2023 SC Awards Finalists: Best Regulatory Compliance Solution

The IEEE Standards Association has developed IEEE 2621, a series of cybersecurity standards for wireless diabetes devices, addressing a growing concern for the security of connected medical devices. The standards offer a framework for specifying security requirements and assurance levels for devices such as blood glucose monitors, insulin pumps, and continuous glucose monitors, which are increasingly connected wirelessly. IEEE 2621 is the first cybersecurity standard series developed by an official Standards Development Organization (IEEE) for medical devices with specific performance and assurance requirements. It offers a path for manufacturers to demonstrate sound cybersecurity to the FDA, patients, clinicians, and payers. The standards have been recognized by the FDA and are expected to align with the new National Cybersecurity Strategy released by the Biden-Harris administration. To date, six diabetes device products have met some or all of the IEEE 2621 criteria. As awareness of the need for diabetes device cybersecurity grows, the medical device industry will likely increasingly adopt these standards for regulatory compliance and product differentiation. IEEE has also been actively planning to extend the standards to other types of medical devices and industries.

OneTrust’s Privacy & Data Governance Cloud offers a range of products and services, with costs between $5K and $500K per year, depending on clients’ requirements. The cloud-based system creates minimal technical overhead and management costs for customers. OneTrust offers strong customer support, including dedicated account managers and implementation consultants. The MyOneTrust customer community offers resources and a product roadmap, while privacy analysts answer compliance queries. With updates released every three weeks, OneTrust enhances its product offerings, such as expanding data discovery and classification capabilities. OneTrust’s products promise to help customers reduce risk and simplify compliance efforts, ultimately delivering a competitive advantage. Clients report significant cost reductions and efficiency improvements across various aspects of privacy management using OneTrust’s platform.

Proofpoint’s Intelligent Compliance Platform has an installed base of more than 60% of Fortune 1000 companies to address regulatory and governance protection across their digital communication stack. In releasing approximately eight updates per year, Proofpoint focuses on reinvesting 20% of revenue into R&D, continuously developing its AI-powered platform to improve efficiency and risk detection. The platform was designed to scale for businesses of all sizes and promises a lower total cost of ownership by simplifying compliance processes, reducing false positives, and delivering complete visibility and audit-ready solutions. The platform helps customers differentiate themselves from competitors by offering efficient, effective, and flexible solutions to manage and mitigate corporate and regulatory risks in real time.

RegScale’s continuous compliance automation software aims to free organizations from manual, paper-based compliance processes. The API-centric platform integrates with existing security and compliance systems, dynamically managing the security control state and providing real-time Governance, Risk, and Compliance (GRC) documentation. RegScale offers a concierge-like experience to assist in digitizing and automating GRC programs. The platform has seen success with more than one dozen enterprise commercial and government customers and 300,000 downloads of its free Community Edition. RegScale helps companies reduce costs, paperwork, and regulatory fines by automating compliance processes. Updates are released weekly, and the company continuously develops new features and functionality based on customer feedback. Last year, RegScale acquired GovReady, an open-source Compliance-as-Code technology company, to bolster its position as a leading NIST OSCAL-enabled GRC platform.

The Securiti DataControls Cloud has achieved significant growth with a four-fold increase in total contract value and three-fold increase in annual recurring revenue in fiscal year 2022. Th company’s clientele includes Fortune 500 companies such as CNA, Hertz, Alaska Airlines, and Capital One. Securiti prioritizes customer support with a team of security experts available 24/7. The platform regularly gets updated to ensure compliance with data protection laws, and Securiti continues to raise funds and develop its solution, recently securing funding from Capital One Ventures and Citi Ventures. Securiti DataControls Cloud promises real-time visibility into sensitive data and automates privacy compliance, governance, and security. By offering a single data command center and letting organizations retire disjointed systems, Securiti helps enterprises reduce costs and complexity while setting themselves apart from competitors.