ComplyAssistant

ComplyAssistant needed to provide its customers with a cloud environment that met the compliance requirements across a number of highly regulated industries, including healthcare, government, and financial services.

Selection Criteria

• Regulatory expertise
• Responsiveness
• Deep AWS knowledge

Solution/Platform

ComplyAssistant started with a Connectria private hosted cloud in 2010 and then migrated to an AWS Managed Cloud in 2018.

Results

• Confidence in their compliance
• Selling point for customers
• Zero downtime
• No additional headcount needed

ComplyAssistant began life in 2002 as a security and compliance consulting company, managing HIPAA compliance for healthcare organizations. Over the years, they developed software tools to help their growing client base self-manage compliance projects. Then, in 2010, the company decided to commercialize those efforts into a comprehensive GRC (Governance, Risk, Compliance) application that can be used across many highly regulated industries, including healthcare, government, and financial services.

The Challenge

ComplyAssistant didn’t start out as a software company. Gerry Blass, the company’s founder, was serving as the Chief Information Security Officer for a major healthcare system in New Jersey when HIPAA was first passed. Leveraging his first-hand knowledge of HIPAA compliance and its many challenges, he left that position in 2002 to start his own compliance management consulting company.

As the client base grew, Gerry decided his clients could benefit from tools to help them better manage their compliance in-house. At a family event in 2009, he was chatting about the challenges of creating this application when his nephew, James Schroeder, chimed in saying, “Hey, I can do that!” With the addition of James to the team, a software company was born. While ComplyAssistant started out small, the company’s GRC management applications are now used by hundreds of organizations across the country to stay on top of the countless tasks, events, follow up actions, and documents involved in compliance management. ComplyAssistant even has a mobile auditing app to help clients with the walkthrough of a physical location.

Having launched their solution in 2010, ComplyAssistant didn’t just take a cloud-first approach to their application. They took a cloud-only stance by delivering their solution only in a SaaS model. However, being a relatively small company with team members wearing multiple hats, they decided to manage a compliant environment in-house was more than they could handle.

“We didn’t have experience building the infrastructure necessary for a regulated environment,” explained James. “It wouldn’t be an efficient use of our budget to hire someone in-house, and Connectria’s ‘No Jerks Allowed’ motto really resonated with us.”

The Solution

In 2010, the public cloud wasn’t as natural a choice for a highly regulated environment as it is today, so ComplyAssistant chose to house their SaaS solutions in a private cloud located in Connectria’s data center. Because James and his team were already stretched thin, he elected to delegate much of the day-to-day management of the cloud environment to Connectria as well.

“Our application isn’t necessarily intended to house PHI data, but in the course of managing a HIPAA project, sensitive data will sometimes get entered into the system,” said James. “We couldn’t afford to risk non-compliance, so we needed a provider with the experience and the bandwidth to stay on top of it for us. We found that in Connectria.”

ComplyAssistant is considered a Business Associate under the HIPAA regulations, and they provide a signed BA agreement to every client they work with. Even so, the Connectria relationship is part of the selling process as well. As James shared, “We get grilled by clients about HIPAA compliance. There’s real value in just being able to tell a client your workloads will be in a cloud-managed by Connectria.”

Then, in 2018, ComplyAssistant decided to take another look at AWS. “AWS is everywhere now, and it’s a skillset a lot of people have,” said James. “We liked the scalability of AWS, and because we could easily add talent in house, we feel like we’re in a better position to take more control of our cloud environment if we wanted to.”

Connectria helped James create a migration plan to AWS that made sense for the organization. “Connectria gave me a migration project manager. I knew the solutions architect and engineers. We had weekly meetings, and I had a whole team to bounce ideas off of. I even had a roll-over period where my old environment and AWS were running simultaneously. Everything was managed well, and it went very smoothly.”

The Results

James decided to continue to work with Connectria for the day-to-day management of the AWS environment. “At the end of the day, AWS administrators may be plentiful, but they aren’t necessarily cheap. And, they are in such high demand that they’re hard to retain,” said James. “After nearly a decade of working with Connectria, we were so comfortable with them that we decided it made sense to outsource the management of our AWS environment to them as well.”

In addition to compliance, one of the other aspects of Connectria’s capabilities that appealed to ComplyAssistant was the availability of their systems. Since the beginning of the relationship in 2010, ComplyAssistant has never experienced any unplanned system downtime, and they use this reliability as a selling point with their customers.