Case Study by Nicole Melia - Marketing and Communications Manager, TruScreen
TruScreen is a biomedical disruptor. Our small Australian based company has developed a novel technology for cervical cancer screening that provides real-time, accurate detection of pre-cancerous and cancerous cervical cells.
TruScreen’s target market is low and middle-income countries that traditionally lack the infrastructure needed to undertake national screening programs with conventional methods, such as pap smears and HPV tests. We believe it will also be helpful in rural areas constrained by health resources.
As a dual-listed company on the Australian and New Zealand Stock Exchanges, we’ve always complied with the highest data security standards. So, in 2019 when our TruScreen team began working from home in response to COVID-19, we knew we needed to review our security infrastructure. An increasing global incidence of cyber-attacks added weight to our decision.
We took a few steps to bolster our infrastructure using our internal IT resources. Then we decided to engage an external vendor to undertake a full review of our cloud-based services and software.
Our over-arching goal was to understand and best address any weaknesses in our Office 365 software and Atlassian cloud infrastructure. We needed to be able to demonstrate our compliance with the security standards, ensuring we could protect our intellectual property, and maintain the integrity of our data.
The Selection Process
We found The Missing Link through search engines. We asked them, along with some other companies, to tender, and to be brutally honest, the budget they presented got them over the line. As a small-cap company working on biomedical device development, budget control will always be a high priority.
Given our concerns about heightened international cyber security attacks and our new remote workplace arrangements, we were grateful that The Missing Link was able to step in to review our security infrastructure promptly. They were professional and responsive from the start and very cooperative. Importantly for us, they were able to meet our timelines and provide their deliverables efficiently.
At our kick-off meeting, they were happy to answer all our questions. They explained their approach clearly and ensured that we were on the same page.
I think we were probably quite different from other clients in that we wanted to receive a draft report outlining any big picture and low-level vulnerabilities upfront so that we could get them fixed straight away. To their credit, The Missing Link was happy to adapt to meet our needs, which meant that by the time the report was finalised, we’d been able to complete all the remediation required. As a result, our final report showed we were at low risk of cyber attack.
The Missing Link’s reports - both the draft and the final - were easy to read and navigate. Their reporting on non-compliances and recommended actions were very clear and actionable. When the invoice came in, there were no surprises – it was exactly what we’d agreed on, which was perfect.
The Missing Link has made a big difference to my role, which comprises marketing and communications, as well as overseeing TruScreen’s processes and infrastructure protocols.
Their audit and review process has given me confidence in our level of security. They’ve helped us to standardise our reporting, making it easier to generate our monthly compliance reports. Most importantly, we’ve now got a system in place that alerts me to any threat of a malicious event, which means I don’t need to go hunting.
Having engaged The Missing Link and been given a good score on our security audit, our Board is also noticeably more comfortable knowing that our organisation is at very low risk of an attack.