How Viedoc Achieved Seamless ISO 27001 Compliance and Streamlined Security Operations with FortifyData

Challenge

Viedoc was looking for a solution to enhance the company’s cybersecurity posture, ensuring compliance with international standards, and managing the risk posture of their vendors. Given the specific regulatory and infrastructure challenges in regions like China.

Key Results

FortifyData provided Viedoc with a comprehensive and efficient solution to manage its security posture and third-party risk. The platform’s automation, real-time insights, and regulatory compliance features enabled Viedoc to enhance its security measures and streamline its processes.

Background

Viedoc, a software as a service (SaaS) provider headquartered in Sweden, specializes in developing software for clinical trials research. With a significant international presence, Viedoc operates its infrastructure across Europe, the United States, China, and Japan. This extensive global footprint necessitates compliance with multiple standards including ISO 27001, robust security measures and effective third-party risk management.

Predrag Gaic, the Chief Information Security Officer at Viedoc, was tasked with enhancing the company’s cybersecurity posture, ensuring compliance with international standards, and managing the risk posture of their vendors. Given the specific regulatory and infrastructure challenges in regions like China, Gaic sought a comprehensive solution and turned to FortifyData.

Challenges

Before implementing FortifyData, Viedoc faced significant challenges. The company lacked a unified tool to manage enterprise security and third-party risk, relying instead on
manual processes and multiple tools for SSL security scanning and PCI DSS-based security scans. These tasks were time-consuming and inefficient. “The process was more
focused on compliance checks without a real tool to do that kind of check on third-party compliance,” Gaic explained.

Moreover, managing third-party risk, particularly in China, was complex. “Our infrastructure spans Europe, the United States, China, and Japan, with different vendors providing infrastructure and cloud services,” said Gaic. The regulatory environment in China, where major cloud providers cannot operate directly and must use local infrastructure, posed additional challenges.

“The threat analytics feature in FortifyData came really handy to cover the new requirements in ISO 27001 along with the other modules the platform provides for cloud security, vulnerability scanning, third-party risk management, reporting to management and notification mechanisms. The ISO 27001 auditors were really positive and happy about it.”

Predrag Gaic, CISO, Viedoc

Solution

Viedoc implemented FortifyData’s enterprise module to address its security needs comprehensively. Gaic highlighted the value of FortifyData’s continuous monitoring capabilities: “I use the enterprise module to assess our posture, which is very important. It allows us to be proactive and fix things before someone else discovers them.”

With the rigor of recertification to the updated ISO 27001:2022 standard along with new regulations like NIS2 and DORA that must be met, FortifyData helped Viedoc to achieve and maintain compliance with the ISO standard and is in position to help meet additional regulations. “The threat analytics feature in FortifyData came really handy to cover the new requirements in ISO 27001 along with the other modules the platform provides for cloud security, vulnerability scanning, third-party risk management, reporting to management and notification mechanisms,” Gaic remarked. “The ISO 27001 auditors were really positive and happy about it,” Gaic shared. 

FortifyData’s capabilities in third-party risk management were crucial for Viedoc. “We are dependent on our suppliers to provide services, and for our customers, we are a critical third-party provider,” Gaic noted. By using FortifyData, Viedoc could ensure their vendors met security standards, particularly in regions like China. “FortifyData was one of the few tools able to scan the posture of Chinese-based providers.”

Automation provided by FortifyData significantly reduced manual efforts. “My IT colleagues are happier with this automation; they just need to log in or get automatic reports,” Gaic said. This efficiency allowed Viedoc to focus on more strategic security initiatives.

Results

The implementation of FortifyData led to significant improvements for Viedoc. The company gained better visibility into its
vulnerabilities and could address them proactively. “We now have a better understanding of what we are exposed to and what we need to fix,” Gaic stated.

FortifyData streamlined processes, reducing the manual effort required for security scans and reporting. This efficiency allowed Viedoc to integrate security work seamlessly into their operations. “We created a security backlog and involved members from
development and IT operations to discuss security issues,” Gaic explained.

FortifyData’s role in third-party risk management was particularly valuable. “By knowing the security posture of our vendors, especially in China, we can ensure acceptable risk levels,” Gaic said. The platform’s ability to assess vendors across the globe without relying on questionnaires was a significant advantage. “Many of our vendors, like Microsoft Azure, do not answer  questionnaires, but FortifyData helps us do our due diligence,” Gaic added.

By consolidating multiple security functions into one platform, Viedoc saved both time and resources. “It’s a one-stop shop where we can see everything,” Gaic explained. The tool also facilitated better communication with stakeholders and helped expedite our ISO 27001:2022 recertification process. “FortifyData’s reports and real-time data make it easier to present our security posture to management and prioritize our efforts,” Gaic noted.

Conclusion

FortifyData provided Viedoc with a comprehensive and efficient solution to manage its security posture and third-party risk. The platform’s automation, real-time insights, and regulatory compliance features enabled Viedoc to enhance its security measures and streamline its processes. As Viedoc continues to grow and face new challenges, FortifyData remains a critical component of its cybersecurity strategy.

For more information about how FortifyData can help your organization improve its security posture and manage third-party risk,
visit FortifyData.com.