduct risk management due diligence. They stay busy, with no less than 1,500 conversations a year. By leveraging OneTrust, ClearDATA saves 3,000+ minutes (over 50 hours!) a year by automating this assessment process.
- Universal Risk Language: Every company has its own risk threshold, but every individual also has their own risk appetite. So, if an individual is more risk accepting, they will see risk differently than someone who considers risk as adverse or neutral. This discrepancy creates an internal conflict that OneTrust helps solve. OneTrust provides ClearDATA with a universal risk language that all stakeholders can understand. It opens both risk-adverse and risk-open individuals’ eyes to recognize the impact and reality of risk to the business.
- Executive Reporting & Visuals: It’s imperative for ClearDATA’s executive team to understand the risks facing the business, but highlighting key risk and performance indicators becomes complex without a clear dashboard or report. OneTrust provides report- ready quarriable data with a powerful reporting engine to deliver findings in a variety of formats (.pdf, column, etc.). ClearDATA leverages these out-of-the-box features to help the business make decisions faster which positively impacts their bottom line.
By leveraging OneTrust GRC, ClearDATA is making IT and Security Risk Management a fundamental part of their business. Not only can the company evaluate risk in a more automated and efficient manner, but their business units are more engaged in risk management processes, which continues to elevate the overall quality and drive down risk across their portfolio of vendors.
Moving forward, ClearDATA plans to expand their use of OneTrust even further. With a growing customer base in Europe and the Asia Pacific region, and an increasing set of privacy laws and security frameworks worldwide, ClearDATA is planning to dig deeper into OneTrust’s products to ensure they are confidently protecting customer data on a global scale.