Modern Health has saved 100+ hours per year on compliance and security tasks through automation from Vanta.
Vanta gives the Information Security team at Modern Health real-time visibility into tests and helps them quickly identify and remediate issues.
With Vanta, Modern Health has shortened their collection time for audits from months to under a week.
“Vanta's trust management platform gives us an automated way to centralize compliance and build a successful security program.”
The company
Prioritizing mental health for all
Modern Health is a global mental health benefits company that aims to offer the most inclusive, comprehensive, and cost effective benefits on the market. Founded in 2017, today the company serves customers like Palo Alto Networks, Dropbox, and more.
Customers often come to Modern Health at their most vulnerable—when they need support for their mental and emotional health—and they’re sharing their most private information. “These are real people with real lives,” says Michael Hensley, Head of Information Security and HIPAA Security Officer at Modern Health. “We need to protect their sensitive data as much as we can.”
Because they’re in the health care space, Modern Health handles sensitive data that is attractive to attackers. “Security breaches in health care are often in the news,” says Michael. “There’s a reason for that—health care companies store private information that makes them a good target.”
The challenge
No time for manual work
Michael and his team of five security engineers are responsible for every aspect of Modern Health’s information security program. This includes managing and maintaining the company’s SOC 2 and HIPAA compliance.
With limited resources, and an ever-growing list of competing priorities, it’s important for the team to automate compliance processes so they can spend more time focused on running their security program. “A lot of the compliance burden for SOC 2 and HIPAA requires that we automate as much as possible,” says Michael. “Otherwise we can’t scale with the business.”
{{quote-2}}
The solution
Achieving SOC 2 and HIPAA compliance with automation and continuous monitoring
A Vanta customer since 2019, Modern Health was able to achieve SOC 2 and HIPAA compliance with Vanta. “There are so many manual tasks that we used to have to do either in spreadsheets or by reaching out to people,” says Michael. With Vanta, they’re able to automate all the manual work associated with vendor reviews, access audits, vulnerability management, security documentation, and controls.
And with Vanta’s continuous controls monitoring, the Modern Health team has constant visibility into passing and failing tests. They’re alerted right away when something falls out of compliance, making it easy to remediate issues.
“Compliance is not a one day-a-year or one week-a-year task," says Michael. "For us, it is a 365 day-a-year task to make sure that we stay on top of our compliance programs.”
The impact
Massive time savings, more strategic focus
Before Vanta, collecting evidence for an audit could take weeks, even months. Since implementing Vanta, Michael and the team have been able to reduce audit collection time to less than a week, giving them valuable time back to work on critical security projects.
Vanta’s seamless auditor experience played a large role in the time savings as well. “The auditors we work with are already familiar with Vanta—they can easily log in and see the evidence they need which has reduced collection time for our audit to less than a week.”
Michael estimates that the team is saving two hours or more per week. “Spread out over the course of the year, we’re saving over a hundred hours that our security team can then use to focus on building the appropriate security controls for our business at large,” said Michael.
{{quote-3}}
Michael is excited about Modern Health’s future with Vanta, including launching a public Trust Center to proactively demonstrate trust to customers and streamline security reviews. With Vanta, Michael says, “We can go all the way from a customer buying us, to making sure they are satisfied with our controls when they review us as a vendor.”