Softdocs Ranges Up Their Compliance Program with StateRAMP

by Hannah Grace Holladay / July fifteenth, 2024

Audits are onerous, however while you companion with a agency like KirkpatrickPrice, will probably be value it.

That’s precisely what Softdocs discovered after they requested us to be their companion on their latest compliance initiative: develop into compliant with the NIST 800-53 framework through a StateRAMP audit inside one 12 months. Be taught precisely how we labored collectively to verify this audit journey resulted in success.

About Softdocs

Softdocs gives course of automation and doc administration options to colleges, states, counties, and cities. Their options allow faculties, universities, Okay-12 college districts, and state and municipal governments to enhance how they serve individuals, create new efficiencies, and allow the way forward for work. 

The Particulars

Implement and Adjust to a Model-New Framework in Below a 12 months

Softdocs needed to extend their cybersecurity posture.  They’re all the time searching for methods to level-up their safety program as a result of conserving their shopper’s knowledge protected is their primary precedence.

They set an aggressive objective to create a safer cloud infrastructure that’s compliant with the NIST 800-53 framework through a StateRAMP audit inside one 12 months. 

Companion with Consultants to Create a Customized Roadmap to Success

Softdocs began wanting in direction of NIST compliance in Sept. 2022, starting with a “self” hole evaluation.  Through the course of, the Director of Operations and Compliance Officer, Terri McKinney famous that, “It’s too onerous to do alone; you want steering.” She stated that after working by way of StateRAMP’s 320 controls alone, she knew that Softdocs wanted KirkpatrickPrice to companion with them to supply experience and steering as they started this difficult compliance journey.

Softdocs started working with KirkpatrickPrice in 2018 on a SOC 2 Kind II venture.  They’ve had profitable audits for five years in a row and have been capable of construct an incredible basis with their auditor, Herbert’s, steering. 

So, when it got here time for his or her NIST 500-83 venture, Terri knew that she needed to companion with us.

“We chosen KirkpatrickPrice as a result of we don’t really feel like a quantity with them; it’s really a partnership.  Our audit offers us professional recommendation on what we have to do to extend our degree of safety.”

Collectively, we decided the scope of the venture and set 4 milestones:

1. Asset-Primarily based Danger Evaluation

Softdocs’ auditor, Herbert, flew to their workplace in Columbia, South Carolina to work with them on an asset-based threat evaluation.  Collectively, they decided that Softdocs’ cloud atmosphere wanted to be measured towards the NIST controls.  The chance evaluation gave the group the reassurance that they have been making use of the controls accurately and that the venture can be targeted on the correct areas of Softdocs’ program.

2. Hole evaluation

There are 320 controls for StateRAMP, and Herbert, Terri, and the Softdocs safety group went by way of all of them in a single week to establish any gaps within the Softdocs program.  They in contrast Softdocs’ present safety program to all 320 controls to establish any areas they wanted to enhance.   

3. Remediation

Due to the nice foundational work Softdocs has accomplished with KirkpatrickPrice during the last 5 years, they fortunately had all the massive issues in place.  The hole evaluation highlighted some areas they might enhance with small modifications and ready them to face the audit with confidence.  Herbert guided them by way of this course of, so that they have been positive that their controls have been correctly designed.

“Herbert did an incredible job deciphering controls after which serving to us implement them into the environment.  He was the guiding pressure figuring out how every management associated to our particular atmosphere.”

4. The Audit

Their audit began December 2023 and concluded in April 2024, which means Softdocs met their objective of finishing the audit by 2024!  The audit adopted KirkpatrickPrice’s consultative audit method, making certain Softdocs was by no means alone throughout their audit. 

Lead Practitioner Herbert McMorris and Shopper Success Supervisor Emily Buser partnered with Softdocs throughout their total audit course of.  They organized the venture, ensured they stayed on monitor, and supplied a protected house for the group to candidly work by way of the difficult parts of the audit.

Although the audit was one of many largest challenges Softdocs has confronted, Terri stated it was 100% value it.  By setting such an aggressive objective, Softdocs nearly “compelled their very own hand,” Terri stated.  There are all the time methods to enhance, but it surely’s robust to do as a result of “it’s means simpler to tug your ft than level-up your total safety program.”  This audit deadline made them decide to the method.  It took each particular person within the group to purchase in to the method for it to achieve success, but it surely was completely value it. They knew it wasn’t going to be simple, and it didn’t disappoint. They did the onerous work and are reaping the rewards.

“You possibly can’t do it and not using a group, and KP has delivered.”

Win New Enterprise by Leveling Up Your Safety Program

After efficiently finishing their StateRAMP audit, Softdocs has confirmed how significantly they take safety and why that’s so important to their success. 

”We’re devoted to implementing the processes essential to hyperfocus on safety all 12 months lengthy, not simply throughout an audit.”

They’ve additionally been capable of win new enterprise with their NIST compliance, claiming it’s the differentiator between them and their rivals.

Softdocs understands the significance of safety to the success of their enterprise.  They comprehend it makes a distinction within the high quality of labor they will present to their prospects, and within the forms of prospects they appeal to.  We’re proud to be their companion in compliance and look ahead to working with them sooner or later to repeatedly elevate their safety practices.

“Orgs ought to embrace the work that an auditing agency brings to the desk. Wouldn’t you a lot slightly your auditor discover an issue than an evil actor searching for a gap that you simply haven’t plugged?  That to me is crucial factor.”

Degree up your safety program with KirkpatrickPrice.

Audits are onerous, however while you work with an professional who’s been in your sneakers, it’s going to all the time be value it.  KirkpatrickPrice shall be your companion in compliance so that you might be assured that your cybersecurity and compliance audit will finish in success.

Join with an professional at this time to be taught what it’s prefer to have a real companion in compliance.

Collectively we are able to:  

• Determine the audit frameworks and companies that profit your group’s distinctive compliance wants.
• Schedule a demo of the On-line Audit Supervisor.
• Be sure your organization finds success on its compliance journey.

In regards to the Creator

Hannah Grace Holladay

Hannah Grace Holladay is an skilled content material marketer with levels in each artistic writing and public relations. She has earned her Certificates in Cybersecurity (CC) certification from (ISC)2 and has labored for KirkpatrickPrice since November 2019, beginning first as a Skilled Author earlier than shifting to the advertising and marketing group as our Content material Advertising Specialist. Her expertise at KirkpatrickPrice and love for storytelling conjures up her to create content material that educates, empowers, and conjures up the cybersecurity trade.