Case Study

Breaking Down Security Barriers to Close Million-Dollar Deals

THE CHALLENGE

AgilityHealth® was struggling to address increasingly complex security questionnaires in-house.
A deal with AgilityHealth’s first million-dollar client, in the highly-regulated financial sector, was on the line.

THE Solution

AgilityHealth® hired third-party cybersecurity experts at Essendis to take the entire security audit process off their hands.

The Result

AgilityHealth® passed the on-site security audit — a process that normally takes three days — by the financial services prospect’s security team in just one day. It was the fastest the security team’s 20-year veteran auditor had ever completed an on-site audit.
On-site audit success enabled AgilityHealth® to close on a three-year commitment with a major financial services brand, opening the door to millions of dollars in revenue.
AgilityHealth® retained Essendis to manage its security program as virtual chief information security officer, leading to:
SOC 2 Type II certification
GDPR alignment ahead of enforcement date
EU-US Privacy Shield certification

“The auditor had been doing this for more than 20 years and said he had never seen someone so well prepared.

What normally takes three days, Essendis got through in one day — the fastest audit and approval the bank had ever done.”

— Georgia Ouren, VP of Customer Success, AgilityHealth®

After struggling through security audits and reviews, Dave Paul and Georgia Ouren of AgilityHealth® were burnt out, frustrated and overwhelmed. The breaking point came when AgilityHealth®, an enterprise business agility enablement platform, had its first million-dollar deal with one of the biggest financial institutions in the world on the line — they knew they needed help.

“This was a make or break deal,” said Dave, solutions architect at AgilityHealth®. “We needed someone who understood what was being asked of us and who could advise and consult so we could be compliant,” added Georgia, vice president of customer success.

That’s when AgilityHealth® turned to the cybersecurity experts at Essendis.

WHAT TO LOOK FOR WHEN HIRING SECURITY AUDIT EXPERTS

When trying to sell to enterprise prospects , such as financial institutions or healthcare providers, a security review is a critical part of the sales cycle. Being able to complete security questionnaires and in-person audits in a timely manner, while demonstrating operational and security program maturity, can be the difference between winning the business or not.

When looking for a security partner, AgilityHealth® wanted someone who could take the entire audit and review process off their plate and allow them to focus on other aspects of the business.

“To pass security audits, it takes more than someone who knows security well,” Dave said. “It takes someone who builds relationships and can work with prospects. It's not just about smarts, it's about personality."

And that’s exactly what the Cybersecurity Advisory team at Essendis, offered.

Former auditors themselves, the Essendis cybersecurity team brings a unique perspective to the security audit and review process. They know what questions will be asked and why, and how to work with prospects to meet requirements.

When it came time for an on-site audit with the bank considering AgilityHealth® for a million-dollar deal, Essendis was ready.

"The auditor had been doing this for more than 20 years and said he had never seen someone so well prepared," Georgia said. "What normally takes three days, Essendis got through in one day — the fastest audit and approval the bank had ever done.” The client signed a three-year contract up-front.

“To pass security audits, it takes more than someone who knows security well; it takes someone who builds relationships and can work with prospects. It's not just about smarts, it's about personality."

— Dave Paul, Solutions Architect at AgilityHealth®

LESSONS LEARNED: THERE'S A BETTER WAY TO MANAGE SECURITY AUDITS

"When managing audits internally, AgilityHealth® did everything the auditors asked for", Dave recalls. When they brought on Essendis, they showed AgilityHealth® that there are different ways of achieving compliance. Having someone with knowledge of those intricacies was crucial and saved AgilityHealth® time and money while also decreasing their workload by preventing the addition of unnecessary features and controls.  

Managing the audit process, including researching questions, terminology and requirements, was consuming Georgia’s time and pulling her from other priorities. “I got that time back when we hired Essendis,” she said. “In addition to relief and confidence, Essendis helped move our company forward in a major way by ensuring we’re an enterprise-ready platform.”

Now, both Georgia and Dave say they can’t imagine going through the audit process without Essendis, which has stayed on with AgilityHealth® serving as its  virtual chief information security officer (vCISO.)

“Essendis strives to be more than a valued partner — we consider our team to be part of  AgilityHealth’s leadership team and that level of buy-in produces results, ” said Jim Schraepfer, founding partner at Essendis, who works across AgilityHealth’s teams from Human Resources to Operations and Account Management. “I’m privileged to help a team as innovative and talented as AgilityHealth® position themselves for growth and continued success.”

NEED ASSISTANCE NAVIGATING SECURITY AUDITS & REVIEWS?

Contact Essendis

ABOUT AGILITYHEALTH®

Launched in 2014, AgilityHealth® is an Enterprise Business Agility℠(EBA) enablement company that’s accelerating the business agility journey. It helps large enterprises define a transformation strategy with its EBA strategy model, measure and grow at every level with its AgilityHealth® platform, and develop your Agile talent for the future of work.

EARNING SOC 2 - TYPE II & EU-US PRIVACY SHIELD CERTIFICATION, GDPR COMPLIANCE

Through Essendis’ leadership, AgilityHealth® now has a formal security program and policies that led to SOC 2  Type II certification, as well as alignment with the European Union’s General Data Protection Regulation (GDPR) and the EU-US Privacy Shield framework.

Beyond Essendis’ cybersecurity acumen, AgilityHealth® has leveraged Essendis’ in-house cloud engineering expertise to help fulfill compliance requirements. “The Essendis team can anticipate the security concerns and controls our clients or potential clients will want to have in place,“ Dave said. “They can then help implement without disrupting the organization.”

Georgia’s advice to companies struggling through security requirements and audits? “If you want to be taken seriously and pass security audits, work with Essendis so you don’t waste valuable time and money,” she said. “They have integrity, genuinely care and meet you where you’re at with the organization so you’re not overwhelmed. They’re a true partner.”

CMMC 2.0 Compliance
Cloud Engineering
Discover
Federal Small Business Concern Control ID: 002263271
Federal Unique Entity ID: GZEHUQR13DE7
Department of Defense CAGE Code: 9DX02

Copyright © 2023 Essendis LLC. All rights reserved.
Privacy Policy