share

MOA Benchmarking

Posted by Rudy Mitra on Jan 21, 2020 12:19:16 PM
Rudy Mitra
Find me on:

MOA Benchmarking

Case Study by Lahn Straney - Director, MOA Benchmarking

 

Our Background

MOA Benchmarking is a web-based platform for complete and continuous quality improvement. Our clients are predominantly in aged and community care, and our products help them maintain compliance with legislation and benchmark their performance against competitors and best practice clinical guidelines. By using our audit and survey tools and quality indicators, our clients can identify problem areas and initiate quality improvement plans.


The Goal

The Royal Commission into aged care has drawn attention to the need for improvements in the sector, and with that, creating a great deal of interest in MOA Benchmark’s web-based tools for quality improvement. Consequently, our business has seen rapid growth and is now attracting larger clients than ever before with increasingly sophisticated technology requirements. On top of that, there is greater concern about data security industry-wide.

While we have in-house software developers, they are not security experts. Neither my business partner or myself - my background is as an epidemiologist, and his is in business. So, when one of our prospective clients advised us that, from a business point of view, pen-testing would be necessary before they could appoint us, we quickly realised we would need to engage an external data security supplier. The more we learnt about potential vulnerabilities, the more we realised the importance of a strategy for data security.

 

The Selection

The potential client, who went on to appoint us, suggested we talk to The Missing Link about pen-testing. I must say, their team were highly responsive from the get-go and extremely knowledgeable. During the selection process, we also assessed an alternative supplier however we were impressed with how quickly The Missing Link was able to understand the nature of what we were trying to do in this industry and our potential risks, so we decided to engage their services.

 

Our Relationship

The Missing Link’s approach to managing the project has been impressive. As soon as they had a high-level understanding of our needs, we gave them login details to our web-based platform, and they took the initiative to really get to understand our system and how both our staff and our clients navigate it.

The Missing Link also developed an understanding of the nuances of our industry. They realised that because of the nature of our business and the existing processes both internally and externally, some risks they identified would be extremely low level. They also understood that as a small company, our budget is not endless.

As they worked through the pen testing, they communicated with us on a regular basis to let us know of any vulnerabilities they’d found and to advise whether immediate action was required. That was great because by the end of the testing, when everything they found was documented and described, there were no surprises and the information they presented was easy to get our heads around.

Whereas some pen testers would create a high-pressure environment by presenting a long list of risks then seeking approval to resolve all of them with immediacy, The Missing Link suggested we work with them to prioritise the order of work.

They said, ‘you’re the industry experts, so you’re best placed to decide which of the issues need to be resolved straight away’. And they told us that they’d be happy to work with us on the priority areas by either recommending a product/service provider or working directly with us to resolve the issue.

 

The Difference

We engaged The Missing Link in September, and within a couple of months, they had already given us a good confidence boost – while they found some vulnerabilities in our technology - which of course we wanted them to discover - they were small issues that we were able to resolve easily. This has given us renewed confidence in what we’re doing in terms of managing our data security, which in turn, has given us confidence in approaching other larger clients in the aged and community care sector when seeking out new business.

Going through the process with our team has also created a cultural change because data security is now front of mind – they’re all very more aware of the need to manage data and protect it with the highest level of security.

UP NEXT

Recoveriescorp

Case study by Graeme Moore - IT Operations Manager...

Energy Power Systems Australia

Case study by Jason Snuggs, IT Manager - Energy Po...