Goal

Assist a major healthcare Software as a Service (SaaS) company with ongoing, yearly compliance support for PCI DSS, HIPAA, HITRUST, and SOC 2 assessments.

PCI DSS Compliance Case Study for Download

Challenges & Needs

With an aggressive growth model in place, the client was generating significant revenues from hospitals and wellness clinics using their SaaS platform. Unfortunately, they failed to take into account the massive financial costs with ongoing compliance reporting. Additional challenges included the following:

Compliance Costs were Spinning out of Control: Becoming compliant was a fixed-cost that the client expected, but they were completely unprepared for the amount of money it was costing for maintaining annual compliance. It was putting a big dent in their profitability.

Internal Staff were Spending Too Much Time on Compliance: Employees were spending dozens of hours each week on compliance, creating a notable drop in operational productivity. Employees were overworked and stressed, all because of regulatory compliance reporting.

Quality of Work was Slipping! Regulatory compliance was becoming the main focus for employees, not their actual jobs! A severe drop in productivity and quality of work was seen.

Employee Morale was LOW! “I wasn’t hired for compliance”, “why are we performing so many audits”, were just a few of the many grumblings heard by employees as they spent time on monotonous regulatory compliance work. Employees were leaving the company at an alarming rate.

Our Solution

FLANK put together an efficient process that removed the burden of ongoing regulatory compliance from employees and onto us. After all, employees weren’t hired for regulatory compliance, so why inundate them with work they don’t want to do and don’t have time to do.

We met with existing employees who were performing compliance and engaged in a substantive dialogue so they could shift the workload to us.
Reached out to all third-party auditors and informed them that a new compliance team was on board and ready to work with them on an annual basis.
Began to take control of annual compliance reporting and let employees get back to what they do best!

Challenges Solved

Implemented a comprehensive quarterly compliance reporting program consisting of evidence collection, communication with external auditors, and remediation of controls where necessary.
Reduced compliance workload by a staggering 85% for employees!
Employee retention skyrocketed

Value Created

Adoption of a corporate culture that now understands the real the value of regulatory compliance.
Implementation of an ongoing continuous compliance framework that allows our client to be efficient and cost-effective in terms of annual compliance workload and costs.
Massive savings in both time and money for annual compliance costs moving forward!

Why FLANK

FLANK provides comprehensive regulatory compliance outsourcing and consulting services & solutions for controllers and processors all throughout the globe. Whatever your regulatory compliance outsourcing needs are – from documentation to expert advices – we have the expertise for helping you every step of the way.

PCI DSS Compliance Case Study for Download