BD Emerson & Gardiant: Achieving SOC 2 Type I Compliance

Challenge:

Gardiant provides a case management software called Gardiant Works that caters to vocational counselors and nurse case managers along with LNI retro groups and third party administrators. It was essential for Gardiant to validate that Gardiant Works provided a secure, HIPAA-compliant platform for customers, where they can keep track of key case notes, documents, and important customer records while being able to access the platform securely from anywhere, with no extensive downloads or tedious data replication. Gardiant also aimed to increase the maturity of their security and governance functions within the business.

Solution:

BD Emerson began our engagement with Gardiant with a thorough gap assessment, analyzing the control gaps for HIPAA and SOC 2. Based on this assessment, BD Emerson was able to identify the controls that needed to be implemented and worked with Gardiant’s team to do so. The first step on the roadmap was migrating from Drata and beginning a Vanta Implementation project.  Following the migration, BD Emerson focused on strengthening cloud security, integrating an MDM (Mobile Device Management) solution and an EDR/XDR (Endpoint Detection and Response/Extended Detection and Response) solution to bolster endpoint security. Lastly, BD Emerson and Gardiant collaborated to build a trust center where potential customers and partners can learn how Gardiant will manage and protect their data.

• HIPAA and SOC 2 Gap Analysis: Conducting an exhaustive gap assessment to understand the current state of HIPAA and SOC 2 compliance, identifying gaps, and assessing risks in Gardiant’s operations.
• Strategic Recommendations: Based on the assessment findings, BD Emerson provided tailored recommendations to bridge compliance gaps, focusing on policy documentation, application security, processes, and technical safeguards that align with HIPAA and SOC 2 requirements.
• Implementation of Controls: BD Emerson didn't stop at recommendations; we took an active role in implementing the necessary controls by working with Gardiant’s team in a collaborative fashion. BD Emerson made strategic recommendations during the control implementation phase in support of Gardiant’s migration from Azure to AWS. 
• Achieving Compliance: Within 45 days, BD Emerson partnered with the technical team at Gardiant to fully design and develop the appropriate controls to comply with HIPAA and SOC 2. Gardiant was then audited against the SOC 2 Type I standards. Now that Gardiant has achieved SOC 2 Type 1, they are beginning their audit window to quickly achieve their SOC 2 Type 2. 

Impact

The partnership between BD Emerson and Gardiant has delivered significant advantages to Gardiant’s Works platform by positioning Gardiant as a leader in compliance and security within the Case Management software industry. Maintaining and validating HIPAA compliance has also greatly increased the company’s appeal to potential clients, especially healthcare clients, a critical market requiring uncompromising data protection. Furthermore, achieving compliance with SOC 2, reinforced Gardiant Works’ appeal to professionals in workers’ compensation, who need secure platforms where they can manage employee and customer data. Gardiant’s dedication to privacy, security, and compliance, bolstered by BD Emerson's expertise, has not only met the immediate goal of regulatory compliance but has also given Gardiant a competitive edge among case management software providers.

Conclusion

The collaboration between Gardiant and BD Emerson has amplified Gardiant’s ability to build and maintain Customer Trust. By thoroughly addressing HIPAA and SOC 2 compliance requirements, Gardiant has fortified its platform, Gardiant Works, ensuring it meets the highest standards of data protection and security. This not only keeps sensitive information safe but also builds trust with Gardiant’s clients, especially those in healthcare and workers' compensation. Thanks to BD Emerson’s expert guidance and hands-on support, Gardiant has not only met regulatory standards but has also established itself as a reliable and leading provider in the case management software industry, fully equipped to offer unmatched security and reliability to its customers.