CUSTOMERS

Nayya builds trust with healthcare insurers through SOC 2 and HIPAA

COMPANY

Nayya

LOCATION

New York, New York

INDUSTRY

Healthcare Technology

PRODUCTS USED

SOC 2, HIPAA, Continuous Monitoring

EMPLOYEES

32

Nayya is a software platform that helps employees make better choices about their insurance plans.

The Challenge

In order to provide end users with personalized enrollment guidance, the Nayya Platform accesses health information such as insurance claim history, employer healthcare plan data, employee health records, and more. The sensitive nature of this information means strong security practices are critical - and proving this security posture to potential customers is imperative.


SOC 2 Type II and HIPAA compliance are particularly important to Nayya because a SOC 2 Type II represents the gold standard of security compliance for SaaS companies, and HIPAA compliance ensures protection of all the personal and identifiable healthcare information accessed by the Nayya platform.


Like many of our customers getting their first SOC 2, Nayya got to the “1-yard line” of a sales cycle with two large insurance companies when key stakeholders requested a copy of Nayya’s SOC 2 report. Together, Nayya and these stakeholders decided to move forward with an agreement with a commitment from Nayya to turn around a SOC 2 report within three months.

The Solution

Akash Magoon, Co-Founder and CTO at Nayya, sought a solution that would lift most of the burden from their engineering team and streamline both the SOC 2 and HIPAA audit process — without hiring a full-time security and compliance professional to join their small team. After connecting with a trusted adviser, Akash was introduced to Vanta. 


The team got started with Vanta and audit partner, The Cadence Group, to conduct a three-month audit that would result in a SOC 2 Type II and HIPAA Compliance.


With a background and knowledge of  data security, most of the technical aspects of the SOC 2/HIPAA processes were fairly painless. Most of the work was spent dialing in new processes for people management. Using Vanta’s customizable policy templates, Nayya put rigorous access and authentication restrictions in place and developed recovery and mitigation plans.

Results

The Impact

Nayya’s audit period ran from September 15 to December 15, and in January they got their SOC 2 report to the insurers who had originally requested it - as well as a number of new interested clients. 


Nayya estimates that with their SOC 2 report & HIPAA-compliant status, they were able to shorten the procurement process with new prospects by half and ultimately help more customers make better healthcare decisions..

3 reasons Nayya recommends Vanta:

  • Speed was of the essence for Nayya as they needed their SOC 2 to close in-flight deals. Vanta enabled Nayya to move through audit prep swiftly and thoroughly.
  • People management processes were key for Nayya, as they established practices that they could roll out for current employees and for each new hire thereafter.
  • Vanta’s HIPAA support helped Nayya put in place the necessary controls to ensure their compliance with HIPAA. Data security is essential for all companies selling into the enterprise, and for companies working with sensitive healthcare data the bar is even higher; Nayya particularly valued Vanta’s partnership in their HIPAA compliance journey.
VIEW REPORT
PRODUCTS USED
SOC 2
HIPAA

Getting our SOC 2 was an absolute game-changer for the way that Nayya is able to sell into larger companies.

Akash Magoon
Co-Founder & Chief Technology Officer | Nayya

Additional Case Studies

Chili Piper streamlines annual SOC 2 monitoring and reporting process

Viakoo stays SOC 2 compliant and continuously secure with Vanta

How Belvo stays ISO 27001 compliant and continuously monitored with Vanta

Everything you need to get compliance audit ready, fast.

Vanta automates security compliance.
Please enter your first name
Please enter your last name
Please enter a valid email address
Please enter a job title
Please enter your company name
Please enter your company website
Thank you! Your submission has been received!
Oops! Something went wrong while submitting the form.
🎉
Try Vanta free for a week. See the difference.
Learn more >
CASE STUDY

Nayya builds trust with healthcare insurers through SOC 2 and HIPAA

COMPANY
Nayya
EMPLOYEES
<50
LOCATION
New York, NY
SOLUTION
SOC 2, HIPAA
INDUSTRY
Healthcare Technology
YEARS ON VANTA
2
Fast audit

Vanta enabled Nayya to move through audit prep swiftly and thoroughly

Improved onboarding

People management processes were created for current employees and new hires

Clear guidance

HIPAA support helped Nayya put in place the necessary controls to ensure their compliance with HIPAA

Getting our SOC 2 was an absolute game-changer for the way that Nayya is able to sell into larger companies.

Akash Magoon
Co-Founder and Chief Technology Officer | Nayya
The Company

Helping employees with insurance

Nayya is an AI-based software platform that helps employees make better choices about their insurance plans. The Nayya Platform offers personalized recommendations based on an employee's financial, physical, and emotional needs.

The Challenge

Stuck at the one yard line

In order to provide end users with personalized enrollment guidance, the Nayya Platform accesses health information such as insurance claim history, employer healthcare plan data, employee health records, and more. The sensitive nature of this information means strong security practices are critical - and proving this security posture to potential customers is imperative.

SOC 2 Type II and HIPAA compliance are particularly important to Nayya because a SOC 2 Type II represents the gold standard of security compliance for SaaS companies. HIPAA compliance ensures protection of all the personal and identifiable healthcare information accessed by the Nayya Platform.

Like many of our customers getting their first SOC 2, Nayya got to the “one yard line” of a sales cycle with two large insurance companies when key stakeholders requested a copy of Nayya’s SOC 2 report. Together, Nayya and these stakeholders decided to move forward with an agreement with a commitment from Nayya to turn around a SOC 2 report within three months.


The Solution

Lifting the compliance burden

Akash Magoon, Co-Founder and CTO at Nayya, sought a solution that would lift most of the burden from their engineering team and streamline both the SOC 2 and HIPAA audit process — without hiring a full-time security and compliance professional to join their small team. After connecting with a trusted adviser, Akash was introduced to Vanta.

The team got started with Vanta and audit partner, The Cadence Group, to conduct a three-month audit that would result in a SOC 2 Type II and HIPAA Compliance.

With a background and knowledge of data security, most of the technical aspects of the SOC 2 and HIPAA processes were fairly painless. Most of the work was spent dialing in new processes for people management. Using Vanta’s customizable policy templates, Nayya put rigorous access and authentication restrictions in place and developed recovery and mitigation plans.


The Impact

SOC 2 on time

Nayya’s audit period ran from September 15 to December 15, and in January they got their SOC 2 report to the insurers who had originally requested it - as well as a number of new interested clients.

Nayya estimates that with their SOC 2 report and HIPAA-compliant status, they were able to shorten the procurement process with new prospects by half and ultimately help more customers make better healthcare decisions. Speed was of the essence for Nayya as they needed their SOC 2 to close in-flight deals. Vanta enabled Nayya to move through audit prep swiftly and thoroughly.

Vanta’s HIPAA support helped Nayya put in place the necessary controls to ensure their compliance with HIPAA. Data security is essential for all companies selling into the enterprise, and for companies working with sensitive healthcare data the bar is even higher; Nayya particularly valued Vanta’s partnership in their HIPAA compliance journey.


Akash Magoon
Co-Founder and Chief Technology Officer | Nayya

Akash Magoon
Co-Founder and Chief Technology Officer | Nayya

Subscribe to our newsletter

Want to stay up-to-date on all things security and compliance? Subscribe to Vanta's newsletter for the latest on compliance standards, data security, and Vanta insights.

Everything you need to get compliance audit ready, fast.