MedAcuity is a team of software engineers and professionals who are focused and dedicated to the development of MedTech software. They create next-generation solutions to meet the demands of the rapidly evolving MedTech industry.
The Challenge
In 2017, MedAcuity wanted to show that they take the safety and quality of their software seriously, so they worked with Intertek auditors to achieve ISO 13485 certification. Two years later, feedback from their clients prompted them to take their quality management systems even further. Because MedAcuity has a clear understanding of the importance of an information security management system, and they found their previous experience with Intertek easy, they decided to move forward with ISO/IEC 27001 certification.
The Solution
ISO/IEC 27001 specifies a management systems approach to the implementation of information security controls. It provides a framework for implementing an Information Security Management System (ISMS) that can safeguard information assets while making the process easier to manage, measure, and improve.
Since MedAcuity already had several management systems in place, such as document control, management review, and training, they had an idea of what to expect with the audit. Yet even with their current systems in place, they still had to make several changes: new and updated documents, new defining policies and procedures, and additional security controls put in place in the overall IT and physical infrastructure. They also built out an IT test system to test updates and patches prior to their audit.
The audit had its share of small challenges. The work required in preparation for the audit was completed by a small team of individuals, who were also dealing with their everyday responsibilities. It was also difficult to receive cooperation from many of the suppliers involved. However, management and staff have understood the importance of the additional management systems and the need to incorporate them into their everyday life. Easier to manage, measure, and improve.
MedAcuity officially received ISO/IEC 27001 certification in March 2020. This coincided with MedAcuity shutting down their offices due to the COVID-19 pandemic. Because of the preparation for the audit, MedAcuity was better prepared to move nearly their entire company to completely remote operations, and trusted they have the processes in place to keep their operations and customers safe and secure.
Intertek is an industry-leading quality assurance provider ready to help add value and mitigate risks for your organization.
"Achieving ISO/IEC 27001 certification was timely for us as we transitioned to remote work. It facilitated a smoother transition than we would have otherwise experienced."
Dennis Fuccione
General Manager, MedAcuity