How Zeto used Sprinto to get compliant and shorten IT review process

Zeto.io is a USA-based medical technology startup democratizing EEG (Electroencephalography) for healthcare. Their innovative EEG headset is a patent-winning, wireless, zero-prep, dry electrode headset backed by a state-of-the-art cloud platform that ensures the most seamless EEG experience for patients and physicians.

SOC2

SOC2

USA

14 days

Time to achieve SOC2 compliance

20 days

Time to complete SOC2 audit

6 hours

Time spent by leadership on compliance

Ready to get started?
Challenge

From the beginning, Zeto is cognizant of healthcare compliances and has worked with due consideration to security guardrails that protect sensitive data. It was when they started engaging larger institutions, like hospitals, the need for formal compliance programs, security audits, and certifications became critical to getting product clearance. “In hospitals, you need to get a green light from everyone, including the janitor,” remarks Gabor Braun, CTO at Zeto.

Gabor Braun, CTO at Zeto.io

“Hospitals demand a lot more of their vendors. HIPAA aside, every product and system they work with needs to demonstrate the highest levels of data security,” Gabor notes. While Zeto systems are following HIPAA guidelines for Protected Health Information (PHI), they increasingly found themselves in [sales] conversations where they had to explain their security posture and IT practices in grave detail. “Each hospital has a list of some 400 IT questions about everything from data encryption to access management,” notes Gabor. “Even the simplest IT questionnaires take as much as a week to complete. To be honest, we do have canned responses for everything but it is not saving us from completing those IT security questionnaires,” he adds.

To ease the burden of filling out security questionnaires repeatedly, Gabor explored SOC2 compliance and audit. “Manually filling IT reviews are no longer viable – they are slowing us down. And it is evident that SOC2 can help us circumvent these reviews or at least cut them short,” he notes.

To this end, Zeto preferred to work with a partner that could help them get SOC2 compliant and complete their audit without taking a lot of time away from the leadership team.

SOC2 can be a prohibiting experience – you can get caught up in very long timelines and very high costs. Sprinto was a good match because it shortened the timelines and was cost-effective right off the bat.

Solution

Zeto integrated Sprinto to operationalize a SOC2 Type 1 & 2 compliance program against 3 Trust Service Criteria (TSCs).

Enabled by Sprinto’s automation, Zeto was able to get through the SOC 2 compliance checklist and complete tasks quickly. The platform implementation was completed in 14 days with the involvement of 2 members from the Zeto team.

Sitting in on a cyber security meeting is not the best use of a CTO’s time. It just helps to have provisions in place that help you shortcut IT review processes.

Results

Zeto reached SOC2 Type 1 compliance in 2 weeks and successfully completed their audit 20 days later.

Armed with the SOC2 report, Gabor notes Zeto is able to complete security reviews much more efficiently. “The old way meant taking out 8 hours to complete a single security questionnaire. Then, it would take the hospitals another week or so to interpret our answers. With a SOC2 report, the clearance cycle is much faster – you don’t end up explaining as much,” remarks Gabor.

As a SOC2-compliant company, Gabor notes an improvement in Zeto’s overall ability to convert sales. “As a company that cares greatly about making patient and physician experience seamless, we are happy with how comfortably we moved toward SOC 2 compliance with Sprinto,” notes Gabor.

“The very first day we got our hands on the SOC2 report, we closed a sale!”