Catalyst Solutions is a front-runner in providing business process outsourcing and consulting services to health insurance companies in the United States.
Because Catalyst Solutions works with insurance companies that are responsible for sensitive health information, it’s crucial that the company be able to prove that they can be trusted to safeguard their customer’s data. This is particularly tricky since the company’s entire 500-person team operates almost entirely remotely, said Paul Green, Director of IT at Catalyst Solutions.
"Our clients are big on ensuring that we're trustworthy,” Green explained. Since health insurance companies work with a variety of vendors who all need to demonstrate the same level of compliance, “we needed to make sure that we’re not going to be the broken wheel and have a data breach."
In 2021, Catalyst Solutions began to realize it needed a more efficient security solution. At the time, the company relied on a one-person IT department, which meant one person was in charge of handling all compliance operations. This person spent a significant amount of time under immense pressure doing things like answering client compliance questionnaires. Over time, gaps in the company’s policies, training, and audits became apparent. To say the process was inefficient and stressful would be an understatement, explained Green.
The team decided that SOC 2 was the best answer for their company’s security needs — the question was how to get there.
The Catalyst Solutions team knew they would need to choose their compliance platform carefully. It was important to them to have robust features that supported team collaboration and allowed responsibility to be distributed across the team. Additionally, The Catalyst Solutions team felt they would need educational resources to get them across the finish line.
Strike Graph fit the bill. The platform was user friendly and allowed individual controls and tasks to be assigned to different team members.
Green’s favorite feature, though, was the built-in educational resources that are linked throughout the process. “That's really the big plus that saves me from having to do a lot of investigating on what to provide and hunting for the correct form.” And, Strike Graph’s customer success team was there to provide support when needed.
Once Catalyst Solutions started using Strike Graph, the SOC 2 process only took about six months. And, because Catalyst Solutions already had everything in place within the Strike Graph platform, its audit took less than three weeks.
“The end result was we successfully completed our first SOC 2 audit, got our SOC 2 certification, and our clients were very happy with that. And we were very happy with that,” said Green.
SOC 2 compliance has become an essential sales tool for Catalyst Solutions. For some of their potential clients, “Many of the companies we want to work with require SOC 2 before they will even talk to us. And, having our SOC 2 report means we do one compliance effort per year instead of a separate security questionnaire for every company we pitch to.”
Having a SOC 2 report has also saved Catalyst Solutions a tremendous amount of time when it comes to onboarding new clients. For example, said Green, working with large health companies is much easier now. In the past Catalyst Solutions would often have had to fill out a 100-point questionnaire in order to do business with their larger clients, now all it has to do is share out its SOC 2 report from Strike Graph’s trust asset library.
Equipped with SOC 2, Catalyst Solutions is poised for growth. The company plans to continue maintaining its SOC 2 compliance with Strike Graph's user-friendly platform, robust tools, and educational resources and may add other security frameworks as its business continues to expand.