How Neopharma consolidated effort and achieved compliance with 4 frameworks in 90 days
Neopharma Technologies is an Australian MedTech company providing patented solutions for reliable drug testing across enterprises, healthcare, government, and institutions in the fight against current and future drug epidemics. Their specialized drug testing products like TamperLoks, Neotest, and Neovault help establish rigorous employee drug testing programs and protocols to reinforce adherence to various ESH (Environment, Health & Safety) regulations.
ISO 27001
SOC 2
HIPAA
GDPR
Australia
2 weeks
Time to set up Sprinto and security programs
90 days
Time to achieve HIPAA, ISO 27001, SOC 2, and GDPR compliance
Fastest audit experience with minimal compliance fatigue
Ready to get started?
Challenge
When it comes to drug testing programs, maintaining clean data and accurate reports are fundamental requirements for successful audits. To this end, Neopharma specializes in enabling organizations to establish and manage precise, dependable drug testing programs. Through a unique combination of specialized drug testing kits and intelligent software, Neopharma ensures that organizations can achieve fast, accurate, and easily auditable drug testing results.
With an explosion of interest in drug testing during and after the COVID-19 pandemic, coming from both large-scale organizations and governments, Neopharma wanted to address security concerns and achieve compliance with key industry frameworks – HIPAA, ISO 27001, SOC 2, and GDPR – to demonstrate high standards of data security and privacy. To meet rigorous compliance requirements, Neopharma sought a compliance solution provider to help them reach compliance and undergo security audits as quickly as possible. The certifications and audit reports would boost the organization’s credibility, enabling confident engagement with healthcare providers, partners, and investors.
As a startup with limited resources, focusing on compliance and understanding the complex requirements of different standards took a lot of work. Neopharma hired compliance consultants but their manual approach proved time-consuming. They even considered building an in-house solution but opted in favor of a commercial solution and turned to Secureframe.
While meaningful to the goal, Secureframe quickly proved inefficient. “We were recommended to take on one compliance framework at a time and to do all four would have taken us about a year,” remembers Gajenddra Raj, CTO at Neopharma. “We figured this is how things were supposed to be done. But we struggled to get the kind of assistance we needed to move things along,” he adds.
Time zone differences added to their woes further. “Geographical constraints and lack of urgency with Secureframe made it impossible to resolve issues in time. We needed someone to point us in the right direction,” notes Gajenddra.
Disappointed with the pace of the audit readiness and the communication issues with Secureframe, Neopharma started looking for a vendor that could work according to their ambitious timelines and support them in their timezone. Sprinto emerged as the most promising platform.
Sprinto looked like the right bet. With a clear plan and strict timelines, their guided approach convinced us to make the switch.
Solution
As the first step, Sprinto scoped out for Neopharma how they could achieve all 4 compliances without spending more time and effort than necessary. Sprinto’s common control framework proved exceptionally beneficial to this end. With Sprinto’s seamless setup and help from compliance experts, Neopharma took 2 weeks to completely migrate from their old platform to Sprinto. Once Neopharma seamlessly integrated its infrastructure, including Google Workspace and MongoDB, with Sprinto, the platform consolidated assets and centrally mapped security controls tagged to each entity.
Taking on the more aggressive framework – ISO 27001 – Neopharma tackled each compliance requirement in a structured, time-bound manner. Guided by compliance exports, they diligently addressed control gaps and resolved issues as they progressed. By bringing their compliance posture to ISO 27001 standards, Neopharma minimized the incremental effort to comply with other frameworks, thanks to common control mapping.
With Sprinto integrated and active, Neopharma gained clear visibility into its compliance status, identified and resolved anomalies promptly, and established a responsive compliance monitoring process.
One of the best parts about Sprinto is its ease of use. Even the non-technical people in our organization were able to use it effectively.
Sprinto’s automation, built-in policy templates, and workflow checks accelerated Neopharma’s progress toward sweeping compliance. “Automation and periodic alerts took away the guesswork and helped our team complete compliance tasks faster,” remarks Gajenddra.
Once ISO 27001 was efficiently enforced, Neopharma moved towards GDPR, HIPAA, and SOC 2 readiness. Thanks to Sprinto’s common control mapping, Neopharma found that over 90% of the required controls were already addressed through ISO 27001 implementation. The incremental effort required was minimal and Neopharma was able to complete the remaining compliance requirements in a matter of days.
Sprinto gave the real-time status of all controls and compliance activities in a single dashboard. We quickly understood the gaps in our and could fix them to become audit-ready in time!
Results
Neopharma achieved compliance with ISO 27001, GDPR, HIPAA, and SOC 2 in under 3 months. During the audit process, Sprinto’s audit dashboard and consolidated evidence within helped move the review along quickly.
Everything that the auditor needed was already up on the Sprinto dashboard. This was the fastest audit experience we had.
Since achieving compliance, Neopharma has significantly enhanced and solidified its credibility. Audited and certified, Neopharma has seen a massive improvement in investor confidence as the company progresses toward IPO readiness.
“In our competitive marketplace, we are one of the few companies with all four compliance certifications. Today, we can prove to investors and customers that we are secure and privacy is our top concern. Switching to Sprinto for our compliance journey is our best decision. It allowed us to quickly cover more bases to be 100% compliant,” states Gajenddra.