How SiteRocket Labs Builds Compliant Healthcare Applications with Sprinto
SiteRocket Labs is a software development company designing and developing custom-built software for health and medical solutions. The company works with hospitals, medical device companies, and pharmaceutical companies to develop software for clinicians to analyze and manage complex data and patient care protocols.
Key requirements
A compliance solution that affords the flexibility to build applications using a wide range of cloud services, while monitoring safeguards continuously and ensuring compliance with crucial security and privacy frameworks.
Sprinto solution
A platform that integrates seamlessly and natively with 75+ cloud services used in application development–including AWS, Azure, and GCP–to continuously monitor the environment’s compliance with HIPAA, GDPR, PIPEDA, and other frameworks, with 90% of checks fully automated to ensure real-time, continuous alignment with security and privacy requirements throughout the development cycle.
HIPAA
GDPR
PIPEDA
ISO 27001
North America
24×7
Compliance monitoring across HIPAA, PIPEDA, GDPR & ISO 27001
90%
Automation in managing and monitoring compliance
100%
Flexibility in choosing cloud services to build compliant applications
Ready to get started?
The Challenge – Striking a balance between flexibility and security
For SiteRocket Labs, the day doesn’t end at designing, developing, maintaining, and enhancing complex software. Due to the sensitive medical data their applications process, the company also configures every aspect of their clients’ cloud infrastructure and ensures compliance with various regulations including HIPAA, PIPEDA, GDPR, and more.
David Emerson, founder and CEO of SiteRocket Labs, elaborates, “Our clients really lean on us to ensure that their applications comply with the necessary regulations and are very secure. So security and privacy by design is baked into everything we do, with safeguards built into every level of our software development lifecycle.”
As part of the SiteRocket team’s efforts to transform operations to this state of “built-in privacy”, David and his team reviewed a handful of cloud hosting solutions and compliance platforms before zeroing in on Sprinto.
Initially, the Siterocket team went about building privacy in broadly one of two ways: they either configured safeguards such as intrusion detection systems, firewalls, DDoS protection, and automated backups themselves, without the means to ensure compliance standards;
Or they ended up utilizing hosting platforms that provided good protection and out-of-the-box security frameworks, but afforded the team very little ability to choose which specific tools they wanted to use.
“We needed to ensure that we used the types of technologies that the platform dictated, and this limited us a lot. For example, we’re working on a large project in radiology, which requires us to store DICOM files – a special type of radiology-related data. These files are often transmitted using a totally different port than HTTPS, and that wasn’t possible. Also, if we wanted to use a different type of server management platform, like Kubernetes, that option would not be available to us,” explains David.
In essence, the SiteRocket team needed a compliance solution that allowed them to build their applications as they wanted while providing 360-degree compliance monitoring across crucial privacy and security frameworks to guarantee their clients’ compliance.
When we set up and configure these applications, we knew that we needed a way to ensure that they’re configured securely and in a way that complies with necessary regulations, and we also wanted the security and compliance to be monitored on an ongoing basis
The Solution – Automated compliance monitoring powered by extensive cloud integrations
After trying out a few compliance solutions, SiteRocket Labs decided to onboard Sprinto as the platform handily met their criteria for comprehensive monitoring and cloud flexibility.
“The benefit with Sprinto is that it gives us 100% flexibility over the infrastructure setup. We can use any public cloud and tools that we want. All we need to do is ensure that we put in the proper safeguards, and Sprinto monitors that continuously. We can configure whatever services we need with absolutely no limitations,” says David.
Sprinto’s pre-built integrations could effortlessly connect with SiteRocket Labs’ preferred cloud services, automatically aligning systems with critical compliance criteria and controls. With automation-powered monitoring of security and privacy measures, the SiteRocket team tracked compliance health seamlessly on the Sprinto dashboard, across all the necessary frameworks and in-scope cloud infrastructure.
This was a crucial advantage for their clients, as David explains with an example – “We had one client serving a large number of healthcare institutions around the world, each of whom needed their own security and compliance requirements taken care of. So we needed a system that could monitor this fairly complex infrastructure and ensure that every regional or federal standard was complied with in a satisfactory way for all of the different stakeholders in each region. Sprinto was really well-suited for it.”
Sprinto also helped the SiteRocket team maintain compliance with privacy and security frameworks by alerting the team every time a control approached failure via context-rich, time-bound notifications. Sprinto’s on-platform instructions ensured that the team had the know-how to proactively fix these controls and keep client applications compliant without the hassle.
Sprinto was definitely the best fit for us in terms of the functionality that we needed. The platform makes it so much easier for us to comply with security and privacy regulatory requirements when it comes to our clients’ cloud-based infrastructure. It’s also very competitive on a cost basis!
The Result – Healthcare applications with built-in compliance safeguards, monitored 24×7
Today, the SiteRocket team doesn’t just build, deploy, and maintain secure applications for the medical sector, but also serves as a fractional CTO for a number of their clients.
David and the team deploy Sprinto for the applications they’ve built and then use the platform to scope out and complete various tasks to ensure adherence to specific compliance requirements. Depending on the nature of the task, SiteRocket Labs take them on themselves or delegate them to the client’s team.
The SiteRocket team relies on Sprinto’s support for this exercise to ensure that they have the right guidance to fill control gaps while meeting project deadlines.
“Generally, we work with Sprinto’s support team to give our clients an overview of the compliance frameworks that the client needs to adhere to and all the areas of work for which they need to allocate internal resources. We have been able to lean on Sprinto quite extensively for help and support, both for us and our clients,” remarks David.
Sprinto is also pivotal in helping maintain compliance as the SiteRocket team adds enhancements to the applications they’ve developed.
David elaborates, “We often reconfigure parts of the infrastructure to upgrade it or to deploy it in a new jurisdiction. With Sprinto we can be sure that we’re always monitoring the changes we make to the application and the infrastructure that it runs on for security and compliance.”
As SiteRocket Labs has grown, so has their scope for utilizing Sprinto, and what began as a partnership to safeguard applications has developed into a full-fledged compliance motion with security and privacy at its heart.
At first, our main attraction to Sprinto was to ensure that new applications that we get online have proper security and privacy safeguards. Now that we’ve been using it for a while, we value Sprinto also for its ability to provide continuous monitoring and assist with vendor security audits. We’ve seen tremendous value in those functionalities.