CASE STUDY
ÉTUDE DE CAS
Flo Health builds a world-class security program with Vanta
Flo is officially the first period and ovulation tracker to be ISO 27001 certified
Flo Health completes ISO audit Stage 1 in two weeks and Stage 2 in three days
Vanta’s Slack and JIRA integrations support cross-team compliance management
“We had really good feedback from end-users of Vanta. We spoke with like-minded companies of similar size and they were super positive. Vanta also aligns with our brand—they understand the importance of a project like Flo Health.”
The company
Building a better future for female health
Flo is the most popular women’s health app globally; it’s the #1 OB-GYN-recommended app for period and cycle tracking based on a survey among US OB-GYNs.
With over 100+ medical experts, Flo supports women during their entire reproductive lives and provides curated cycle and ovulation tracking, personalized health insights, expert tips, and a fully closed community for women to share their questions and concerns.
Founded in 2015, Flo Health acquired one million users in a little more than a year of being in operation. Now, Flo Health serves 260 million users, and 12% of the US women <45 use Flo. A key component to Flo Health’s success is a constant dedication to customer-centric decisions. From product design to user experience and security protocols, every decision made at the company is guided by customer satisfaction.
“We take regular feedback from our end users,” says Chief Information Security Officer Leo Cunningham. “We genuinely care about what we do as a company—we love our values.” In addition to offering a highly personalized product, Flo Health remains dedicated to customer satisfaction by protecting sensitive health data through security and compliance.
The challenge
Turn something good into something excellent
After experiencing a considerable stage of hyper-growth, Flo Health recognized an opportunity to create an exceptionally strong security program to protect user data. Flo Health’s board of directors “wanted to create the most secure health and well-being app on the planet,” Leo says.
To achieve such a high benchmark for security success, Flo Health pinpointed a need to take an already good security program and make it as strong as possible. “I joined Flo Health with the goal of creating a world-class security function. We want to build the most secure app possible,” Leo says. “We invest in security, we invest in privacy, and we are 100% serious when we talk about being world-class.”
In order to bring its security and compliance program to the next level, Flo Health sought one of the most thorough international compliance certifications available—ISO 27001. Originally, Flo Health chose a traditional compliance partner to get ISO certified. “They were a bit old-fashioned for a company like Flo Health,” Leo says. Flo Health decided to seek another compliance partner—one that ticked all the boxes, and then some.
The solution
Powerful compliance automation made simple
Flo Health knew exactly what they needed in a compliance solution. “We looked at various audit companies, ISO solutions, and software implementations. We needed something that was sleek, easy to install, and easy to manage,” Leo says. Flo Health ultimately decided to partner with Vanta after conducting an in-depth comparison of other solutions.
Because Flo Health is in a constant state of hyper-growth, Leo and his teams need a compliance solution that continuously monitors infrastructure, seamlessly collects evidence, and integrates into day-to-day tools like Slack and JIRA. Most of all, Flo Health requires a solution that’s reliable and plain easy.
“Security doesn’t need to be complex,” Leo says. “It needs to scale the business, be a business enabler, and it needs to be there at the very beginning. Without it, it’s only a matter of time before there’s a serious issue.”
The impact
A #1 app with best-in-class security standards
Thanks to Vanta’s automated evidence collection, Flo Health enjoyed an expedited auditing experience on the road to achieving ISO 27001 certification. Leo and his team were able to complete Stage 1 of the ISO audit in one week, and Stage 2 in three days.
Flo Health received compliments from its auditor for having strong policies and controls in place. “Our auditors had never heard of Vanta before—they were really impressed by the ease of use and aesthetics of the platform. It ticked a lot of boxes.”
Vanta’s platform gives Flo Health’s various security and compliance teams a collective viewpoint of all ISO 27001 controls by continuously scanning the company’s infrastructure. “Vanta’s dashboard is very clear,” Leo says. “It has good analytics and control breakdown. I don’t think we’ve had a single issue, which is extremely rare in security.”
In addition to a seamless audit and intuitive integrations, Flo experiences constant, personalized support from Vanta’s team of experts. “Our CSM is an absolute superstar. We couldn’t have asked for a better person to help us on this journey,” Leo says. “He's always on hand and he plays a key part in making sure that we are set up for success. That's a testament to the type of people Vanta hires.”
{{quote-2}}
Flo is officially the first period and ovulation tracker to be ISO 27001 certified. “Getting ISO 27001 was a major milestone for us,” Leo says. According to Sensor Tower in June 2022, Flo became the #1 women's health app worldwide based on App Store downloads.
Staying true to its commitment to security, Flo Health views ISO 27001 as a continuous process. Leo’s teams use Vanta on a daily basis to collect evidence for their annual ISO audit. Looking forward, Flo Health is exploring ISO 27701 with Vanta to continue its reputation for world-class security.
