D’Youville University Strengthens Cybersecurity Governance and Saves Time with FortifyData

Challenge

D’Youville’s small IT team was caught in a cycle of reactive compliance activities and insurance requests, spending valuable time managing spreadsheets, correlating findings in different point solutions and chasing evidence in document repositories instead of strengthening their cybersecurity program. FortifyData provided the structure and automation they needed to shift from administrative firefighting to a focused, strategic risk management approach.

Key Results

By transitioning from manual spreadsheets and point solutions to an integrated Cyber GRC platform, D’Youville University realized significant efficiency gains and strengthened its overall security program in time savings, improved governance, improved staff buy-in through effective communication of cyber risk, simplified vendor risk management, readily available artifacts to support insurance renewals; all key benefits of a platform with multiple capabilities.

“Prior to having this platform, it was just like ad hoc assessments created or hey, we think we need to have a policy for XYZ, right? But we can’t definitively prove why we need to have that… So that really helped guide those conversations and in turn really develop an actual governance and compliance framework.”

Kristin Benoodt
Former Director of Networking and Security
D’Youville University

About D’Youville

D’Youville University is a private institution in Buffalo, New York, serving thousands of students across healthcare, business, education, and liberal arts programs. With a relatively small IT team (fewer than 20 professionals managing everything from networking and instructional technology to enterprise applications) the university faced growing demands to strengthen its cybersecurity posture and comply with evolving regulations.

During her time at D’Youville, for Kristin Benoodt, Director of Networking and Security, this meant balancing governance, risk management, and compliance responsibilities with day-to-day IT operations, all while adapting to new pressures from cyber insurance carriers and third-party vendors.

Overview

Like many smaller higher education institutions, D’Youville lacked the external oversight or industry-specific auditing that larger universities often face that often drive a compliance direction.

D’Youville University’s cybersecurity team faced the dual challenge of limited resources and competing priorities. With no dedicated governance framework in place, the small team’s time was consumed by ad hoc compliance tasks, insurer questionnaires, and reactive security initiatives.

Efforts to “keep up” with external demands became a cycle of inefficiency; diverting valuable hours away from advancing a unified cyber risk management strategy. Without the right structure or tools, their expertise was spread thin across spreadsheets, manual evidence collection, and fragmented reporting.

Key challenges included:

Ad hoc processes: Security assessments were often based on intuition or best practices the team had heard about, rather than standardized frameworks.
Spreadsheets and shared folders: Policies, risk assessments, and evidence were tracked manually, making it difficult to collaborate or maintain version control.
No unified compliance framework: Staff knew controls like MFA were important, but had no concrete way to show why they were necessary or how they mapped to NIST, HIPAA, or GLBA requirements.
Rising cyber insurance demands: Carriers began requiring detailed evidence of controls, not just checkboxes. Without documented proof, renewals became stressful and time-consuming.
Limited visibility into vendor risk: As with many small universities, D’Youville relied heavily on external vendors but lacked the resources to perform comprehensive third-party risk analysis.

The result was an overextended IT team struggling to balance operational priorities with the need to develop a long-term governance and compliance framework.

The Solution

To address these challenges, D’Youville implemented the FortifyData Cyber GRC Platform, consolidating compliance, risk, third-party and vulnerability management into a single system.

FortifyData delivered:

Framework and Compliance Guidance

The University could self-assess against NIST 800-171, HIPAA, and GLBA which showed exactly what controls and policies were required and map findings to controls. Staff could see the “why” behind requests like MFA enforcement, which improved adoption.

Centralized Task Management

Using FortifyData’s task management function, Kristin could assign evidence-gathering tasks to staff or interns, track progress, and eliminate the need for constant oversight all within the appropriate framework.

“I really can’t say enough about the ability to assign tasks and have it complete in there. That was a great feature… I could just assign stuff and check the progress instead of constantly rehashing what we’re supposed to be working on or pulling up manual spreadsheets.” – Kristin Benoodt

Third-Party Vendor Risk Assessments

The platform provided risk scores for D’Youville’s top vendors, which became critical in improving their risk posture, aided insurance renewals and vendor contract decisions.

Integration with Existing Tools

Pulling data from Microsoft Defender and other systems allowed the team to review vulnerabilities, vendor risk, and compliance evidence in one place.

Board-Level Reporting

FortifyData enabled Kristin and the CIO to present clear reports to the board of trustees, highlighting frameworks followed, policies created, and completion percentages, without weeks of manual preparation that demonstrated the risk reduction and compliance management progress the team was making.

“With spreadsheets, we were constantly rehashing what needed to be done. With FortifyData, everything was in one place, and the team knew exactly what we were working toward.” – Kristin Benoodt

The Results

By moving from manual spreadsheets to an integrated Cyber GRC platform, D’Youville realized significant efficiency gains and strengthened its overall security program.

Time Savings

Kristin knows that the team was able to create more actionable policies to meet requirements then would be able to before FortifyData.
D’Youville got through HIPAA compliance faster than they would have by being able to gather evidence a lot faster and provide it for the particular question or control and the end result was an institution wide policy.
Board report preparation that previously consumed weeks could be compiled in a fraction of the time, freeing staff for operational priorities.

Improved Governance and Staff Buy-In

Staff better understood the purpose of controls like MFA once they were tied to framework requirements.
The University was able to develop an institution-wide HIPAA policy, not just specific to certain clinics on campus.
Having a clear rubric gave the IT team a shared set of goals, improving collaboration and morale.

Simplified Vendor Risk Management

Risk scores for third-party vendors provided actionable insights that influenced contracts and insurance renewals.
The ability to proactively address compromised accounts (such as dark web findings) reduced reliance on reactive SOC alerts.

Support for Insurance Renewals

FortifyData reports provided the proof and evidence insurance carriers demanded, helping with policy attainment and reducing the risk of denied claims.

Ease of Implementation

Onboarding was seamless: a two- to three-week proof of concept transitioned directly into production, unlike the lengthy rollouts Kristin had experienced with other tools.

"We were able to gather evidence a lot faster and put it into the questionnaire for that particular framework… It probably reduced the adoption of that by like 30 or 40%. It also helped with user buy-in because if users can see what you’re doing and they understand why, they’re more likely to meet the requirements.”

Kristin Benoodt

Why FortifyData?

For Kristin and her team, FortifyData stood out because it combined capabilities that are rarely found together in one solution:

Compliance framework management
Risk and vendor assessments
Risk-based vulnerability management
Centralized task delegation and tracking

“Usually, those three or four things aren’t in one platform. That was one of the biggest appeals of FortifyData—it delivered what others [single pane of glass] just claimed.” – Kristin Benoodt

Moving Cybersecurity from Ad Hoc to Proactive

With FortifyData, D’Youville University transformed its cybersecurity governance from ad hoc spreadsheets to a structured, proactive program. For a small IT team managing diverse responsibilities, the time savings, improved visibility, and consolidated platform proved invaluable.

By providing clear frameworks, integrated risk management, and efficient reporting, FortifyData enabled D’Youville to reduce compliance burdens, strengthen its security posture, and free up time to focus on what mattered most, supporting the institution’s mission.

Cookie	Duration	Description
cookielawinfo-checkbox-analytics	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Analytics".
cookielawinfo-checkbox-functional	11 months	The cookie is set by GDPR cookie consent to record the user consent for the cookies in the category "Functional".
cookielawinfo-checkbox-necessary	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookies is used to store the user consent for the cookies in the category "Necessary".
cookielawinfo-checkbox-others	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Other.
cookielawinfo-checkbox-performance	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Performance".
viewed_cookie_policy	11 months	The cookie is set by the GDPR Cookie Consent plugin and is used to store whether or not user has consented to the use of cookies. It does not store any personal data.

Platforms

Solutions

Industries

Company

Partners

Resources