When ILLUMEN, an information technology service company, was asked by one of their high profile customers to host and manage infrastructure containing electronic Personal Health Information (ePHI), they knew that they would have to implement a robust security and compliance program. While their highly skilled engineers were well equipped to deal with the technical security components of protecting sensitive data, they did not have a good way to manage all the policies and procedures necessary to maintain tough security and compliance. ILLUMEN turned to Ostendio and their cloud based solution - My Virtual Compliance Manager (MyVCM) - for help.

1. CASE STUDY
www.ostendio.com
Regulatory Compliance Done Right
Ensuring the confidentiality, integrity and availability of customer data.
1
The Challenge
When ILLUMEN, an information technology
service company, was asked by one of their high
profile customers to host and manage
infrastructure containing electronic Personal
Health Information (ePHI), they knew that they
would have to implement a robust security and
compliance program. While their highly skilled
engineers were well equipped to deal with the
technical security components of protecting
sensitive data, they did not have a good way to
manage all the policies and procedures
necessary to maintain tough security and
compliance. In particular, a program that would
include meeting the requirements of the Health
Insurance Portability and Accountability Act
(HIPAA) and other regulatory standards such as,
the International Security Organization (ISO), and
the National Institutes Standards and
Technology (NIST) methodologies.
Added to this, their customer had a tight
deadline so they would have to setup a vigorous
security and compliance platform quickly if they
were going to be able to take on the work.
The Solution
ILLUMEN turned to Ostendio and their cloud
based solution - My Virtual Compliance
Manager (MyVCM™) - for help.
Ostendio started by conducting a high-level
control audit using MyVCM and quickly
“It is a beautiful thing to see all of our
critical policies and procedures in a
single console, and know that staff has
acknowledged them and is now
responsible for adhering to them.”
– CEO Mike Jenner - ILLUMEN
2
determined the gaps and created a baseline
from which to work. Next, they worked with
ILLUMEN, creating policies and documenting
work processes, and uploading and
configuring audit tasks, policies, and setting
up training for all staff on the MyVCM platform.
ILLUMEN’s staff was fully engaged throughout
the process, and made certain that the
policies were in alignment with the business as
they worked through each document, asked
important questions, and came to a consensus
on what needed to be done.

2.
© 2014 Ostendio, Inc. All rights Reserved
About ILLUMEN
ILLUMEN delivers a unique
service model that integrates
people, process and
technology together that
enables the highest level of
productivity for our
clients. ILLUMEN’s mission is
to provide IT outsourcing
support that small and
medium-sized organizations
need to keep their computer
networks reliable and IT costs
under control. Find out more
at www.illumen.com
ABOUT OSTENDIO
Ostendio is an information security & risk management solutions provider that develops
affordable compliance solutions that demonstrate compliance for the healthcare industry.
ABOUT MyVCM
MyVCM helps Health Systems manage risk when working with innovative digital health
companies by providing a way for Health Systems to track vendor risk management and
compliance status in real-time. MyVCM helps innovative Digital Health companies
demonstrate compliance to Health Systems by providing a practical way to manage risk and
compliance and an easy way to share their risk and compliance status.
Ostendio, Inc.
1400 Key Blvd, #100
Arlington, VA, 20009
Phone: 1 877 668 5658
Email: info@ostendio.com
twitter/ostendio
linkedin.com/company/3309477
fb.com/ostendio
Connect with us!
3
The Result
A second high-level risk assessment
was performed to assess the progress.
ILLUMEN was now scoring in mid-80’s
and low 90’s and greatly exceeding
the expectations of CEO Mike Jenner.
4
Shortly after implementation, MyVCM
proved itself. A critical security test in
ILLUMEN’s remote monitoring and
management platform triggered an
alert. ILLUMEN’s Incident Response
Team was immediately able to access
the newly created Incident
Management Policy and follow the
steps outlined in the policy. “We were
on the same page, speaking the same
language as we quickly stepped
through the process of managing the
incident.” said ILLUMEN GM, Greg
Oblack. Ultimately, the incident was a
5
result of a third party penetration test
that ILLUMEN passed with flying
colors. ILLUMEN now has custom
documentation that they use internally
and documentation they can share
6
with existing customers as
well as potential customers
wanting to know how they
are ensuring the
confidentiality, integrity and
availability of customer data.
ILLUMEN also has a better
handle on all of their
vendors, associated
contracts, and a clear
course of action for the next
steps in maintaining a robust
security and compliance
program.
7
ILLUMEN is able to share this
information quickly and easily using
the MyVCM Trust Network. “We are
impressed with the professionalism
and knowledge of the team and the
effectiveness of the tool; we receive
reminders when a policy is due for
update, or an audit tasks needs to be
completed and we can go in and see
if and who carried it out. MyVCM is a
great tool to have in the arsenal when
dealing with regulatory compliance.”
CEO Mike Jenner.