Echo IQ specializes in AI-powered solutions for cardiology, enhancing the accuracy and speed of diagnosis and helping healthcare providers deliver more timely and effective care.
“A knowledgeable team, fantastic resource set, and strong integrations with core business systems take away a lot of the manual effort involved in maintaining and seeking compliance. It saved us at least $120,000 a year in resourcing, let alone compliance and consultancy fees.”
Seán Bryceland, CTO at Echo IQ
Jump To
Echo IQ specializes in AI-powered cardiovascular diagnostics, working in hospitals and clinical environments around the United States and Australia. Because they work with sensitive health information, security and compliance are top priorities as they develop their technology. The team knew it was critical to their international expansion.
“Data security is extremely important to us. Before we even brought our product to market, we needed to make sure that we were operating at the highest level of security possible. We decided to implement SOC 2 and HIPAA compliance because it would give us permission to play in the healthcare space across the world," explains Seán Bryceland, CTO at Echo IQ.
The team had no existing compliance framework, which meant they had to start from the beginning.
“We’re a relatively new business, so we were starting from scratch,” says Bryceland. “While there’s no requirement for us to have a SOC 2 report, we knew it was a pressing concern for the IT teams of our customers that we’re dealing with."
Bryceland knew just how much manual, time-consuming work was involved in the compliance process. He evaluated several vendors, including major consulting firms, before landing on Secureframe.
“I come from a government background where we completed a very manual compliance process with a lot of paperwork and a lot of back and forth in the audit process,” he says. “I looked at a number of partners to help us, and what I found in Secureframe was a nice surprise.”
Secureframe’s policy management tools kickstarted the process for Echo IQ and helped them quickly build a compliant policy library.
“We weren’t starting from a blank sheet of paper,” says Bryceland. “We had a really good set of source materials to build our SOC 2 and HIPAA compliance frameworks from.”
Secureframe’s easy-to-use platform also gave Bryceland and his team a clear roadmap for achieving SOC 2 and HIPAA compliance.
“I hadn’t done SOC 2 or HIPAA before. With Secureframe, we got a really clear sense of the overall timeline and process,” he says. “I liked the fact that we could control the compliance process to a certain extent, and that we could collect evidence on an ongoing basis in one place."
In addition to a solution with out-of-the-box framework support, access to deep expertise and partnerships with auditors is instrumental for companies like Echo IQ still in the build-and-launch phase of their product development.
“The thing that really appealed to me about Secureframe was having their relationships with US-based auditors, given a significant portion of our customer base is in the US,” says Bryceland.
This, combined with deep integrations with tools like Microsoft, Gitlab, and AWS, made it easy to get their compliance program up and running quickly.
“It was super quick and easy to set up the integrations,” he says. “The fact that it was updated in real-time was fantastic, which really drew me in as opposed to an ongoing or one-off consultancy project or standing up an internal team. We could achieve the same outcome by having an automated platform without having to bring in extra staff.”
“We were SOC 2 Type 1 and HIPAA compliant within six months, so we were able to state that we were compliant before we even launched into the US market, which was key for us,” says Bryceland. “We're able to present a really strong and competent security story to our customers. It's something that we don't shy away from. We've never been held back by security concerns in a customer or sales process.”
Even more surprising for the team was how easy the auditing process was.
“Having experienced a manual approach to compliance auditing in the past, the interaction was much more seamless. I didn’t have to chase an auditor for updates because they were self-sufficient within the Secureframe platform,” he says. “We also did an audit readiness check with Secureframe before the audit, which was reassuring knowing we were going into our audit fully prepared.”
Partnering with compliance experts gave the team confidence throughout the process.
“The platform is fantastic and technically strong, and it’s backed up by real compliance expertise, which makes it invaluable,” says Bryceland. “A knowledgeable team, fantastic resource set, and strong integrations with core business systems take away a lot of the manual effort involved in maintaining and seeking compliance. It saved us at least $120,000 a year in resourcing, let alone compliance and consultancy fees.”
Now, Bryceland’s team uses Secureframe for continuous security and compliance monitoring.
“Data security is key for us. It’s easy for me to get a quick visibility snapshot if we have areas of concern,” he says. “Without Secureframe’s platform in place, we couldn’t make it an ongoing activity. I feel like we’re getting more value out of it than an annual compliance tick-the-box.”
