AcuityMD’s first year of compliance with Thoropass

One of the most rewarding aspects of my job has always been connecting with people. It’s what drew me into Security and Risk Compliance Consulting early on in my career in the first place. When joining Thoropass (it was called Laika at the time,) I had the opportunity to further these connections by holding a larger book of business, this time with smaller accounts. 

It was during this time I found my calling. I recognized that I not only wanted to make a connection with these customers, but I wanted to make an impact as well. So it went, and I have had the utmost privilege of creating exceptional connections since.

Introducing Robert Coe of AcuityMD

One of those exceptional customers was AcuityMD and my point of contact, CTO and co-founder Robert Coe. Robert founded AcuityMD after identifying a need in the medical technology space for marketing and sales professionals looking to target the appropriate markets and customer bases to accelerate their sales. 

After spending years in enterprise tech sales, Robert understood the value of compliance, especially in a hyper-regulated industry such as healthcare. He always knew it was a matter of when, not if, AcuityMD needed to achieve SOC 2 compliance. 

Now, with SOC 2 firmly under the company’s belt, he’s been able to harness the success of the certification and the confidence it has given prospects to accelerate their sales. 

We sat down to discuss this in a previous LinkedIn Live episode of Cristina’s Compliance Corner back in March 2022 (when we were still called Laika.) Check out the full discussion and read on for his most critical takeaways!

Identity, plan, and execute 

In the earliest stages of AcuityMD, conversations around compliance came up early and often. It was no secret that this project would require significant oversight, but the question became: How do I do this? When do I do it? And most of all… who is going to be in charge of it?

While these questions could not be solved overnight, Robert and his management team outlined a plan to get them from start to finish. As this was their first time embarking on their compliance journey, they learned many lessons—sometimes the hard way

Throughout our discussion, he mentioned a few key learnings that led to his company’s eventual success during the SOC 2 process:

• Begin the project before you think you need it
• Leave it to the professionals
• Get key stakeholder buy-in 
• Consider the company’s overall growth strategy while working toward your compliance goals

With a clear understanding of how they wanted to navigate the path forward, Robert began the process of achieving AcuityMD’s first SOC2.

Be ahead of the game: Start the process before you think you need to

Coming from an enterprise sales background, Robert knew to start the conversation about SOC2 compliance early. He had seen firsthand the slow-down in procurement cycles it caused. But, he also knew it would be essential to their overall growth and operational success. For these reasons, he wanted to attack it early. 

“This was always a when, and not an if, in my mind,” says Robert. 

Being the co-founder and CTO means that Robert wears many hats. With his mission to push SOC 2 forward, running point on the project became one of his many hats. Robert knows exposure to SOC2 doesn’t necessarily translate to knowledge and expertise., which led to the process of evaluating vendors to work with for assistance. Ultimately, Robert and his team landed on Thoropass. 

Having one vendor is key: Leave it to the professionals

Robert stresses the importance of having a vendor who understands the business. 

When embarking on AcuityMD’s SOC2 journey, he knew a lot of maturity, growth, and change would come from going through the implementation process. It was important to him and the greater good of AcuityMD that the implementation of controls was realistic and matched their overall growth goals. 

He also needed guidance and support. With an unfamiliar subject like SOC2, having someone to guide, educate, and assist in implementing and maintaining policies, procedures, and controls was vital. 

Getting stakeholder buy-in 

Compliance is a company-wide objective. I preach this from the rooftops of Manhattan when I speak with customers. It touches every person in every department, and to be truly successful and effective in implementation, it requires everyone to play along.

Naturally, this key objective must come from the top to gain appropriate traction and attention. This means getting key stakeholders and management buy-in early and often is important. It allows room for:

• Resource allocation to the project
• Greater adherence to new standards and processes
• An increase in awareness and general care for the subject

From a founder’s perspective, it also allows some flexibility in prioritizing critical tasks. With so many competing priorities, it is crucial to gain support from the rest of management to focus efforts where necessary.

Challenges, growth, and overcoming obstacles: Consider your company’s growth strategy

While Robert looks back on the process with (mostly) positive memories, he notes he would be remiss if he didn’t mention some of the challenges of undertaking the project.

1. Competing priorities: It’s no secret that you’re pulled in many directions as the founder and CTO of a company. It was challenging to carve out dedicated time to complete the project. He attributes this fact to the project taking longer to complete than expected. 
2. Maturity: While the whole goal of the project is to level up processes and put relevant controls in place, he noted it was difficult to “unlearn bad habits”, such as having zero standard operating procedures or unlimited access for everyone at the organization. Just another reason to get the appropriate mechanisms in place early!
3. Resources and hiring: Robert went back and forth, deciding when (and even if) it was the right time to hire someone to lead the compliance efforts. Once coming to terms with the fact that this was an annual requirement needing attention and care, he brought in an awesome team member to lead the charge. 

Despite these challenges, Robert says he wouldn’t hesitate to recommend customers in similar situations begin their compliance journeys as soon as possible. The challenges, difficulties, and frustrations will only become greater with time as an organization grows. 

Key takeaways

While compliance won’t solve all your problems, it has proven to create some if neglected. Robert attributes accelerated sales cycles, enterprise buyer trust, and improved competitive advantage because of their SOC 2. 

He is grateful he started the SOC 2 process early. After all, he wouldn’t have wanted to complete the project on a tight time crunch or under an enterprise buyer’s procurement microscope. Where possible, set yourself up for success— start early, stay involved, and constantly integrate best practices into day-to-day life.  

Finding the right partner

Take it directly from the mouths of our customers – finding the right partner for SOC 2 compliance automation makes all the difference when embarking on your compliance journey. With our hands-on support model, efficient certification process, and automated workflow audits, Laika makes staying within compliance as straightforward as possible. Speak to a member of our team today to learn more.