“The auditor had been doing this for more than 20 years and said he had never seen someone so well prepared.
What normally takes three days, Jim got through in one day — the fastest audit and approval the bank had ever done.”
— Georgia Ouren, VP of Customer Success, AgilityHealth®
After struggling through security audits and reviews, Dave Paul and Georgia Ouren of AgilityHealth® were burnt out, frustrated and overwhelmed. The breaking point came when AgilityHealth®, an enterprise business agility enablement platform, had its first million-dollar deal with one of the biggest financial institutions in the world on the line — they knew they needed help.
“This was a make or break deal,” said Dave, solutions architect at AgilityHealth®. “We needed someone who understood what was being asked of us and who could advise and consult so we could be compliant,” added Georgia, vice president of customer success.
That’s when AgilityHealth® turned to the cybersecurity experts at Essendis.
When trying to sell to enterprise prospects , such as financial institutions or healthcare providers, a security review is a critical part of the sales cycle. Being able to complete security questionnaires and in-person audits in a timely manner, while demonstrating operational and security program maturity, can be the difference between winning the business or not.
When looking for a security partner, AgilityHealth® wanted someone who could take the entire audit and review process off their plate and allow them to focus on other aspects of the business.
“To pass security audits, it takes more than someone who knows security well,” Dave said. “It takes someone who builds relationships and can work with prospects. It's not just about smarts, it's about personality."
And that’s exactly what Jim Schraepfer, founding partner and chief information security officer at Essendis, offered.
Former auditors themselves, Jim and the Essendis cybersecurity team bring a unique perspective to the security audit and review process. They know what questions will be asked and why, and how to work with prospects to meet requirements.
When it came time for an on-site audit with the bank considering AgilityHealth® for a million-dollar deal, Essendis was ready.
"The auditor had been doing this for more than 20 years and said he had never seen someone so well prepared," Georgia said. "What normally takes three days, Jim got through in one day — the fastest audit and approval the bank had ever done.” The client signed a three-year contract up-front.
“To pass security audits, it takes more than someone who knows security well; it takes someone who builds relationships and can work with prospects. It's not just about smarts, it's about personality."
— Dave Paul, Solutions Architect at AgilityHealth®
When managing audits internally, AgilityHealth® did everything the auditors asked for, Dave recalls. When they brought on Essendis, they showed AgilityHealth® that there are different ways of achieving compliance. Having someone with knowledge of those intricacies was crucial and saved AgilityHealth® time and money while also decreasing their workload by preventing the addition of unnecessary features and controls.
Managing the audit process, including researching questions, terminology and requirements, was consuming Georgia’s time and pulling her from other priorities. “I got that time back when we hired Essendis,” she said. “In addition to relief and confidence, Essendis helped move our company forward in a major way by ensuring we’re an enterprise-ready platform.”
Now, both Georgia and Dave say they can’t imagine going through the audit process without Jim, who has stayed on with AgilityHealth® as its virtual chief information security officer (vCISO.)
“Essendis strives to be more than a valued partner — we consider our team to be part of AgilityHealth’s leadership team and that level of buy-in produces results, ” said Jim, who also works across AgilityHealth’s teams from Human Resources to Operations and Account Management. “I’m privileged to help a team as innovative and talented as AgilityHealth® position themselves for growth and continued success.”
Through Essendis’ leadership, AgilityHealth® now has a formal security program and policies that led to SOC 2 - Type II certification in just 18 months as well as alignment with the European Union’s General Data Protection Regulation (GDPR) and the EU-US Privacy Shield framework.
Beyond Essendis’ cybersecurity acumen, AgilityHealth® has leveraged Essendis’ in-house cloud engineering expertise to help fulfill compliance requirements. “The Essendis team can anticipate the security concerns and controls our clients or potential clients will want to have in place,“ Dave said. “They can then help implement without disrupting the organization.”
Georgia’s advice to companies struggling through security requirements and audits? “If you want to be taken seriously and pass security audits, work with Essendis so you don’t waste valuable time and money,” she said. “They have integrity, genuinely care and meet you where you’re at with the organization so you’re not overwhelmed. They’re a true partner.”