Keylight® Case Study
Register to download the full case study
The following is an excerpt from the full case study.
How Surescripts used Keylight® to expand its information security efforts
As the nation’s largest health information network, Surescripts has many rules to follow: HIPAA, Sarbanes-Oxley, Payment Card Industry standards, EHNAC, ISO, just to name a few.
The company’s information security team continually handles multiple projects related to compliance and risk management. Until recently, Surescripts Chief Information Security Officer Paul Calatayud managed this complex matrix of tasks using manual processes. Primarily, he emailed a spreadsheet to each department. Recipients filled in their data and emailed the spreadsheet back. Calatayud aggregated the results.
Yet he had little to show for all the time spent administering Surescripts’ security program. He struggled to communicate the depth of the security program he oversaw. Calatayud could only present specific fragments at a time to a certain audience. He lacked the means to tell “the whole story” of what was occurring in the behind-the-scenes world of the company’s risk management and compliance. Without this context, he found it difficult to justify priorities and budget requests. It was, Calatayud said, an “opportunity lost.”
Wanting to find a tool that could eliminate spreadsheets and help others understand his team’s efforts led Calatayud to investigate Governance, Risk, and Compliance (GRC) technology. GRC software connects people, processes and technology to provide complete visibility into organizational risk and compliance.
Surescripts chose LockPath as its GRC vendor. LockPath’s award-winning Keylight platform is used by organizations to automate business processes, reduce enterprise risk and demonstrate regulatory compliance, all in an effort to achieve audit-ready status. Keylight allows an organization to house its entire list of activities, processes, and information in one database.
Keylight’s capabilities and ease of use made an immediate impact on Surescripts and its information security program. Calatayud says Keylight enhanced his team’s ability to collaborate with each other and other areas of the company, communicate its progress, and make key business decisions.