CASE STUDY
ÉTUDE DE CAS

How US Med-Equip cut audit time in half with Vanta

COMPANY
ENTREPRISE
US Med-Equip
EMPLOYEES
EMPLOYÉS
725
LOCATION
EMPLACEMENT
United States
SOLUTION
SOLUTION
INDUSTRY
INDUSTRIE
Healthcare (Medical Equipment, Beds & Therapeutic Surfaces)
VANTA CUSTOMER SINCE
ANNÉES AVEC VANTA
2022
Improved partnerships

Gaining compliance and improving security increased confidence in US Med-Equip’s innovative approach to connecting with hospital EMR systems.

Continuous visibility

Vanta gives the team visibility into their security posture, allowing them to continuously and proactively improve.

Time savings

Without Vanta, it would’ve taken the team 2x the time to prepare and complete an audit.

“Vanta provides a trust management platform for us to use to gauge ourselves and our business to ensure that we are doing everything we can to serve our customers.”

‍Joe Berglund
Director of IT Operations and Cybersecurity at US Med-Equip
The company

Lifesaving medical devices and a focus on innovation

Founded in 2003, US Med-Equip partners with thousands of hospitals across the country for the rental, sale, service and asset management of medical equipment,  such as respiratory, infusion, beds & therapeutic surfaces, central supply, monitoring, NICU and other life-saving devices. With over 725 employees, US-Med Equip is focused on providing the highest quality medical equipment for patients under the care of its 5,795+ hospital partners. 

Joe Berglund, Director of IT Operations and Cybersecurity at US Med-Equip, is committed to achieving operational excellence. His team works to solidify the company’s security foundation while continuing to build for the future. “We want to make sure that we’re supporting the business as it is today,” said Joe. “At the same time, we're trying to effectively support innovation goals that help us move forward.”

To support their partners, the team knew they needed compliance and security controls, especially since the easiest and fastest way to serve hospitals and medical facilities is to connect  directly into their Electronic Medical Record (EMR) systems, which house sensitive patient data.

The challenge

Security improvements necessary to deliver for partners

The team at US Med-Equip knew that it would be extremely valuable to their partners to integrate directly into their EMR systems as it would improve supply chain pain points. To reach this goal, they needed to prove that their partners’ data was secure and that the integrations would not introduce any new risk to their partners or USME.

Focusing on SOC 2 Type II, NIST CSF, and HIPAA would help fulfill this mission, but the team was starting fairly fresh. The company did not have an established culture of security nor a deep understanding of why security was so important for end users and the organization at large. They had tracked HIPAA previously — albeit manually — using lengthy documents and spreadsheets, and they had not addressed SOC 2 Type II requirements before.

{{quote-2}}

Joe knew that they’d need help from a trust management platform and began his search. They needed a platform that would transform the traditional audit experience by enabling them to be proactive in their compliance efforts. And they sought a solution that would bring automation and repeatability, allowing them to consistently stay on top of their compliance posture.

“We looked for three things: we wanted to minimize meetings with auditors, reduce the need for manual capture methods, and eliminate the need to have to work out of another portal,” Joe says.

Joe and his team ultimately chose Vanta as they found that the platform’s 300+ integrations far surpassed those of any other solutions.

The solution

A new platform and a new mindset

Vanta’s onboarding process was smooth, efficient, and customized. “Vanta did so much more for us than giving us the platform,” says Joe. “The Vanta team helped set it up in a way that was customized to us — they guided us.”

US Med-Equip's journey involved not only achieving compliance but also helped to instill a security-focused mindset across the organization. This meant coordinating efforts to enforce policies, educate teams on SOC 2 requirements, and foster a culture of security awareness. 

As they onboarded USME onto Vanta, they witnessed a shift in mindset among teams, from questioning the necessity of security measures to actively addressing potential vulnerabilities.

WIth the help of Vanta, it took Joe and his team nearly six months to prepare for their SOC 2 audit. For Joe, this was incredibly fast considering how much effort and transformation within the organization was required. 

The impact

Continuous visibility and massive time savings

With Vanta, US Med-Equip significantly reduced the time required to prepare for audits. In fact, Joe estimates that the time it took to prepare and complete the audit would’ve taken twice as long had it not been for Vanta. 

“Vanta cut our time in half, if not more, to prepare and complete the audit. Using Vanta, we can accurately and continuously measure our performance as a company from a compliance and a security perspective,” says Joe.

Today, Vanta has become a central hub for Joe’s team’s operations. The visibility, automation, repeatability, and continuous monitoring of the platform itself has been a game-changer for Joe. Now, their team can go into Vanta at any time and understand if their controls are adhered to — and if not, what needs to be addressed and by when.

“Every single week, we pull up Vanta and we use it as a measuring tool of how we're doing. If we’re not doing well in a certain area, it gets addressed right away during that meeting,” explains Joe.

{{quote-3}}

“To be successful in integrating and solving our partners’ supply chain challenges, we needed to prove that our systems and our security processes were trustworthy and that we wouldn't increase their risk.”

‍Joe Berglund
Director of IT Operations and Cybersecurity at US Med-Equip

“Vanta has brought us from not knowing how we were doing from a compliance perspective to a place of confidence and truly knowing that we are compliant.”

‍Joe Berglund
Director of IT Operations and Cybersecurity at US Med-Equip